diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..52ceb3a8b --- /dev/null +++ b/.gitignore @@ -0,0 +1,22 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Ignore any .tfvars files that are generated automatically for each Terraform run. Most +# .tfvars files are managed as part of configuration and so should be included in +# version control. +# +# example.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json diff --git a/docs/cidr-ranges.md b/docs/cidr-ranges.md index bf45c0b60..17833ef5b 100644 --- a/docs/cidr-ranges.md +++ b/docs/cidr-ranges.md @@ -9,13 +9,14 @@ http://www.subnet-calculator.com/cidr.php # Global -| Name | CIDR | -|------|------------| +| Name | CIDR | +|-----------------------------------|---------------| | docker0 | 172.26.0.0/16 | +| Kubernetes - dev-example | 10.9.0.0/16 | | Kubernetes - dev | 10.10.0.0/16 | | Kubernetes - qa | 10.11.0.0/16 | | Kubernetes - staging | 10.12.0.0/16 | -| Kubernetes - production | 10.13.0.0/16 | +| Kubernetes - prod | 10.13.0.0/16 | | Kubernetes - xxx | 10.14.0.0/16 | | Kubernetes - xxx | 10.15.0.0/16 | | Kubernetes - xxx | 10.16.0.0/16 | @@ -27,13 +28,13 @@ application. The following defines these ranges in a generic sense that can be applied to any of the above CIDRs. ## Kops -| Name | CIDR | Address Range | -|------|------------|------------| +| Name | CIDR | Address Range | +|------------------|--------------|---------------| | xxx | 10.xx.0.0/16 | xxxxx - xxxxx | ## Services Subnets -| Name | CIDR | Address Range | -|------|------------|------------| +| Name | CIDR | Address Range | +|---------------------------------------|------------------|-----------------------------| | RDS - subnet 1 | 10.xx.100.0/28 | 10.xx.100.0 - 10.xx.100.15 | | RDS - subnet 2 | 10.xx.100.16/28 | 10.xx.100.16 - 10.xx.100.31 | | Redshift subnet 1 | 10.xx.100.32/28 | 10.xx.100.32 - 10.xx.100.47 | diff --git a/ops/vpc.sh b/ops/vpc.sh new file mode 100755 index 000000000..004b2ecce --- /dev/null +++ b/ops/vpc.sh @@ -0,0 +1,171 @@ +#!/bin/bash -e + +# create_vpc - A script to create a VPC + +########################################## +##### Constants +########################################## + +TIME_NOW=$(date +"%x %r %Z") + +TERRAFORM_VERSION="v0.11." +TERRAGRUNT_VERSION="v0.18." + +########################################## +##### Functions +########################################## + +usage() +{ + echo "usage: create_vpc [[[-n vpc_name ] ] | [-h]]" +} + +check_terraform_version() +{ + command=$(terraform --version) + + if [[ "${command}" == *"${TERRAFORM_VERSION}"* ]]; then + echo "[INFO] Terraform version: ${command}" + else + echo "[ERROR] Terraform version expected: ${TERRAFORM_VERSION}" + echo "Got: ${command}" + exit 1 + fi +} + +check_terragrunt_version() +{ + command=$(terragrunt --version) + + if [[ "${command}" == *"${TERRAGRUNT_VERSION}"* ]]; then + echo "[INFO] Terragrunt version: ${command}" + else + echo "[ERROR] Terragrunt version expected: ${TERRAGRUNT_VERSION}" + echo "Got: ${command}" + exit 1 + fi +} + +create() +{ + # Checks + if [ ! -f ../tf-environments/$vpc_name/_env_defaults/main.tf ]; then + echo "File does not exist: ../tf-environments/$vpc_name/_env_defaults/main.tf" + exit 1 + fi + + if [ ! -f ../tf-environments/$vpc_name/${cloud}/vpc/main.tf ]; then + echo "File does not exist: ../tf-environments/$vpc_name/${cloud}/vpc/main.tf" + exit 1 + fi + + echo "[INFO] Adding new VPC named: $vpc_name" + + cd ../tf-environments/$vpc_name/${cloud}/vpc + + terragrunt