diff --git a/.gitignore b/.gitignore index f50f9ea..a453a9e 100644 --- a/.gitignore +++ b/.gitignore @@ -29,4 +29,4 @@ override.tf.json # !example_override.tf # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan -# example: *tfplan* +*tfplan* diff --git a/AWS/1-Configure-Credentials-To-Access-AWS.md b/AWS/1-Configure-Credentials-To-Access-AWS.md deleted file mode 100644 index f4d95fb..0000000 --- a/AWS/1-Configure-Credentials-To-Access-AWS.md +++ /dev/null @@ -1,13 +0,0 @@ -# Configure Credentials To Access AWS At The Programmatic Level - -The purpse of this lab is to configure IAM credentials on your local computer so that you can access AWS at a programmatic level (SDKs, CLI, Terraform, etc.) - -## IAM -1. Open up the AWS management console and go to IAM -2. Create a new user or use your exististing AWS user -3. Give the user programmatic access -4. Copy the access key and secret key - -## Install The AWS CLI - -## Configure The AWS CLI \ No newline at end of file diff --git a/README.md b/README.md index a1c31f2..dfb3264 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ -# DevOps-The-Hard-Way-AWS +# DevOps-The-Hard-Way-GCP -This tutorial contains a full, real-world solution for setting up an environment that is using DevOps technologies and practices for deploying apps and cloud services/cloud infrastructure to AWS. +This tutorial contains a full, real-world solution for setting up an environment that is using DevOps technologies and practices for deploying apps and cloud services/cloud infrastructure to GCP. -The repository contains free labs, documentation, diagrams, and docs for setting up an entire workflow and DevOps environment from a real-world perspective in AWS. +The repository contains free labs, documentation, diagrams, and docs for setting up an entire workflow and DevOps environment from a real-world perspective in GCP. ## DevOps Scenario The scenario that you're currently facing is you work in an organization that is very monolithic. There is a ton of bare metal, virtualization, manual deployments of applications, and **old school** practices based on the current teams knowledge of IT. @@ -24,44 +24,44 @@ https://github.com/AdminTurnedDevOps/Python-Sample-Application ## Technology Details You will be using the following technologies and platforms to set up a DevOps environment. -1. AWS - - AWS will be used to host the application, cloud infrastructure, and any other services we may need to ensure the Uber app is deployed properly. +1. GCP + - GCP will be used to host the application, cloud infrastructure, and any other services we may need to ensure the Uber app is deployed properly. 2. GitHub - To store the application and infrastructure/automation code 3. Python - Python will be used for the Uber app (it is written in Python) and some automation efforts that aren't in Terraform. 4. Terraform - - Create an S3 bucket to store Terraform State files - - Create an AWS ECR repository with Terraform - - Create an EKS cluster + - Create an GCS bucket to store Terraform State files + - Create an GCP ECR repository with Terraform + - Create an GKE cluster 5. Docker - Create a Docker image - - Store the Docker image in AWS ECR + - Store the Docker image in GCP Artifact Registry 6. Kubernetes - To run the Docker image that's created for the containerized Uber app. Kubernetes, in this case, EKS, will be used to orchestrate the container. 7. CI/CD - - Use GitHub Actions to create an EKS cluster + - Use GitHub Actions to create an GKE Cluster 8. Automated testing - Testing Terraform code with Checkov ## Labs -1. [Prerequisites](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/prerequisites.md) +1. [Prerequisites](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/blob/main/prerequisites.md) 2. VPC - When running EKS, it requires specific networking. Because all environments will most likely be different, there's a CloudFormation template for this exact purpose. - - [Create EKS VPC](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/tree/main/EKS-VPC-CloudFormation) -3. AWS: - - [Configure credentials to access AWS at a programmatic level](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/AWS/1-Configure-Credentials-To-Access-AWS.md) -4. Terraform - The purpose of the Terraform section is to create all of the AWS cloud services you'll need from an environment/infrastructure perspective to run the Uber application. - - [Create S3 Bucket To Store TFSTATE Files](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/Terraform-AWS-Services-Creation/1-Create-S3-Bucket-To-Store-TFSTATE-Files.md) - - [Create an Elastic Container Registry](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/Terraform-AWS-Services-Creation/2-Create-ECR.md) - - [Create An EKS Cluster IAM Role, And Policy For EKS](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/Terraform-AWS-Services-Creation/3-Create-EKS-Cluster-IAM-Role-And-Policy.md) - - [Create An EKS Cluster](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/Terraform-AWS-Services-Creation/3-Create-EKS-Cluster-IAM-Role-And-Policy.md) -5. Docker - The purpose of the Docker section is to create a Docker image from the app that the organization is running on-prem (the uber app), containerize it, and store the container inside of a container repository. For the container repo, you'll use AWS ECR. - - [Create The Docker Image](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/Docker/1-Create-Docker-Image.md) - - [Log Into AWS ECR Repository](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/Docker/Push%20Image%20To%20ECR.md) + - [Create VPC](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/tree/main/VPC) +3. GCP: + - [Configure credentials to access GCP at a programmatic level](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/blob/main/GCP/1-Configure-Credentials-To-Access-GCP.md) +4. Terraform - The purpose of the Terraform section is to create all of the GCP cloud services you'll need from an environment/infrastructure perspective to run the Uber application. + - [Create S3 Bucket To Store TFSTATE Files](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/blob/main/Terraform-GCP-Services-Creation/1-Create-S3-Bucket-To-Store-TFSTATE-Files.md) + - [Create an Elastic Container Registry](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/blob/main/Terraform-GCP-Services-Creation/2-Create-ECR.md) + - [Create An EKS Cluster IAM Role, And Policy For EKS](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/blob/main/Terraform-GCP-Services-Creation/3-Create-EKS-Cluster-IAM-Role-And-Policy.md) + - [Create An EKS Cluster](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/blob/main/Terraform-GCP-Services-Creation/3-Create-EKS-Cluster-IAM-Role-And-Policy.md) +5. Docker - The purpose of the Docker section is to create a Docker image from the app that the organization is running on-prem (the uber app), containerize it, and store the container inside of a container repository. For the container repo, you'll use GCP ECR. + - [Create The Docker Image](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/blob/main/Docker/1-Create-Docker-Image.md) + - [Log Into GCP ECR Repository](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/blob/main/Docker/Push%20Image%20To%20ECR.md) 6. Kubernetes - The purpose of the Kubernetes section is to connect to EKS locally and to write the Kubernetes manifest to deploy the Python Uber app. - - [Connect To EKS From The Terminal](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/kubernetes_manifest/1-Connect-To-EKS.md) - - [Create A Kubernetes Manifest](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/kubernetes_manifest/2-Create-Kubernetes-Manifest.md) + - [Connect To EKS From The Terminal](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/blob/main/kubernetes_manifest/1-Connect-To-EKS.md) + - [Create A Kubernetes Manifest](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/blob/main/kubernetes_manifest/2-Create-Kubernetes-Manifest.md) 7. Automated Testing - The purpose of the Automation Testing section is to ensure that all of the Terraform code is performing as it should be from a policy, security, and static code analysis perspective. - - [Install And Run Checkov](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/Terraform-Static-Code-Analysis/1-Checkov-For-Terraform.md) + - [Install And Run Checkov](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/blob/main/Terraform-Static-Code-Analysis/1-Checkov-For-Terraform.md) 8. CICD - The purpose of this section is to automatically create an EKS cluster with CICD using GitHub Actions - - [Create a GitHub Actions CICD pipeline](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/Terraform-AWS-Services-Creation/4-Run-CICD-For-EKS-Cluster.md) + - [Create a GitHub Actions CICD pipeline](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-GCP/blob/main/Terraform-GCP-Services-Creation/4-Run-CICD-For-EKS-Cluster.md) diff --git a/Terraform-AWS-Services-Creation/1-Create-S3-Bucket-To-Store-TFSTATE-Files.md b/Terraform-AWS-Services-Creation/1-Create-S3-Bucket-To-Store-TFSTATE-Files.md deleted file mode 100644 index e964f03..0000000 --- a/Terraform-AWS-Services-Creation/1-Create-S3-Bucket-To-Store-TFSTATE-Files.md +++ /dev/null @@ -1,17 +0,0 @@ -# Create an S3 bucket to store Terraform state files - -In this lab you will create an S3 bucket that will be used to store Terraform state files - -## Create The Terraform Configurations - -1. You can find the Terraform configuration for the S3 bucket [here](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/tree/main/Terraform-AWS-Services-Creation/terraform-state-s3-bucket). The Terraform configuration files are used to create an S3 bucket that will store your TFSTATE. - -The Terraform `main.tf` will do a few things: -- Create the S3 bucket in the `us-east-1` region -- Ensure that version enabling is set to `True` -- Utilize AES256 encryption - -2. Create the bucket by running the following: -- `terraform init` - To initialize the working directory and pull down the provider -- `terraform plan` - To go through a "check" and confirm the configurations are valid -- `terraform apply - To create the resource \ No newline at end of file diff --git a/Terraform-AWS-Services-Creation/2-Create-ECR.md b/Terraform-AWS-Services-Creation/2-Create-ECR.md deleted file mode 100644 index 59825ad..0000000 --- a/Terraform-AWS-Services-Creation/2-Create-ECR.md +++ /dev/null @@ -1,17 +0,0 @@ -# Create an Elastic Container Registry Repository - -In this lab you will create a repository to store the Docker image that you created for the Uber app. - -## Create the ECR Terraform Configuration - -1. You can find the Terraform configuration for ECR [here](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/tree/main/Terraform-AWS-Services-Creation/ECR). The Terraform configuration files are used to create a repository in Elastic Container Repository (ECR). - -The Terraform `main.tf` will do a few things: -- Use a Terraform backend to store the `.tfstate` in an S3 bucket -- Use the `us-east-1` region, but feel free to change that if you'd like -- Use the `aws_ecr_repository` Terraform resource to create a new respository. - -2. Create the bucket by running the following: -- `terraform init` - To initialize the working directory and pull down the provider -- `terraform plan` - To go through a "check" and confirm the configurations are valid -- `terraform apply - To create the resource \ No newline at end of file diff --git a/Terraform-AWS-Services-Creation/3-Create-EKS-Cluster-IAM-Role-And-Policy.md b/Terraform-AWS-Services-Creation/3-Create-EKS-Cluster-IAM-Role-And-Policy.md deleted file mode 100644 index c9496b2..0000000 --- a/Terraform-AWS-Services-Creation/3-Create-EKS-Cluster-IAM-Role-And-Policy.md +++ /dev/null @@ -1,19 +0,0 @@ -# Create An EKS Cluster and IAM Role/Policy - -In this lab you will create: -- The appropriate IAM role and policy for EKS. -- The EKS cluster - -## Create the EKS Terraform Configuration - -1. You can find the Terraform configuration for EKS [here](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/tree/main/Terraform-AWS-Services-Creation/EKS-With-Worker-Nodes). The Terraform configuration files are used to create an EKS cluster and IAM Role/Policy for EKS. - -The Terraform `main.tf` will do a few things: -- Use a Terraform backend to store the `.tfstate` in an S3 bucket -- Use the `us-east-1` region, but feel free to change that if you'd like -- Use the `aws_iam_role` and `aws_iam_policy` Terraform resource to create a new IAM configuration. - -2. Create the bucket by running the following: -- `terraform init` - To initialize the working directory and pull down the provider -- `terraform plan` - To go through a "check" and confirm the configurations