Merge pull request #9 from commitdev/template-values-instead-of-env-vars

bmonkman · web-flow · commit 6d1c8d113ec2 · 2020-05-04T16:21:08.000-07:00
Template most values instead of using env vars for anything not secre…
diff --git a/.circleci/README.md b/.circleci/README.md
@@ -5,23 +5,12 @@
 ### Requirements
 
 Requires you to configure the below [CircleCI Environment Variables](https://circleci.com/docs/2.0/env-vars/):
-To get your ECR repositories and EKS clusters:
-```shell
-$ aws ecr describe-repositories --query "repositories[].repositoryUri"
-$ aws eks list-clusters --query "clusters"
-```
 
-- AWS_ACCESS_KEY_ID                     # AWS access key for the circleci user - this should be in AWS secret manager
-- AWS_SECRET_ACCESS_KEY                 # AWS secret for the circleci user - this should be in AWS secret manager
-- AWS_REGION                            # Region of your EKS cluster
-- AWS_ECR_ACCOUNT_URL                   # {awsAccountNum}.dkr.ecr.{region}.amazonaws.com
-- AWS_ECR_REPO_NAME                     # The ECR repository name to write images to
-- PRODUCTION_EKS_CLUSTER_NAME           # The name of the production EKS cluster to deploy into
-- STAGING_EKS_CLUSTER_NAME              # The name of the staging EKS cluster to deploy into
-- AWS_CLUSTER_AUTH_ROLE_ARN_STAGING     # The ARN of the role to assume that allows access to the EK cluster. Most likely ends with `kubernetes-admin-staging`
-- AWS_CLUSTER_AUTH_ROLE_ARN_PRODUCTION  # The ARN of the role to assume that allows access to the EKS cluster. Same as above but for production
-- SLACK_WEBHOOK                         # Webhook for slack notifications. Must be specified, but doesn't need to be set to a real value
-- CIRCLECI_API_KEY                      # Needed for the queueing orb. You can generate this in the project settings in CircleCI. It needs the `status` scope.
+- AWS_ACCESS_KEY_ID         # AWS access key for the circleci user - this should be in AWS secret manager
+- AWS_SECRET_ACCESS_KEY     # AWS secret for the circleci user - this should be in AWS secret manager
+- CIRCLECI_API_KEY          # Needed for the queueing orb. You can generate this in the project settings in CircleCI. It needs the `status` scope.
+
+- SLACK_WEBHOOK             # Webhook for slack notifications. Must only be specified if you uncomment `slack/notify-on-failure`
 
 
 ## Deployment Process
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -133,19 +133,25 @@ jobs:
       - store_artifacts:
           path: test-reports
 
-      # Requires the SLACK_WEBHOOK
-      - slack/notify-on-failure
+      # Requires the SLACK_WEBHOOK env var to be set
+      #- slack/notify-on-failure
 
   build_and_push:
     machine:
       docker_layer_caching: false # only for performance plan circleci accounts
+    parameters:
+      repo:
+        type: string
+        default: ''
+        description: |
+          The name of the ECR repo to push an image to.
     steps:
       - attach_workspace:
           at: *workspace
       - run: *checkout-shallow
       - version-tag/create
       - aws-ecr/build-and-push-image:
-          repo: ${AWS_ECR_REPO_NAME}
+          repo: << parameters.repo >>
           tag: $VERSION_TAG,latest
 
   deploy:
@@ -192,9 +198,10 @@ jobs:
       - run: *checkout-shallow
       - version-tag/get
       - run: *install-binaries
+      - run: # Required by aws-cli
+          command: echo 'export AWS_DEFAULT_REGION=<< parameters.region >>' >> $BASH_ENV
       - aws-cli/install
-      - aws-cli/setup:
-          aws-region: AWS_REGION
+      - aws-cli/setup
       - aws-eks/update-kubeconfig-with-authenticator:
           cluster-name: << parameters.cluster-name >>
           cluster-authentication-role-arn: << parameters.cluster-authentication-role-arn >>
@@ -207,7 +214,7 @@ jobs:
           command: |
             kubectl create namespace << parameters.namespace >> || echo "Namespace already exists"
             cd kubernetes/overlays/<< parameters.config-environment >>
-            IMAGE=${AWS_ECR_ACCOUNT_URL}/<< parameters.repo >>
+            IMAGE=<% index .Params `accountId` %>.dkr.ecr.<< parameters.region >>.amazonaws.com/<< parameters.repo >>
             kustomize edit set image fake-image=${IMAGE}:${VERSION_TAG}
             kustomize build . | kubectl apply -f - -n << parameters.namespace >>
 workflows:
@@ -222,6 +229,7 @@ workflows:
               - checkout_code
 
         - build_and_push:
+            repo: <% .Name %>
             requires:
               - unit_test
             filters:
@@ -231,11 +239,11 @@ workflows:
 
         - deploy:
             name: deploy_staging
-            repo: "${AWS_ECR_REPO_NAME}"
-            cluster-name: "${STAGING_EKS_CLUSTER_NAME}"
+            repo: "<% .Name %>"
+            cluster-name: "<% .Name %>-staging-<% index .Params `region` %>"
             config-environment: "staging"
-            cluster-authentication-role-arn: "${AWS_CLUSTER_AUTH_ROLE_ARN_STAGING}"
-            region: "${AWS_REGION}"
+            cluster-authentication-role-arn: "arn:aws:iam::<% index .Params `accountId` %>:role/<% .Name %>-kubernetes-admin-staging"
+            region: "<% index .Params `region` %>"
             namespace: "<% .Name %>"
             tag: "${VERSION_TAG}"
             requires:
@@ -253,11 +261,11 @@ workflows:
 
         - deploy:
             name: deploy_production
-            repo: "${AWS_ECR_REPO_NAME}"
-            cluster-name: "${PRODUCTION_EKS_CLUSTER_NAME}"
+            repo: "<% .Name %>"
+            cluster-name: "<% .Name %>-staging-<% index .Params `region` %>"
             config-environment: "production"
-            cluster-authentication-role-arn: "${AWS_CLUSTER_AUTH_ROLE_ARN_PRODUCTION}"
-            region: "${AWS_REGION}"
+            cluster-authentication-role-arn: "arn:aws:iam::<% index .Params `accountId` %>:role/<% .Name %>-kubernetes-admin-production"
+            region: "<% index .Params `region` %>"
             namespace: "<% .Name %>"
             tag: "${VERSION_TAG}"
             requires:
