First commit

acryldata · Oct 28, 2021 · bea1e03 · bea1e03
commit bea1e03
Show file tree

Hide file tree

Showing 16 changed files with 5,785 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -0,0 +1,65 @@
+# Cloudformation Demo
+![AcryDatahubCFN](https://user-images.githubusercontent.com/1105928/138394072-c86ddffa-5b6d-433f-95c8-3764842445d4.png)
+
+## step 1 to 5 runs on customer AWS account
+
+
+1. upload templates/scripts/license to S3
+
+     - upload needed files to S3 bucket 'cf-templates-blrxgroup-us-west-2', under folder 'development'
+```console
+cd cloudformation
+export AWS_PROFILE=***
+./s3upload.sh cf-templates-blrxgroup-us-west-2 development
+```
+
+      
+2. create stack to deploy datahub platform in AWS
+
+     - choose Oregon region -> Cloudformation -> Create stack
+
+     - Template Amazon S3 URL: https://cf-templates-blrxgroup-us-west-2.s3.us-west-2.amazonaws.com/development/templates/datahub-infra-deployment.yaml
+
+     - Stack name: datahub
+
+     - The AZ's to deploy to: choose 'us-west-2a, us-west-2b, us-west-2c'
+
+     - The key pair name to use to access the instances: choose 'developer'
+
+     - The CIDR block to allow remote access: YOURIP/32, can find your IP from https://www.whatismyip.com/
+
+     - Stack failure options: choose 'Preserve successfully provisioned resources' (useful when working on development of cloudformation)
+
+     - check:
+          - "I acknowledge that AWS CloudFormation might create IAM resources with custom names."
+          - "I acknowledge that AWS CloudFormation might require the following capability: CAPABILITY_AUTO_EXPAND"
+
+     - click "Create stack"
+
+     - you will see a stack 'datahub' (this is master stack), and it will invoke nested stacks in order
+
+
+
+3. find datahub platform info
+     - after Stack Info show Status 'CREATE_COMPLETE', you can find needed info from nested stack <<datahub-AdminStack-***>>'s Outputs
+
+
+
+4. create vpc endpoint
+     - wait till datahub-kotsadm network load balancer's status is Active
+     - create stack
+          - Stack Name: datahub-privatelink
+          - Template Amazon S3 URL: https://cf-templates-blrxgroup-us-west-2.s3.us-west-2.amazonaws.com/development/templates/nested/privatelink.yaml
+
+
+5. manually update DNS record
+     - find datahub.dev.blrxgroup.com in public hosted zone 'dev.blrxgroup.com', update it to point to new ALB (for example, dualstack.k8s-datahub-***.us-west-2.elb.amazonaws.com.)
+
+     - access https://datahub.dev.blrxgroup.com for datahub app
+
+