init + terragrunt plan + + if [ "${dry_run}" == "false" ]; then + echo "[INFO] Applying..." + terragrunt apply -input=false -auto-approve + fi + + echo "[INFO] Finished" + +} + +read() +{ + echo "[INFO] Reading vpc named: ${vpc_name}" +} + +update() +{ + echo "[INFO] Updating vpc named: ${vpc_name}" +} + +delete() +{ + echo "[INFO] Deleting vpc named: ${vpc_name}" + + cd ../tf-environments/$vpc_name/${cloud}/vpc + + if [ "${dry_run}" == "false" ]; then + echo "[INFO] Not a dry run" + + terragrunt destroy -input=false -auto-approve + + else + echo "[INFO] Dry run" + terragrunt destroy + fi +} + + + + +########################################## +##### Main +########################################## + +cloud="aws" + +vpc_name="none" +dry_run="true" + +create="false" +read="false" +update="false" +delete="false" + +while [ "$1" != "" ]; do + case $1 in + -n | --name ) shift + vpc_name=$1 + ;; + -d | --dry-run ) shift + dry_run=$1 + ;; + -c | --create ) shift + create=true + ;; + -r | --read ) shift + read=true + ;; + -u | --update ) shift + update=true + ;; + -x | --delete ) shift + delete=true + ;; + -h | --help ) usage + exit + ;; + * ) usage + exit 1 + esac + shift +done + +echo "[INFO] dry_run = ${dry_run}" +echo "[INFO] vpc_name = $vpc_name" + +check_terraform_version +check_terragrunt_version + +if [ "${create}" == "true" ]; then + create $vpc_name +fi + +if [ "${read}" == "true" ]; then + read $vpc_name +fi + +if [ "${update}" == "true" ]; then + update $vpc_name +fi + +if [ "${delete}" == "true" ]; then + delete $vpc_name +fi diff --git a/tf-environments/dev-example/_env_defaults/main.tf b/tf-environments/dev-example/_env_defaults/main.tf index a6525a3fb..dc6e73e2a 100644 --- a/tf-environments/dev-example/_env_defaults/main.tf +++ b/tf-environments/dev-example/_env_defaults/main.tf @@ -7,7 +7,7 @@ output aws_region { } output vpc_cidr { - value = "10.10.0.0/16" + value = "10.9.0.0/16" } output vpc_id { diff --git a/tf-environments/dev/_env_defaults/main.tf b/tf-environments/dev/_env_defaults/main.tf new file mode 100644 index 000000000..983975463 --- /dev/null +++ b/tf-environments/dev/_env_defaults/main.tf @@ -0,0 +1,27 @@ +output environment_name { + value = "dev" +} + +output aws_region { + value = "us-east-1" +} + +output vpc_cidr { + value = "10.10.0.0/16" +} + +output vpc_id { + value = "vpc-fill-me-in-after-your-vpc-has-been-created" +} + +output aws_availability_zone_1 { + value = "a" +} + +output aws_availability_zone_2 { + value = "b" +} + +output aws_availability_zone_3 { + value = "c" +} diff --git a/tf-environments/dev/aws/vpc/main.tf b/tf-environments/dev/aws/vpc/main.tf new file mode 100644 index 000000000..007a8cde7 --- /dev/null +++ b/tf-environments/dev/aws/vpc/main.tf @@ -0,0 +1,50 @@ +terraform { + backend "s3" {} +} + +# Common modules +module "env_defaults" { + source = "../../_env_defaults" +} + +# Inputs +variable "public_cidrs" { + description = "CIDR block for public subnets (should be the same amount as AZs)" + type = "list" + default = ["10.10.6.0/24", "10.10.7.0/24", "10.10.8.0/24"] +} + +variable "private_cidrs" { + description = "CIDR block for private subnets (should be the same amount as AZs)" + type = "list" + default = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"] +} + +# Main +module "main" { + source = "../../../../tf-modules/aws/vpc/" + + region = "${module.env_defaults.aws_region}" + vpc_cidr = "${module.env_defaults.vpc_cidr}" + + availability_zones = ["${module.env_defaults.aws_region}${module.env_defaults.aws_availability_zone_1}", "${module.env_defaults.aws_region}${module.env_defaults.aws_availability_zone_2}", "${module.env_defaults.aws_region}${module.env_defaults.aws_availability_zone_3}"] + + public_cidrs = "${var.public_cidrs}" + + private_cidrs = "${var.private_cidrs}" + + tags = { + Name = "${module.env_defaults.environment_name}", + Environment = "${module.env_defaults.environment_name}", + Account = "${module.env_defaults.environment_name}", + Group = "devops", + Region = "${module.env_defaults.aws_region}" + managed_by = "Terraform" + } +} + + +# Outputs +output "aws_vpc_id" { + value = "${module.main.aws_vpc_id}" +} diff --git a/tf-environments/dev/aws/vpc/terraform.tfvars b/tf-environments/dev/aws/vpc/terraform.tfvars new file mode 100644 index 000000000..0b352dc6b --- /dev/null +++ b/tf-environments/dev/aws/vpc/terraform.tfvars @@ -0,0 +1,5 @@ +terragrunt = { + include { + path = "${find_in_parent_folders()}" + } +} diff --git a/tf-environments/dev/terraform.tfvars b/tf-environments/dev/terraform.tfvars new file mode 100644 index 000000000..23c81c8c6 --- /dev/null +++ b/tf-environments/dev/terraform.tfvars @@ -0,0 +1,12 @@ +terragrunt = { + remote_state { + backend = "s3" + config { + bucket = "kubernetes-ops-123-terraform-state" + key = "dev/${path_relative_to_include()}/terraform.tfstate" + region = "us-east-1" + encrypt = true + # dynamodb_table = "terraform-locks" + } + } +} diff --git a/tf-environments/prod/_env_defaults/main.tf b/tf-environments/prod/_env_defaults/main.tf new file mode 100644 index 000000000..468472400 --- /dev/null +++ b/tf-environments/prod/_env_defaults/main.tf @@ -0,0 +1,27 @@ +output environment_name { + value = "prod" +} + +output aws_region { + value = "us-east-1" +} + +output vpc_cidr { + value = "10.13.0.0/16" +} + +output vpc_id { + value = "vpc-fill-me-in-after-your-vpc-has-been-created" +} + +output aws_availability_zone_1 { + value = "a" +} + +output aws_availability_zone_2 { + value = "b" +} + +output aws_availability_zone_3 { + value = "c" +} diff --git a/tf-environments/prod/aws/vpc/main.tf b/tf-environments/prod/aws/vpc/main.tf new file mode 100644 index 000000000..d1a59cf1a --- /dev/null +++ b/tf-environments/prod/aws/vpc/main.tf @@ -0,0 +1,50 @@ +terraform { + backend "s3" {} +} + +# Common modules +module "env_defaults" { + source = "../../_env_defaults" +} + +# Inputs +variable "public_cidrs" { + description = "CIDR block for public subnets (should be the same amount as AZs)" + type = "list" + default = ["10.13.6.0/24", "10.13.7.0/24", "10.13.8.0/24"] +} + +variable "private_cidrs" { + description = "CIDR block for private subnets (should be the same amount as AZs)" + type = "list" + default = ["10.13.1.0/24", "10.13.2.0/24", "10.13.3.0/24"] +} + +# Main +module "main" { + source = "../../../../tf-modules/aws/vpc/" + + region = "${module.env_defaults.aws_region}" + vpc_cidr = "${module.env_defaults.vpc_cidr}" + + availability_zones = ["${module.env_defaults.aws_region}${module.env_defaults.aws_availability_zone_1}", "${module.env_defaults.aws_region}${module.env_defaults.aws_availability_zone_2}", "${module.env_defaults.aws_region}${module.env_defaults.aws_availability_zone_3}"] + + public_cidrs = "${var.public_cidrs}" + + private_cidrs = "${var.private_cidrs}" + + tags = { + Name = "${module.env_defaults.environment_name}", + Environment = "${module.env_defaults.environment_name}", + Account = "${module.env_defaults.environment_name}", + Group = "devops", + Region = "${module.env_defaults.aws_region}" + managed_by = "Terraform" + } +} + + +# Outputs +output "aws_vpc_id" { + value = "${module.main.aws_vpc_id}" +} diff --git a/tf-environments/prod/aws/vpc/terraform.tfvars b/tf-environments/prod/aws/vpc/terraform.tfvars new file mode 100644 index 000000000..0b352dc6b --- /dev/null +++ b/tf-environments/prod/aws/vpc/terraform.tfvars @@ -0,0 +1,5 @@ +terragrunt = { + include { + path = "${find_in_parent_folders()}" + } +} diff --git a/tf-environments/prod/terraform.tfvars b/tf-environments/prod/terraform.tfvars new file mode 100644 index 000000000..4467854c4 --- /dev/null +++ b/tf-environments/prod/terraform.tfvars @@ -0,0 +1,12 @@ +terragrunt = { + remote_state { + backend = "s3" + config { + bucket = "kubernetes-ops-123-terraform-state" + key = "prod/${path_relative_to_include()}/terraform.tfstate" + region = "us-east-1" + encrypt = true + # dynamodb_table = "terraform-locks" + } + } +} diff --git a/tf-environments/qa/_env_defaults/main.tf b/tf-environments/qa/_env_defaults/main.tf new file mode 100644 index 000000000..28da21b2d --- /dev/null +++ b/tf-environments/qa/_env_defaults/main.tf @@ -0,0 +1,27 @@ +output environment_name { + value = "qa" +} + +output aws_region { + value = "us-east-1" +} + +output vpc_cidr { + value = "10.11.0.0/16" +} + +output vpc_id { + value = "vpc-fill-me-in-after-your-vpc-has-been-created" +} + +output aws_availability_zone_1 { + value = "a" +} + +output aws_availability_zone_2 { + value = "b" +} + +output aws_availability_zone_3 { + value = "c" +} diff --git a/tf-environments/qa/aws/vpc/main.tf b/tf-environments/qa/aws/vpc/main.tf new file mode 100644 index 000000000..203952ef0 --- /dev/null +++ b/tf-environments/qa/aws/vpc/main.tf @@ -0,0 +1,50 @@ +terraform { + backend "s3" {} +} + +# Common modules +module "env_defaults" { + source = "../../_env_defaults" +} + +# Inputs +variable "public_cidrs" { + description = "CIDR block for public subnets (should be the same amount as AZs)" + type = "list" + default = ["10.11.6.0/24", "10.11.7.0/24", "10.11.8.0/24"] +} + +variable "private_cidrs" { + description = "CIDR block for private subnets (should be the same amount as AZs)" + type = "list" + default = ["10.11.1.0/24", "10.11.2.0/24", "10.11.3.0/24"] +} + +# Main +module "main" { + source = "../../../../tf-modules/aws/vpc/" + + region = "${module.env_defaults.aws_region}" + vpc_cidr = "${module.env_defaults.vpc_cidr}" + + availability_zones = ["${module.env_defaults.aws_region}${module.env_defaults.aws_availability_zone_1}", "${module.env_defaults.aws_region}${module.env_defaults.aws_availability_zone_2}", "${module.env_defaults.aws_region}${module.env_defaults.aws_availability_zone_3}"] + + public_cidrs = "${var.public_cidrs}" + + private_cidrs = "${var.private_cidrs}" + + tags = { + Name = "${module.env_defaults.environment_name}", + Environment = "${module.env_defaults.environment_name}", + Account = "${module.env_defaults.environment_name}", + Group = "devops", + Region = "${module.env_defaults.aws_region}" + managed_by = "Terraform" + } +} + + +# Outputs +output "aws_vpc_id" { + value = "${module.main.aws_vpc_id}" +} diff --git a/tf-environments/qa/aws/vpc/terraform.tfvars b/tf-environments/qa/aws/vpc/terraform.tfvars new file mode 100644 index 000000000..0b352dc6b --- /dev/null +++ b/tf-environments/qa/aws/vpc/terraform.tfvars @@ -0,0 +1,5 @@ +terragrunt = { + include { + path = "${find_in_parent_folders()}" + } +} diff --git