Terraform repo containing Live Environments for the Presentation and DEMO at HASHICONF EUROPE 2022
SLIDES: {TO BE INSERTED}
PRESENTATION: {TO BE INSERTED}
This repo contains the Live environments: dev, stage and prod of the module https://github.com/KevinDeNotariis/terraform-vault-dr with a GitOps approach for Jenkins integration:
- Push on a branch not master: Run tests;
- On Pull Request against master: Run Tests and make a Terraform Plan;
- On Merge to master make a Terraform Apply
-
2 Vault clusters PER environment (
dev,stage,prod) deployed in AWS with 2Route53records for your hosted zone:HIGH LEVEL ARCHITECTURE:
Vault Clusters High level architecture
Two Vault clusters under autoscaling groups and behind Network Load Balancers with 2 Route53 records, one for the primary cluster and one for the secondary cluster (in DR Replication). Then a higher level endpoint, pointing to both the other two endpoints with a weighted policy; max weight for the primary cluster and minimum weight for the secondary cluster.
-
Docker Container Tagged
centos:my-centosin you Jenkins instance (Jenkinsfileline 4). This container can be built from thejenkins-containerfolder (simplecentosrendition withpython3.8&gitinstalled plus other basic tools). -
Jenkins plugins:
-
CloudBees AWS Credentials https://plugins.jenkins.io/aws-credentials/
- And AWS credentials in jenkins with id
my-aws-credentials
- And AWS credentials in jenkins with id
-
Pipeline: AWS Steps https://plugins.jenkins.io/pipeline-aws/#documentation
-
Docker Pipeline https://plugins.jenkins.io/docker-workflow/
-
-
In each
terraform/{env}/locals.tfchange thehosted_zoneand various endpoint variables with your ones.
In terraform folder there can be found 3 environments: dev, stage and prod. Inside these, we can find the terraform files to deploy the module https://github.com/KevinDeNotariis/terraform-vault-dr.
The dev environment will take the repo from the master branch, while the stage and prod will take the module from a specific version.
The Jenkinsfile will process the environments in parallel and will, upon a commit on a branch not master, make some tests using checkov.
Then, on a pull-request, it will also make a terraform plan in each environment, which can be checked to see whether everything is ok.
Finally, on a merge against master, it will make a terraform apply to deploy eveything.
The first stage will always be to furnish the vault token for each environment and the installation of the dependencies.