+## step 6 runs on Acryl AWS account
+6. manually create VPC endpoint
+     - under Acryl AWS account, us-west-2 region, find service by service name, for example com.amazonaws.vpce.us-west-2.vpce-svc-*** (get service name from step 4.), select shared vpc, choose 3    private subnets, attach default security group
+
+     - access https://{vpc_endpoint_dns} to for kotsadmin, default password: Passw0rd
diff --git a/license/license.yaml b/license/license.yaml
@@ -0,0 +1,22 @@
+apiVersion: kots.io/v1beta1
+kind: License
+metadata:
+  name: cfn-customer
+spec:
+  appSlug: datahub-poc
+  channelID: 1vuiQnAMMhXg50inWWm2bbTiqd7
+  channelName: Unstable
+  customerName: cfn-customer
+  endpoint: https://replicated.app
+  entitlements:
+    expires_at:
+      description: License Expiration
+      title: Expiration
+      value: ""
+      valueType: String
+  isGitOpsSupported: true
+  isSnapshotSupported: true
+  licenseID: 1zgkcv8TjnYgEvsnV9iT7AcdT8W
+  licenseSequence: 1
+  licenseType: dev
+  signature: eyJsaWNlbnNlRGF0YSI6ImV5SmhjR2xXWlhKemFXOXVJam9pYTI5MGN5NXBieTkyTVdKbGRHRXhJaXdpYTJsdVpDSTZJa3hwWTJWdWMyVWlMQ0p0WlhSaFpHRjBZU0k2ZXlKdVlXMWxJam9pWTJadUxXTjFjM1J2YldWeUluMHNJbk53WldNaU9uc2liR2xqWlc1elpVbEVJam9pTVhwbmEyTjJPRlJxYmxsblJYWnpibFk1YVZRM1FXTmtWRGhYSWl3aWJHbGpaVzV6WlZSNWNHVWlPaUprWlhZaUxDSmpkWE4wYjIxbGNrNWhiV1VpT2lKalptNHRZM1Z6ZEc5dFpYSWlMQ0poY0hCVGJIVm5Jam9pWkdGMFlXaDFZaTF3YjJNaUxDSmphR0Z1Ym1Wc1NVUWlPaUl4ZG5WcFVXNUJUVTFvV0djMU1HbHVWMWR0TW1KaVZHbHhaRGNpTENKamFHRnVibVZzVG1GdFpTSTZJbFZ1YzNSaFlteGxJaXdpYkdsalpXNXpaVk5sY1hWbGJtTmxJam94TENKbGJtUndiMmx1ZENJNkltaDBkSEJ6T2k4dmNtVndiR2xqWVhSbFpDNWhjSEFpTENKbGJuUnBkR3hsYldWdWRITWlPbnNpWlhod2FYSmxjMTloZENJNmV5SjBhWFJzWlNJNklrVjRjR2x5WVhScGIyNGlMQ0prWlhOamNtbHdkR2x2YmlJNklreHBZMlZ1YzJVZ1JYaHdhWEpoZEdsdmJpSXNJblpoYkhWbElqb2lJaXdpZG1Gc2RXVlVlWEJsSWpvaVUzUnlhVzVuSW4xOUxDSnBjMGRwZEU5d2MxTjFjSEJ2Y25SbFpDSTZkSEoxWlN3aWFYTlRibUZ3YzJodmRGTjFjSEJ2Y25SbFpDSTZkSEoxWlgxOSIsImlubmVyU2lnbmF0dXJlIjoiZXlKc2FXTmxibk5sVTJsbmJtRjBkWEpsSWpvaWFXcHVSRUp6VDJoQmIweFhZMjFVTkV0TWJURkJiRmN5Um1WWU0xcEViMFZRY3pnNVJYZERTRTR2VVcxb1lXNUVlbXRWY0dKYVoyUlhVblJZU2xnek1HSk1TeTh6TlhwRGRWTXhXbVJJYm01M015OVNhalZJZFVSeWQwcG1UWHAyT0VwTE5tUTJXRGRJTDBKR2QwbHBWRXBDTDJSUFptNURWMnBYUWtKaldsa3pVbkpMTjJGWGRXODRkR1pETmxvMlF6TmxSamx1YTJkYWFucHdjVWRXWlVsbFMySkxSbFJWUW5KVVpHeFFlREU0Ym5SNVlWTlZlRmRYSzNkRUwxSmtORkFyTldsV1YxVm9aMVZxWlhCcWVtZFNhV05sTTBKckx6QklhRTltZVRWemRYRnpORzlwVkUwMWFHSnBaRVJTYmpKVVJraENRVlI1ZEdGeWNISkdMMUkxWjJkbVVUUnRheXQ0Y1dSNU9XOHhjWGxrZUd0amRGRnRVbGsxV2tOa1NVdDBlV1puZDFoYVZpdFVVbGxyTDFsNlVIVXZMM0pYVVVFMFdVMXFhVlo1UkROclpXRm9jRlZWYjFkMGRIcFBablkxVHpKUlBUMGlMQ0p3ZFdKc2FXTkxaWGtpT2lJdExTMHRMVUpGUjBsT0lGQlZRa3hKUXlCTFJWa3RMUzB0TFZ4dVRVbEpRa2xxUVU1Q1oydHhhR3RwUnpsM01FSkJVVVZHUVVGUFEwRlJPRUZOU1VsQ1EyZExRMEZSUlVFNFMzcEtWQ3Q0UW1WU1VTOUVRMjF4V0Zoc2VGeHVkM1JZS3k5dE1UWjBkM1ZxV0hST016UTNWREZ5VW5VMFRucFBVMnhsYWs5U05WcHpXakZYYWxWMFowWnFkelpMVUV4Vk9XVk1SWGw2YmxWWmRrcDRjRnh1Vnk5eGN6aHBVbGMyYzNseFpuQlplREZNVTI4eGNuaHlTMjlyYkdwTlVUVlJWVmRVYlUxM1lsQlFRMVJzUzJjNVJsUTNlRTV3TDBaS2VIaDVaMkoyWWx4dVNVZ3ZjVU5sVVhweVVXWklZMDFKTW1GeFNHMVNXbEpPVVVKWlRUQnlNMHBEUWl0TlJuY3paVGRNYlZZMlNqUXJXRWgyVEc5eFQycDVTMlppYjJab1JWeHVkazlpTTBsakx5OVBUVTVvVkhsTU5UWTBhVXB2YlRkdGRYbEVlVzVHUkdWSWJrNTRVMjlCZUUweVNFVndha3BLYTFsWE0zWnRaM1JzUzBkT1drOHhiVnh1TmxVMVlVNDRXVlp0TXpodVowWm5ZamtyTVhvMVlrZDNWRzlDUlV3MmJWQmlUVVZwUW1Oc1dIbEhWVEF4ZW0weGNERlpXbWwxV2psU0wxSlRXSEF2ZVZ4dU4xRkpSRUZSUVVKY2JpMHRMUzB0UlU1RUlGQlZRa3hKUXlCTFJWa3RMUzB0TFZ4dUlpd2lhMlY1VTJsbmJtRjBkWEpsSWpvaVpYbEtlbUZYWkhWWldGSXhZMjFWYVU5cFNqSlVSMDVOVlZoS2NVMUVSa1JQV0ZZeVdUQkdkMU16U2xSU1ZrWlNUakZWTlUxdVZrcFVSRnBaVFdzNVIxcFhXbTFrVmtaRFVsUm9kV0ZzV2s1TGVrNXpXbTVDZDFac1duZGtTRkpNVlZoYVNGb3dOVFJTV0ZZeVdqSTFOVk14V2xSalNFNWhWRE5yZDFJelJraFNWa28xV2xWU2FsVnFXa0pTUkU1SlRWVm9hRlF3TlZaYVJWSXdUbFZHVkdNd1JUVlpNMXBKVjBaa1NFMHdPVmxSYTA1YVZqQldVMDR3YkRCWGJuQkRVMFJXYjFRd2FHOVdTRnBHVjBSQ2JtUkVSa0pqUldSM1dqTm9kV1JJUVRSVE1IQkVaR3BqTUZFeVNUUldSVWw0VFhwR2QxVlVVVEpVUldkM1lVTTVUbE5HU25OamExWkNVakIwTkZVd1ZUTlNWbXcwVjBkYVJVMVViREZVYWsxNVlqQjBlV0pFVGxGUlYyaFdVa1ZXYTFaSVVscFJiVko2V2pBeFVsWkZhekZUYXpVMVVUQldkRTFVUm5aWlZuQnpUakpzYTFaVk1UVlhiRUY2WVVWV2Ewc3dPV0ZqYWs1VVZYcEdVMlJ1U25wT2FrSjJXbXhrZDFZelZsbFplbHAzVWpOS1ZHRkdVbTFXUmxKWFZEQTVkMlJIYUU5Vk1IUkRZMFJzZDFGV2JGUlZSMXBUVTFob1ZFOUZkRWxUYmtFeFkwaENiVkZWT1ZsalZtTTBWMnN3TlZSWFJtRlVWMFY2WWtWSk1WVklZelZOYlRGYVZURmtRMkpHUlRsUVUwbHpTVzFrYzJJeVNtaGlSWFJzWlZWc2EwbHFiMmxaYlZKc1dsUlZNazVVV1hkWk1scHBUa1JPYWs5WFNYbFBSMHB0VDFSb2JGbFhUbWhhYlVVeVRrUlphV1pSUFQwaWZRPT0ifQ==
diff --git a/s3upload.sh b/s3upload.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ $# -ne 2 ]; then
+  echo "Usage: s3upload.sh <TemplateBucketName> <TemplateBucketKeyPrefix>"
+  exit 1
+else
+  S3_BUCKET=$1
+  S3_KEY_PREFIX=$2
+
+  # Check if access to the bucket
+  if aws s3 ls "s3://$S3_BUCKET" 2>&1 | grep -q 'An error occurred'
+  then
+    echo "No access to S3 bucket: $S3_BUCKET !"
+    exit 1
+  fi
+
+  aws s3 cp ./templates s3://$S3_BUCKET/$S3_KEY_PREFIX/templates --recursive
+  aws s3 cp ./scripts s3://$S3_BUCKET/$S3_KEY_PREFIX/scripts --recursive
+  aws s3 cp ./license s3://$S3_BUCKET/$S3_KEY_PREFIX/license --recursive
+fi