a/tf-environments/qa/terraform.tfvars b/tf-environments/qa/terraform.tfvars new file mode 100644 index 000000000..320e8800a --- /dev/null +++ b/tf-environments/qa/terraform.tfvars @@ -0,0 +1,12 @@ +terragrunt = { + remote_state { + backend = "s3" + config { + bucket = "kubernetes-ops-123-terraform-state" + key = "qa/${path_relative_to_include()}/terraform.tfstate" + region = "us-east-1" + encrypt = true + # dynamodb_table = "terraform-locks" + } + } +} diff --git a/tf-environments/staging/_env_defaults/main.tf b/tf-environments/staging/_env_defaults/main.tf new file mode 100644 index 000000000..d2c7d0804 --- /dev/null +++ b/tf-environments/staging/_env_defaults/main.tf @@ -0,0 +1,27 @@ +output environment_name { + value = "staging" +} + +output aws_region { + value = "us-east-1" +} + +output vpc_cidr { + value = "10.12.0.0/16" +} + +output vpc_id { + value = "vpc-fill-me-in-after-your-vpc-has-been-created" +} + +output aws_availability_zone_1 { + value = "a" +} + +output aws_availability_zone_2 { + value = "b" +} + +output aws_availability_zone_3 { + value = "c" +} diff --git a/tf-environments/staging/aws/vpc/main.tf b/tf-environments/staging/aws/vpc/main.tf new file mode 100644 index 000000000..3fe4ba3af --- /dev/null +++ b/tf-environments/staging/aws/vpc/main.tf @@ -0,0 +1,50 @@ +terraform { + backend "s3" {} +} + +# Common modules +module "env_defaults" { + source = "../../_env_defaults" +} + +# Inputs +variable "public_cidrs" { + description = "CIDR block for public subnets (should be the same amount as AZs)" + type = "list" + default = ["10.12.6.0/24", "10.12.7.0/24", "10.12.8.0/24"] +} + +variable "private_cidrs" { + description = "CIDR block for private subnets (should be the same amount as AZs)" + type = "list" + default = ["10.12.1.0/24", "10.12.2.0/24", "10.12.3.0/24"] +} + +# Main +module "main" { + source = "../../../../tf-modules/aws/vpc/" + + region = "${module.env_defaults.aws_region}" + vpc_cidr = "${module.env_defaults.vpc_cidr}" + + availability_zones = ["${module.env_defaults.aws_region}${module.env_defaults.aws_availability_zone_1}", "${module.env_defaults.aws_region}${module.env_defaults.aws_availability_zone_2}", "${module.env_defaults.aws_region}${module.env_defaults.aws_availability_zone_3}"] + + public_cidrs = "${var.public_cidrs}" + + private_cidrs = "${var.private_cidrs}" + + tags = { + Name = "${module.env_defaults.environment_name}", + Environment = "${module.env_defaults.environment_name}", + Account = "${module.env_defaults.environment_name}", + Group = "devops", + Region = "${module.env_defaults.aws_region}" + managed_by = "Terraform" + } +} + + +# Outputs +output "aws_vpc_id" { + value = "${module.main.aws_vpc_id}" +} diff --git a/tf-environments/staging/aws/vpc/terraform.tfvars b/tf-environments/staging/aws/vpc/terraform.tfvars new file mode 100644 index 000000000..0b352dc6b --- /dev/null +++ b/tf-environments/staging/aws/vpc/terraform.tfvars @@ -0,0 +1,5 @@ +terragrunt = { + include { + path = "${find_in_parent_folders()}" + } +} diff --git a/tf-environments/staging/terraform.tfvars b/tf-environments/staging/terraform.tfvars new file mode 100644 index 000000000..2f338e654 --- /dev/null +++ b/tf-environments/staging/terraform.tfvars @@ -0,0 +1,12 @@ +terragrunt = { + remote_state { + backend = "s3" + config { + bucket = "kubernetes-ops-123-terraform-state" + key = "staging/${path_relative_to_include()}/terraform.tfstate" + region = "us-east-1" + encrypt = true + # dynamodb_table = "terraform-locks" + } + } +}