From 37dc46b85524e5586fed05bdb421e0a5474af385 Mon Sep 17 00:00:00 2001 From: exequielrafaela Date: Wed, 5 May 2021 10:47:41 -0300 Subject: [PATCH] BBL-192 | removing le-helm-infra repo since we're favouring the definition of k8s resources at le-tf-aws-infra repo. --- .../user-guide/base-configuration/overview.md | 2 -- .../base-configuration/repo-le-helm-infra.md | 32 ------------------- .../base-workflow/repo-le-helm-infra.md | 8 ----- docs/user-guide/index.md | 2 -- docs/welcome.md | 1 - docs/work-with-us/careers.md | 2 +- docs/work-with-us/contribute.md | 4 --- .../roadmap/operational-excellence.md | 6 ++-- docs/work-with-us/roadmap/security.md | 2 +- mkdocs.yml | 2 -- 10 files changed, 5 insertions(+), 56 deletions(-) delete mode 100644 docs/user-guide/base-configuration/repo-le-helm-infra.md delete mode 100644 docs/user-guide/base-workflow/repo-le-helm-infra.md diff --git a/docs/user-guide/base-configuration/overview.md b/docs/user-guide/base-configuration/overview.md index fe2aa14cf..27a5bf402 100644 --- a/docs/user-guide/base-configuration/overview.md +++ b/docs/user-guide/base-configuration/overview.md @@ -14,6 +14,4 @@ Specific configuration per component could be found in the immediately following * [x] :gear: [**config** | le-tf-infra-aws](../../user-guide/base-configuration/repo-le-tf-infra-aws.md) * [x] :gear: [**config** | le-ansible-infra](../../user-guide/base-configuration/repo-le-ansible-infra.md) -* [x] :gear: [**config** | le-helm-infra](../../user-guide/base-configuration/repo-le-helm-infra.md) - diff --git a/docs/user-guide/base-configuration/repo-le-helm-infra.md b/docs/user-guide/base-configuration/repo-le-helm-infra.md deleted file mode 100644 index 22b94e24e..000000000 --- a/docs/user-guide/base-configuration/repo-le-helm-infra.md +++ /dev/null @@ -1,32 +0,0 @@ -# Configuration: le-helm-infra - -## Overview -This repository holds infrastructure that we deploy to our clusters via Helm + Helmsman. - -## Files and Directories - -Environment directories contain the Helmsman's desired state file that define what charts are deployed to each environment - -```bash -. -├── @bin => Binaries, scripts and helpers used across the repository -... -├── devstg -│   ├── aws-eks => Components of the 'devstg' EKS cluster -│   └── aws-kops => Components of the 'devstg' Kops cluster -├── @doc -│   └── figures -├── LICENSE.md -├── localdev => Components of the 'local' Kind cluster -│   ├── helmsman.yaml => The desired state file used by Helmsman to install/remove cluster components -│   ├── fluentd-daemonset => Custom values for the fluentd-daemonset chart (equivalent for other components) -... -│   ├── Makefile => A helper to run typical commands -... -└── README.md -``` - -## Requirements -* Docker >= v18.09 -* Helm and Helmsman are provided via docker image - diff --git a/docs/user-guide/base-workflow/repo-le-helm-infra.md b/docs/user-guide/base-workflow/repo-le-helm-infra.md deleted file mode 100644 index c66fdb416..000000000 --- a/docs/user-guide/base-workflow/repo-le-helm-infra.md +++ /dev/null @@ -1,8 +0,0 @@ -# Typical Workflow - -!!! example "![leverage-helm](../../assets/images/logos/helm.png "Leverage"){: style="width:20px"} Add or remove apps to an environment" - - Go to the directory of the environment you need to work with (shared, devstg, prd, ...) - - Edit `helmsman.yaml` to add/remove any charts you need - - Run helmsman in plan mode to preview your changes: `make plan` - - Review the plan to make sure helmsman will apply the changes you expect - - Run helmsman in apply mode: `make apply` \ No newline at end of file diff --git a/docs/user-guide/index.md b/docs/user-guide/index.md index bdaad6f3a..a3e984722 100644 --- a/docs/user-guide/index.md +++ b/docs/user-guide/index.md @@ -8,9 +8,7 @@ Please start by reviewing the [pre-requisites](./base-configuration/overview.md) ## Configurations - [x] [le-tf-infra-aws](base-configuration/repo-le-tf-infra-aws.md) - [x] [le-ansible-infra](base-configuration/repo-le-ansible-infra.md) -- [x] [le-helm-infra](base-configuration/repo-le-helm-infra.md) ## Workflow - [x] [le-tf-infra-aws](base-workflow/repo-le-tf-infra-aws.md) - [x] [le-ansible-infra](base-workflow/repo-le-ansible-infra.md) -- [x] [le-helm-infra](base-workflow/repo-le-helm-infra.md) diff --git a/docs/welcome.md b/docs/welcome.md index e031654b0..270702382 100644 --- a/docs/welcome.md +++ b/docs/welcome.md @@ -45,7 +45,6 @@ An its compose of the following 3 main repos: - [x] [le-tf-infra-aws](https://github.com/binbashar/le-tf-infra-aws) - [x] [le-ansible-infra](https://github.com/binbashar/le-ansible-infra) -- [x] [le-helm-infra](https://github.com/binbashar/le-helm-infra) ## Getting Started :books: See [**How it works**](./how-it-works/index.md) for a whirlwind tour that will get you started. diff --git a/docs/work-with-us/careers.md b/docs/work-with-us/careers.md index 2b8550437..ede5d2448 100644 --- a/docs/work-with-us/careers.md +++ b/docs/work-with-us/careers.md @@ -44,7 +44,7 @@ Create a collection of reusable, tested, production-ready E2E AWS oriented infrastructure modules (e.g., VPC, IAM, Kubernetes, Prometheus, Grafana, EFK, Consul, Vault, Jenkins, etc.) using several tool and - languages: *Terraform, Ansible, Helm + Helmsman, Dockerfiles, Python, Bash and Makefiles*. + languages: *Terraform, Ansible, Helm, Dockerfiles, Python, Bash and Makefiles*. - [x] [**Reference Architecture**](../how-it-works/code-library/code-library.md) diff --git a/docs/work-with-us/contribute.md b/docs/work-with-us/contribute.md index abcf48dfc..62dee2583 100644 --- a/docs/work-with-us/contribute.md +++ b/docs/work-with-us/contribute.md @@ -18,10 +18,6 @@ cd .. git clone git@github.com:binbashar/le-ansible-infra.git cd le-ansible-infra cd .. - -git clone git@github.com:binbashar/le-helm-infra -cd le-helm-infra -cd .. ``` ### Initial developer environment build diff --git a/docs/work-with-us/roadmap/operational-excellence.md b/docs/work-with-us/roadmap/operational-excellence.md index 96afb7003..3e9a2dea1 100644 --- a/docs/work-with-us/roadmap/operational-excellence.md +++ b/docs/work-with-us/roadmap/operational-excellence.md @@ -5,8 +5,8 @@ | --------------------------------------- | --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | --- | | Cloud
Solutions
Architecture | leverage
cloud-solutions-architecture
documentation |
DevSecOps & AWS Cloud Solutions Architecture Doc
| ✅ | ✅ | | Cloud
Solutions
Architecture | leverage
cloud-solutions-architecture
documentation |
Demo Applications architecture / Services Specifications Doc
| 2021 Q1 | ❌ | -| Base
Infrastructure | leverage
base-infrastructure
github
|
Open Source Ref Architecture (le-tf-aws / le-ansible / le-helm-infra / le-tf-vault / le-tf-github)
| 2021 Q2 | ❌ | -| Base
Infrastructure | leverage
base-infrastructure
cli
|
Leverage cli (https://github.com/binbashar/leverage) for every Reference Architecture Repo (le-tf-aws / le-ansible / le-helm-infra / le-tf-vault / le-tf-github)
| 2021 Q2 | ❌ | +| Base
Infrastructure | leverage
base-infrastructure
github
|
Open Source Ref Architecture (le-tf-aws / le-ansible / le-tf-vault / le-tf-github)
| 2021 Q2 | ❌ | +| Base
Infrastructure | leverage
base-infrastructure
cli
|
Leverage cli (https://github.com/binbashar/leverage) for every Reference Architecture Repo (le-tf-aws / le-ansible / le-tf-vault / le-tf-github)
| 2021 Q2 | ❌ | | Base
Infrastructure | leverage
base-infrastructure
organizations
|
Account Settings: Account Aliases and Password Policies, MFA, and enable IAM Access Analyzer across accounts.
