Toolset to render and manage AWS CloudFormation ( https://pypi.org/project/cloudbender )
Go to file
Stefan Reimer f204d80e7f
All checks were successful
ZeroDownTime/CloudBender/pipeline/head This commit looks good
fix: make pulumi stack sync work again, update docs
2022-06-29 10:30:25 +02:00
cloudbender fix: make pulumi stack sync work again, update docs 2022-06-29 10:30:25 +02:00
conf feat: add execute task, rework Dockerfile to allow podman run rootless 2022-06-27 20:51:03 +02:00
tests First release on PyPy, Makefile and License 2019-02-07 22:05:33 +00:00
.flake8 fix: code style / flake8 automation 2022-02-22 11:04:29 +01:00
.gitignore Initial checkin 2018-11-22 18:31:59 +00:00
CHANGES.md feat: add DISABLE_SOPS 2021-10-13 13:23:31 +02:00
cloudbender.png Update logo 2020-05-27 14:05:08 +01:00
Dockerfile feat: implement version checks for extended toolchain 2022-06-28 15:30:13 +02:00
Jenkinsfile ci: disable trivy fail for now 2022-02-08 16:19:48 +01:00
LICENSE.md First release on PyPy, Makefile and License 2019-02-07 22:05:33 +00:00
Makefile ci: migrate from setuptools to PEP517 hatchling to build 2022-06-28 13:15:45 +02:00
pyproject.toml docs: tweaks 2022-06-28 13:45:51 +02:00
README.md fix: make pulumi stack sync work again, update docs 2022-06-29 10:30:25 +02:00
requirements.txt ci: migrate from setuptools to PEP517 hatchling to build 2022-06-28 13:15:45 +02:00

Logo CloudBender

About

Toolset to deploy and maintain infrastructure in automated and trackable manner.
First class support for:

Install

Containerized

The command below tests the ability to run containers within containers on your local setup.
( This most likely only works on a recent Linux box/VM, which is capable of running rootless containers within containers. Requires kernel >= 5.12, Cgroups V2, podman, ... )

podman run --rm -v .:/workspace -v $HOME/.aws/config:/workspace/.aws/config public.ecr.aws/zero-downtime/cloudbender:latest podman run -q --rm docker.io/busybox:latest echo "Rootless container inception works!"

Local install

  1. pip3 install cloudbender
  2. curl -fsSL https://get.pulumi.com | sh (official Docs)
  3. install either podman or docker depending on your platform

To verify that all pieces are in place run:

cloudbender version

which should get you something like:

[2022-06-28 16:06:24] CloudBender: 0.13.5
[2022-06-28 16:06:24] Pulumi: v3.34.1
[2022-06-28 16:06:24] Podman/Docker: podman version 4.1.0

CLI

Usage: cloudbender [OPTIONS] COMMAND [ARGS]...

Options:
  --debug     Turn on debug logging.
  --dir TEXT  Specify cloudbender project directory.
  --help      Show this message and exit.

Commands:
  assimilate         Imports potentially existing resources into Pulumi...
  clean              Deletes all previously rendered files locally
  create-change-set  Creates a change set for an existing stack - CFN only
  create-docs        Parses all documentation fragments out of rendered...
  delete             Deletes stacks or stack groups
  execute            Executes custom Python function within an existing...
  export             Exports a Pulumi stack to repair state
  get-config         Get a config value, decrypted if secret
  outputs            Prints all stack outputs
  preview            Preview of Pulumi stack up operation
  provision          Creates or updates stacks or stack groups
  refresh            Refreshes Pulumi stack / Drift detection
  render             Renders template and its parameters - CFN only
  set-config         Sets a config value, encrypts with stack key if secret
  sync               Renders template and provisions it right away
  validate           Validates already rendered templates using cfn-lint...
  version            Displays own version and all dependencies

Architecture

State management

Pulumi

The state for all Pulumi resources are stored on S3 in your account and in the same region as the resources being deployed. No data is send to nor shared with the official Pulumi provided APIs.

CloudBender configures Pulumi with a local, temporary workspace on the fly. This incl. the injection of various common parameters like the AWS account ID and region etc.

Cloudformation

All state is handled by AWS Cloudformation.
The required account and region are determined by CloudBender automatically from the configuration.

Config management

  • Within the config folder each directory represents either a stack group if it has sub-directories, or an actual Cloudformation stack in case it is a leaf folder.
  • The actual configuration for each stack is hierachly merged. Lower level config files overwrite higher-level values. Complex data structures like dictionaries and arrays are deep merged.

Secrets

Pulumi

CloudBender supports the native Pulumi secret handling. See Pulumi Docs for details.

Cloudformation

CloudBender supports SOPS to encrypt values in any config file.

If a sops encrypted config file is detected by CloudBender, it will automatically try to decrypt the file. All required information to decrypt has to be present in the embedded sops config or set ahead of time via sops supported ENVIRONMENT variables.

SOPS support can be disabled by setting DISABLE_SOPS in order to reduce timeouts etc.