Skip to content

Commit bea1e03

Browse files
author
Dexter Lee
committed
First commit
0 parents  commit bea1e03

16 files changed

+5785
-0
lines changed

README.md

+65
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
# Cloudformation Demo
2+
![AcryDatahubCFN](https://user-images.githubusercontent.com/1105928/138394072-c86ddffa-5b6d-433f-95c8-3764842445d4.png)
3+
4+
## step 1 to 5 runs on customer AWS account
5+
6+
7+
1. upload templates/scripts/license to S3
8+
9+
- upload needed files to S3 bucket 'cf-templates-blrxgroup-us-west-2', under folder 'development'
10+
```console
11+
cd cloudformation
12+
export AWS_PROFILE=***
13+
./s3upload.sh cf-templates-blrxgroup-us-west-2 development
14+
```
15+
16+
17+
2. create stack to deploy datahub platform in AWS
18+
19+
- choose Oregon region -> Cloudformation -> Create stack
20+
21+
- Template Amazon S3 URL: https://cf-templates-blrxgroup-us-west-2.s3.us-west-2.amazonaws.com/development/templates/datahub-infra-deployment.yaml
22+
23+
- Stack name: datahub
24+
25+
- The AZ's to deploy to: choose 'us-west-2a, us-west-2b, us-west-2c'
26+
27+
- The key pair name to use to access the instances: choose 'developer'
28+
29+
- The CIDR block to allow remote access: YOURIP/32, can find your IP from https://www.whatismyip.com/
30+
31+
- Stack failure options: choose 'Preserve successfully provisioned resources' (useful when working on development of cloudformation)
32+
33+
- check:
34+
- "I acknowledge that AWS CloudFormation might create IAM resources with custom names."
35+
- "I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND"
36+
37+
- click "Create stack"
38+
39+
- you will see a stack 'datahub' (this is master stack), and it will invoke nested stacks in order
40+
41+
42+
43+
3. find datahub platform info
44+
- after Stack Info show Status 'CREATE_COMPLETE', you can find needed info from nested stack <<datahub-AdminStack-***>>'s Outputs
45+
46+
47+
48+
4. create vpc endpoint
49+
- wait till datahub-kotsadm network load balancer's status is Active
50+
- create stack
51+
- Stack Name: datahub-privatelink
52+
- Template Amazon S3 URL: https://cf-templates-blrxgroup-us-west-2.s3.us-west-2.amazonaws.com/development/templates/nested/privatelink.yaml
53+
54+
55+
5. manually update DNS record
56+
- find datahub.dev.blrxgroup.com in public hosted zone 'dev.blrxgroup.com', update it to point to new ALB (for example, dualstack.k8s-datahub-***.us-west-2.elb.amazonaws.com.)
57+
58+
- access https://datahub.dev.blrxgroup.com for datahub app
59+
60+
61+
## step 6 runs on Acryl AWS account
62+
6. manually create VPC endpoint
63+
- under Acryl AWS account, us-west-2 region, find service by service name, for example com.amazonaws.vpce.us-west-2.vpce-svc-*** (get service name from step 4.), select shared vpc, choose 3 private subnets, attach default security group
64+
65+
- access https://{vpc_endpoint_dns} to for kotsadmin, default password: Passw0rd

license/license.yaml

+22
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
apiVersion: kots.io/v1beta1
2+
kind: License
3+
metadata:
4+
name: cfn-customer
5+
spec:
6+
appSlug: datahub-poc
7+
channelID: 1vuiQnAMMhXg50inWWm2bbTiqd7
8+
channelName: Unstable
9+
customerName: cfn-customer
10+
endpoint: https://replicated.app
11+
entitlements:
12+
expires_at:
13+
description: License Expiration
14+
title: Expiration
15+
value: ""
16+
valueType: String
17+
isGitOpsSupported: true
18+
isSnapshotSupported: true
19+
licenseID: 1zgkcv8TjnYgEvsnV9iT7AcdT8W
20+
licenseSequence: 1
21+
licenseType: dev
22+
signature: eyJsaWNlbnNlRGF0YSI6ImV5SmhjR2xXWlhKemFXOXVJam9pYTI5MGN5NXBieTkyTVdKbGRHRXhJaXdpYTJsdVpDSTZJa3hwWTJWdWMyVWlMQ0p0WlhSaFpHRjBZU0k2ZXlKdVlXMWxJam9pWTJadUxXTjFjM1J2YldWeUluMHNJbk53WldNaU9uc2liR2xqWlc1elpVbEVJam9pTVhwbmEyTjJPRlJxYmxsblJYWnpibFk1YVZRM1FXTmtWRGhYSWl3aWJHbGpaVzV6WlZSNWNHVWlPaUprWlhZaUxDSmpkWE4wYjIxbGNrNWhiV1VpT2lKalptNHRZM1Z6ZEc5dFpYSWlMQ0poY0hCVGJIVm5Jam9pWkdGMFlXaDFZaTF3YjJNaUxDSmphR0Z1Ym1Wc1NVUWlPaUl4ZG5WcFVXNUJUVTFvV0djMU1HbHVWMWR0TW1KaVZHbHhaRGNpTENKamFHRnVibVZzVG1GdFpTSTZJbFZ1YzNSaFlteGxJaXdpYkdsalpXNXpaVk5sY1hWbGJtTmxJam94TENKbGJtUndiMmx1ZENJNkltaDBkSEJ6T2k4dmNtVndiR2xqWVhSbFpDNWhjSEFpTENKbGJuUnBkR3hsYldWdWRITWlPbnNpWlhod2FYSmxjMTloZENJNmV5SjBhWFJzWlNJNklrVjRjR2x5WVhScGIyNGlMQ0prWlhOamNtbHdkR2x2YmlJNklreHBZMlZ1YzJVZ1JYaHdhWEpoZEdsdmJpSXNJblpoYkhWbElqb2lJaXdpZG1Gc2RXVlVlWEJsSWpvaVUzUnlhVzVuSW4xOUxDSnBjMGRwZEU5d2MxTjFjSEJ2Y25SbFpDSTZkSEoxWlN3aWFYTlRibUZ3YzJodmRGTjFjSEJ2Y25SbFpDSTZkSEoxWlgxOSIsImlubmVyU2lnbmF0dXJlIjoiZXlKc2FXTmxibk5sVTJsbmJtRjBkWEpsSWpvaWFXcHVSRUp6VDJoQmIweFhZMjFVTkV0TWJURkJiRmN5Um1WWU0xcEViMFZRY3pnNVJYZERTRTR2VVcxb1lXNUVlbXRWY0dKYVoyUlhVblJZU2xnek1HSk1TeTh6TlhwRGRWTXhXbVJJYm01M015OVNhalZJZFVSeWQwcG1UWHAyT0VwTE5tUTJXRGRJTDBKR2QwbHBWRXBDTDJSUFptNURWMnBYUWtKaldsa3pVbkpMTjJGWGRXODRkR1pETmxvMlF6TmxSamx1YTJkYWFucHdjVWRXWlVsbFMySkxSbFJWUW5KVVpHeFFlREU0Ym5SNVlWTlZlRmRYSzNkRUwxSmtORkFyTldsV1YxVm9aMVZxWlhCcWVtZFNhV05sTTBKckx6QklhRTltZVRWemRYRnpORzlwVkUwMWFHSnBaRVJTYmpKVVJraENRVlI1ZEdGeWNISkdMMUkxWjJkbVVUUnRheXQ0Y1dSNU9XOHhjWGxrZUd0amRGRnRVbGsxV2tOa1NVdDBlV1puZDFoYVZpdFVVbGxyTDFsNlVIVXZMM0pYVVVFMFdVMXFhVlo1UkROclpXRm9jRlZWYjFkMGRIcFBablkxVHpKUlBUMGlMQ0p3ZFdKc2FXTkxaWGtpT2lJdExTMHRMVUpGUjBsT0lGQlZRa3hKUXlCTFJWa3RMUzB0TFZ4dVRVbEpRa2xxUVU1Q1oydHhhR3RwUnpsM01FSkJVVVZHUVVGUFEwRlJPRUZOU1VsQ1EyZExRMEZSUlVFNFMzcEtWQ3Q0UW1WU1VTOUVRMjF4V0Zoc2VGeHVkM1JZS3k5dE1UWjBkM1ZxV0hST016UTNWREZ5VW5VMFRucFBVMnhsYWs5U05WcHpXakZYYWxWMFowWnFkelpMVUV4Vk9XVk1SWGw2YmxWWmRrcDRjRnh1Vnk5eGN6aHBVbGMyYzNseFpuQlplREZNVTI4eGNuaHlTMjlyYkdwTlVUVlJWVmRVYlUxM1lsQlFRMVJzUzJjNVJsUTNlRTV3TDBaS2VIaDVaMkoyWWx4dVNVZ3ZjVU5sVVhweVVXWklZMDFKTW1GeFNHMVNXbEpPVVVKWlRUQnlNMHBEUWl0TlJuY3paVGRNYlZZMlNqUXJXRWgyVEc5eFQycDVTMlppYjJab1JWeHVkazlpTTBsakx5OVBUVTVvVkhsTU5UWTBhVXB2YlRkdGRYbEVlVzVHUkdWSWJrNTRVMjlCZUUweVNFVndha3BLYTFsWE0zWnRaM1JzUzBkT1drOHhiVnh1TmxVMVlVNDRXVlp0TXpodVowWm5ZamtyTVhvMVlrZDNWRzlDUlV3MmJWQmlUVVZwUW1Oc1dIbEhWVEF4ZW0weGNERlpXbWwxV2psU0wxSlRXSEF2ZVZ4dU4xRkpSRUZSUVVKY2JpMHRMUzB0UlU1RUlGQlZRa3hKUXlCTFJWa3RMUzB0TFZ4dUlpd2lhMlY1VTJsbmJtRjBkWEpsSWpvaVpYbEtlbUZYWkhWWldGSXhZMjFWYVU5cFNqSlVSMDVOVlZoS2NVMUVSa1JQV0ZZeVdUQkdkMU16U2xSU1ZrWlNUakZWTlUxdVZrcFVSRnBaVFdzNVIxcFhXbTFrVmtaRFVsUm9kV0ZzV2s1TGVrNXpXbTVDZDFac1duZGtTRkpNVlZoYVNGb3dOVFJTV0ZZeVdqSTFOVk14V2xSalNFNWhWRE5yZDFJelJraFNWa28xV2xWU2FsVnFXa0pTUkU1SlRWVm9hRlF3TlZaYVJWSXdUbFZHVkdNd1JUVlpNMXBKVjBaa1NFMHdPVmxSYTA1YVZqQldVMDR3YkRCWGJuQkRVMFJXYjFRd2FHOVdTRnBHVjBSQ2JtUkVSa0pqUldSM1dqTm9kV1JJUVRSVE1IQkVaR3BqTUZFeVNUUldSVWw0VFhwR2QxVlVVVEpVUldkM1lVTTVUbE5HU25OamExWkNVakIwTkZVd1ZUTlNWbXcwVjBkYVJVMVViREZVYWsxNVlqQjBlV0pFVGxGUlYyaFdVa1ZXYTFaSVVscFJiVko2V2pBeFVsWkZhekZUYXpVMVVUQldkRTFVUm5aWlZuQnpUakpzYTFaVk1UVlhiRUY2WVVWV2Ewc3dPV0ZqYWs1VVZYcEdVMlJ1U25wT2FrSjJXbXhrZDFZelZsbFplbHAzVWpOS1ZHRkdVbTFXUmxKWFZEQTVkMlJIYUU5Vk1IUkRZMFJzZDFGV2JGUlZSMXBUVTFob1ZFOUZkRWxUYmtFeFkwaENiVkZWT1ZsalZtTTBWMnN3TlZSWFJtRlVWMFY2WWtWSk1WVklZelZOYlRGYVZURmtRMkpHUlRsUVUwbHpTVzFrYzJJeVNtaGlSWFJzWlZWc2EwbHFiMmxaYlZKc1dsUlZNazVVV1hkWk1scHBUa1JPYWs5WFNYbFBSMHB0VDFSb2JGbFhUbWhhYlVVeVRrUlphV1pSUFQwaWZRPT0ifQ==

s3upload.sh

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
#!/bin/bash
2+
3+
if [ $# -ne 2 ]; then
4+
echo "Usage: s3upload.sh <TemplateBucketName> <TemplateBucketKeyPrefix>"
5+
exit 1
6+
else
7+
S3_BUCKET=$1
8+
S3_KEY_PREFIX=$2
9+
10+
# Check if access to the bucket
11+
if aws s3 ls "s3://$S3_BUCKET" 2>&1 | grep -q 'An error occurred'
12+
then
13+
echo "No access to S3 bucket: $S3_BUCKET !"
14+
exit 1
15+
fi
16+
17+
aws s3 cp ./templates s3://$S3_BUCKET/$S3_KEY_PREFIX/templates --recursive
18+
aws s3 cp ./scripts s3://$S3_BUCKET/$S3_KEY_PREFIX/scripts --recursive
19+
aws s3 cp ./license s3://$S3_BUCKET/$S3_KEY_PREFIX/license --recursive
20+
fi

0 commit comments

Comments
 (0)