Skip to content

Instantly share code, notes, and snippets.

@johntbush

johntbush/gist:9313269a9482d037136439cab34c54c6

Last active March 26, 2019 18:36
Show Gist options
  • Save johntbush/9313269a9482d037136439cab34c54c6 to your computer and use it in GitHub Desktop.
Save johntbush/9313269a9482d037136439cab34c54c6 to your computer and use it in GitHub Desktop.
Download ZIP
account provisionning
Raw
gistfile1.md

Exisiting problems:

  • the way StackGroups are laid out there is a lot of copy and past repetition between envs and regions. This is cumbersome and prone to mistakes (Let's get DRY)
  • certain infrastructure changes need to go out with every deployment because they are rapidly changing things or dependencies for code changes. This often get missed right now causing churn.
  • we need to be able to have our CI servers automate all provisioning as the prod creds aren't known broadly (in prod you can't just run sceptre from your machine, it has to be intitiated from CI builds)

ckp-aws-deploy

templates (no changes)

account_provisioning/sceptre/templates

Lifecycle Changes

Now we have:

  • local-init (localstack init)
  • eks-init (eks init, tiller, rbac, kubectl config , etc)
  • app (deploy apps)
  • daemons (deploy daemons)

We would like to add the following:

  • aws-init (runs infrastructure template like s3 buckets, eks cluster, etc)
  • aws-populate (deploy lambda or other aws required artifacts)
  • aws-deploy (run deploy sceptre templates and eks-init)

So for a normal jenkins deploy this would look like:

  • aws-populate (deploy lambda or other aws required artifacts)
  • aws-deploy (run deploy sceptre templates and eks-init)
  • daemons
  • app

team repo

Categorize into 2 types of StackGroups A group for infrastructure. Things that are run once or very infrequently (create an eks cluster)

account_provisioning/config/infrastructure

A group for deploy items. These are items that should be run as part of every deployment, for things that change more often. (creating logmetrics, alarms, and sns topics have been things we've run into)

account_provisioning/config/deploy...

Now if we want to override any parameters for a particular environment we can create a vars.yaml file.

account_provisioning/config/deploy/dev/vars.yaml

Likewise if we want to override any parameters for a particular region we can create additional yaml files.

account_provisioning/config/deploy/dev/us-west-2.yaml
account_provisioning/config/deploy/dev/us-west-1.yaml

file structure

team-project
 |- account_provisioning
    |- config
      |- instrastructure
         - config.yaml
         - <service>.yaml
      |- deploy
         - config.yaml
         - <service>.yaml 
        |- <env>
          - config.yaml
          - vars.yaml
          - us-west-1.yaml
          - us-west-2.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment