chore: update docs

This commit is contained in:
Stefan Reimer 2021-11-15 13:20:58 +01:00
parent e64621547e
commit 7b4438ec5c

View File

@ -2,7 +2,10 @@
# About # About
Toolset to render and manage [AWS CloudFormation](https://aws.amazon.com/cloudformation). Toolset to deploy and maintain infrastructure in automated and trackable manner.
First class support for:
- [AWS CloudFormation](https://aws.amazon.com/cloudformation)
- [Pulumi](https://www.pulumi.com/docs/)
# Install # Install
@ -23,24 +26,37 @@ Options:
Commands: Commands:
clean Deletes all previously rendered files locally clean Deletes all previously rendered files locally
create-change-set Creates a change set for an existing stack create-change-set Creates a change set for an existing stack - CFN only
create-docs Parses all documentation fragments out of rendered... create-docs Parses all documentation fragments out of rendered...
delete Deletes stacks or stack groups delete Deletes stacks or stack groups
get-config Get a config value, decrypted if secret
outputs Prints all stack outputs outputs Prints all stack outputs
preview Preview of Pulumi stack up operation
provision Creates or updates stacks or stack groups provision Creates or updates stacks or stack groups
render Renders template and its parameters refresh Refreshes Pulumi stack / Drift detection
render Renders template and its parameters - CFN only
set-config Sets a config value, encrypts with stack key if secret
sync Renders template and provisions it right away sync Renders template and provisions it right away
validate Validates already rendered templates using cfn-lint validate Validates already rendered templates using cfn-lint...
``` ```
## Config management ## Config management
- Within the config folder each directory represents either a stack group if it has sub-directories, or an actual Cloudformation stack in case it is a leaf folder. - Within the config folder each directory represents either a stack group if it has sub-directories, or an actual Cloudformation stack in case it is a leaf folder.
- The actual configuration for each stack is hierachly merged. Lower level config files overwrite higher-level values. Complex data structures like dictionaries and arrays are deep merged. - The actual configuration for each stack is hierachly merged. Lower level config files overwrite higher-level values. Complex data structures like dictionaries and arrays are deep merged.
# Secrets ## Quickstart
TBD
CloudBender supports Mozilla's [SOPS](https://github.com/mozilla/sops) to encrypt values in any config yaml file since version 0.8.1 ## Secrets handling
### Pulumi
CloudBender supports the native Pulumi secret handling.
See [Pulumi Docs](https://www.pulumi.com/docs/intro/concepts/secrets/) for details.
### Cloudformation
CloudBender supports [SOPS](https://github.com/mozilla/sops) to encrypt values in any config yaml file since version 0.8.1
If a sops encrypted config file is detected CloudBender will automatically try to decrypt the file during execution. If a sops encrypted config file is detected CloudBender will automatically try to decrypt the file during execution.
All required information to decrypt has to be present in the embedded sops config or set ahead of time via sops supported ENVIRONMENT variables. All required information to decrypt has to be present in the embedded sops config or set ahead of time via sops supported ENVIRONMENT variables.
SOPS support can be disabled by setting `DISABLE_SOPS` in order to reduce timeouts etc.