are valid -- `terraform apply - To create the resource diff --git a/Terraform-AWS-Services-Creation/4-Run-CICD-For-EKS-Cluster.md b/Terraform-AWS-Services-Creation/4-Run-CICD-For-EKS-Cluster.md deleted file mode 100644 index fe72471..0000000 --- a/Terraform-AWS-Services-Creation/4-Run-CICD-For-EKS-Cluster.md +++ /dev/null @@ -1,37 +0,0 @@ -# Create EKS Cluster With CICD - -In this lab, you'll learn how to create an EKS cluster using GitHub Actions. The code can be found [here](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/tree/main/Terraform-AWS-Services-Creation/EKS-With-Worker-Nodes) - - -## Secrets -Prior to running the pipeline, you'll need to set up authentication from GitHub to AWS. To do that, you'll set up secrets. - -You'll need an AWS Access Key ID and an AWS Secret Access Key as those are the two secrets you'll be adding into the GitHub repository. These two secrets will allow you to connect to AWS from GitHub Actions. - -1. In the code repository, go to Settings --> Secrets -2. Add in two secrets: -`AWS_ACCESS_KEY_ID` -`AWS_SECRET_ACCESS_KEY` - -The values should come from an AWS Access Key and Secret Key. The access key/secret key must be part of a user that has policies attached for the resources being created in AWS. - -3. Save the secrets. - -## Pipeline -Now that the secrets are created, it's time to create the pipeline. - -1. Under the GitHub repository, click on the **Actions** tab -2. Under **Get started with Actions**, click the *set up a workflow yourself* button -3. Inside of the workflow, copy in the contents that you can find [here](https://github.com/AdminTurnedDevOps/DevOps-The-Hard-Way-AWS/blob/main/.github/workflows/main.yml) - -The pipeline does a few things: -- On line 4, you'll see `workflow_dispatch`, which means the pipeline won't automatically run unless you kick it off. You can of course change this to have the pipeline automatically run if you, for example, push code to the `dev` or `main` branch. -- The code is checked-out -- Authentication occurs to AWS -- Terraform is set up -- Terraform init occurs -- Terraform format occurs -- Terraform plan occurs -- Terraform apply occurs - -4. Run the pipeline and watch as the pipeline automatically creates the EKS cluster diff --git a/Terraform-AWS-Services-Creation/ECR/main.tf b/Terraform-AWS-Services-Creation/ECR/main.tf deleted file mode 100644 index 274e37f..0000000 --- a/Terraform-AWS-Services-Creation/ECR/main.tf +++ /dev/null @@ -1,25 +0,0 @@ -terraform { - backend "s3" { - bucket = "terraform-state-devopsthehardway" - key = "ecr-terraform.tfstate" - region = "us-east-1" - } - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} - -provider "aws" { - region = "us-east-1" -} - -resource "aws_ecr_repository" "devopsthehardway-ecr-repo" { - name = var.repo_name - image_tag_mutability = "MUTABLE" - - image_scanning_configuration { - scan_on_push = true - } -} \ No newline at end of file diff --git a/Terraform-AWS-Services-Creation/ECR/terraform.tfvars b/Terraform-AWS-Services-Creation/ECR/terraform.tfvars deleted file mode 100644 index ce54947..0000000 --- a/Terraform-AWS-Services-Creation/ECR/terraform.tfvars +++ /dev/null @@ -1 +0,0 @@ -repo_name = "devopsthehardway-ecr" \ No newline at end of file diff --git a/Terraform-AWS-Services-Creation/ECR/variables.tf b/Terraform-AWS-Services-Creation/ECR/variables.tf deleted file mode 100644 index ae61bb5..0000000 --- a/Terraform-AWS-Services-Creation/ECR/variables.tf +++ /dev/null @@ -1,5 +0,0 @@ -variable repo_name { - type = string - default = "devopsthehardway" - description = "ECR repo to store a Docker image" -} diff --git a/Terraform-AWS-Services-Creation/EKS-Fargate/main.tf b/Terraform-AWS-Services-Creation/EKS-Fargate/main.tf deleted file mode 100644 index d693d6a..0000000 --- a/Terraform-AWS-Services-Creation/EKS-Fargate/main.tf +++ /dev/null @@ -1,93 +0,0 @@ -terraform { - backend "s3" { - bucket = "terraform-state-devopsthehardway" - key = "eks-terraform.tfstate" - region = "us-east-1" - } - required_providers { - aws = { - source = "hashicorp/aws" - } - } -} - - -# IAM Role for EKS to have access to the appropriate resources -resource "aws_iam_role" "eks-iam-role" { - name = "devopsthehardway-eks-iam-role" - - path = "/" - - assume_role_policy = <