| ✅ | ❌ | | Base
Infrastructure | leverage
base-infrastructure
storage
|
Storage: Account Enable encrypted EBS by default on all accounts; disable S3 public ACLs and policies
| ✅ | ❌ | | Base
Infrastructure | leverage
base-infrastructure
region |
Define AWS Region / Multi-Region: keep in mind customers proximity, number of subnets, and other region limitations (https://infrastructure.aws)
| ✅ | ❌ | @@ -16,7 +16,7 @@ | Base
Infrastructure | leverage
base-infrastructure
vpc |
Networking 1: DNS, VPC, Subnets, Route Tables, NACLs, NATGW, VPC Peering or TGW
| ✅ | ❌ | | Base
Infrastructure | leverage
base-infrastructure
vpn |
Networking 2: VPN (install Pritunl, create organization, servers and users)
| ✅ | ❌ | | Kubernetes | leverage
kubernetes
eks |
Production Grade Cluster: deploy EKS cluster as code
| ✅ | ❌ | -| Kubernetes | leverage
kubernetes
helm |
K8s Helm + Helmsman Binbash Leverage repository backing all the K8s components deployment and configuration
| ✅ | ❌ | +| Kubernetes | leverage
kubernetes
k8s |
K8s Helm + Terraform Binbash Leverage repository backing all the K8s components deployment and configuration
| ✅ | ❌ | | Kubernetes | leverage
kubernetes
metrics |
Monitoring: metrics-server (metrcis for K8s HPA + Cluster AutoScaler + Prom node Exporter) + kube-state-metrics (for Grafana Dasboards)
| 2021 Q2 | ❌ | | Kubernetes | leverage
kubernetes
iam
security |
Security: Iam-authenticator, K8s RBAC (user, group and roles)
| ✅ | ❌ | | Kubernetes | leverage
kubernetes
iam

|
Implement AWS service accounts (IRSA for EKS) to provide IAM credentials to containers running inside a kubernetes cluster based on annotations.
| ✅ | ❌ | diff --git a/docs/work-with-us/roadmap/security.md b/docs/work-with-us/roadmap/security.md index 59e0fcd54..b45a12763 100644 --- a/docs/work-with-us/roadmap/security.md +++ b/docs/work-with-us/roadmap/security.md @@ -20,7 +20,7 @@ | Security &
Audit (SecOps) | leverage
security-audit
ci-cd-pipeline |
Security and Vulnerability static code analysis (code dependencies): implement tools to continuously analyze and report vulnerabilities, automated reports (OWASP, bandit, snyk, HawkEye scanner, yarn audit, etc)
| 2021 Q2 | ❌ | | Security &
Audit (SecOps) | leverage
security-audit
docker |
Containers: implement tools to continuously analyze and report on vulnerabilities (docker-bench-security, snyk, aquasecurity microscanner, docker-bench, aws ecr scan)
| ✅ | ❌ | | Security &
Audit (SecOps) | leverage
security-audit |
Review and Fix all snyk high sev findings
| 2021 Q2 | ❌ | -| Security &
Audit (SecOps) | leverage
security-audit |
Security and cost analysis in the CI PR automated process (le-tf-aws / le-ansible / le-helm-infra / le-tf-vault / le-tf-github)
| 2021 Q1 | ❌ | +| Security &
Audit (SecOps) | leverage
security-audit |
Security and cost analysis in the CI PR automated process (le-tf-aws / le-ansible / le-tf-vault / le-tf-github)
| 2021 Q1 | ❌ | | Security &
Audit (SecOps) | leverage
security-audit |
Comply with [AWS Security Maturity Roadmap 2021](https://summitroute.com/blog/2021/01/12/2021\_aws\_security\_maturity\_roadmap\_2021/)
| 2021 Q2 | ❌ | | Compliance
(SecOps) | leverage
security-audit
compliance |
Certified compliant by the Center for Internet Security (CIS)
end-to-end CIS-compliant Reference Architecture (get compliance out of the box)
| 2021 Q2 | ❌ | | Security &
Audit (SecOps) | leverage
security-audit
dashboard |
Centralized DevSecOps Tools and Audit Report Dashboard
| 2021 Q3 | ❌ | \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index 96badf621..7593151a8 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -172,14 +172,12 @@ nav: - Repos: - Terraform Infra: "user-guide/base-configuration/repo-le-tf-infra-aws.md" - Ansible Infra: "user-guide/base-configuration/repo-le-ansible-infra.md" - - Helm Infra: "user-guide/base-configuration/repo-le-helm-infra.md" - Workflow: - Repos: - Makefiles Lib: "user-guide/base-workflow/repo-le-dev-makefiles.md" - Terraform Infra: "user-guide/base-workflow/repo-le-tf-infra-aws.md" - Terraform Infra State: "user-guide/base-workflow/repo-le-tf-infra-aws-tf-state.md" - Ansible Infra: "user-guide/base-workflow/repo-le-ansible-infra.md" - - Helm Infra: "user-guide/base-workflow/repo-le-helm-infra.md" - AWS Organization: - Organization: "user-guide/organization/organization.md" - Identities: