[nc] org rename

Signed-off-by: Nic Cheneweth <[email protected]>

Author: ncheneweth

.circleci/config.yml

@@ -8,8 +8,8 @@ orbs:
   do: twdps/[email protected]
 
 globals:
-  - &context empc-lab
-  - &executor-image twdps/circleci-infra-aws:alpine-7.9.0
+  - &context platform
+  - &executor-image twdps/circleci-infra-aws:alpine-7.9.1
 
 on-push-main: &on-push-main
   branches:
@@ -58,7 +58,7 @@ commands:
       - run:
           name: run default gateway integration tests
           command: bats test/default_gateway_support_status.bats
-  
+
   gateway-functional-tests:
     parameters:
       cluster:
@@ -83,7 +83,7 @@ jobs:
       - set-environment:
           account: << parameters.cluster >>
       - kube/op-config:
-          op-value: empc-lab/psk-aws-<< parameters.cluster >>/kubeconfig-base64
+          op-value: platform/<< parameters.cluster >>/kubeconfig-base64
       - run:
           name: install external-dns
           command: bash scripts/install_external_dns.sh << parameters.cluster >>
@@ -108,7 +108,7 @@ jobs:
       - set-environment:
           account: << parameters.cluster >>
       - kube/op-config:
-          op-value: empc-lab/psk-aws-<< parameters.cluster >>/kubeconfig-base64
+          op-value: platform/psk-aws-<< parameters.cluster >>/kubeconfig-base64
       - run:
           name: deploy team namespaces
           command: bash scripts/deploy_namespaces.sh << parameters.cluster >> $DOCKERREGISTRYACCESS

.gitignore

@@ -4,5 +4,6 @@ credentials
 source.env
 kubeconfig*
 .ruby-version
+.python-version
 bash-functions*
 ns/*.yaml

.grenrc

@@ -1,7 +1,7 @@
 ---
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v4.6.0
     hooks:
       - id: check-executables-have-shebangs
       - id: check-symlinks

.pre-commit-config.yaml

@@ -1,13 +1,13 @@
 <div align="center">
 	<p>
-	<img alt="Thoughtworks Logo" src="https://raw.githubusercontent.com/ThoughtWorks-DPS/static/master/thoughtworks_flamingo_wave.png?sanitize=true" width=200 /><br />
-	<img alt="DPS Title" src="https://raw.githubusercontent.com/ThoughtWorks-DPS/static/master/EMPCPlatformStarterKitsImage.png?sanitize=true" width=350/><br />
+	<img alt="Thoughtworks Logo" src="https://raw.githubusercontent.com/twplatformlabs/static/master/thoughtworks_flamingo_wave.png?sanitize=true" width=200 /><br />
+	<img alt="DPS Title" src="https://raw.githubusercontent.com/twplatformlabs/static/master/EMPCPlatformStarterKitsImage.png?sanitize=true" width=350/><br />
 	<h2>psk-platform-simple-teams-and-ns</h2>
-	<a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/github/license/ThoughtWorks-DPS/psk-aws-control-plane-services"></a>
+	<a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/github/license/twplatformlabs/psk-aws-control-plane-services"></a>
 	</p>
 </div>
 
-In the greenfield development of an engineering platform there will typical be a window of time, preferably short, between when the early adopting customers need usable access to the platform but before the custom platform APIs are sufficiently mature to manage even the mvp capabilities.  
+In the greenfield development of an engineering platform there will typical be a window of time, definitely short, between when the early adopting customers need usable access to the platform but before the custom platform APIs are sufficiently mature to manage even the mvp capabilities.  
 
 A simple way to address this problem (and even provide a good development resources to the team building the platform APIs), is to use a basic pipeline to applpy the needed, basic configuration. For this approach to be manageable, limit the scope to:
 
@@ -19,7 +19,47 @@ The namespace definitions can include annotations for things like inclusion with
 
 * The mvp of the plataform should include one or more product-defined, managed top-level domains that support ingress.
 
-The example strategy uses two domains, twdps.io and twdps.digital. Scalable configuration for the various subdomains or path-patterns to support these product domains should be api managed just like custom ns. A good short-term stragy is to initial aupport default ingress patterns much the same was as default environments are provided.  
+The example strategy uses two domains, twplatformlabs.org  and twplatformlabs.link. The .link top level domain is for demonstrating migration strategies. Scalable configuration for the various subdomains or path-patterns to support these product domains should be api managed just like custom ns. A good short-term stragy is to initial aupport default ingress patterns much the same was as default environments are provided.  
+
+Default environment gateways:  
+
+| gateway                               | urls                              |  cluster                |
+|---------------------------------------|-----------------------------------|-------------------------|
+| preview.twplatformlabs.org-gateway    | (*.)preview.twplatformlabs.org    | sbx-i01-aws-us-east-1   |
+| preview.twplatformlabs.link-gateway   | (*.)preview.twplatformlabs.link   | sbx-i01-aws-us-east-1   |
+| dev.twplatformlabs.org-gateway        | (*.)dev.twplatformlabs.org        | prod-i01-aws-us-east-1  |
+| dev.twplatformlabs.link-gateway       | (*.)dev.twplatformlabs.link       | prod-i01-aws-us-east-1  |
+| qa.twplatformlabs.org-gateway         | (*.)qa.twplatformlabs.org         | prod-i01-aws-us-east-1  |
+| qa.twplatformlabs.link-gateway        | (*.)qa.twplatformlabs.link        | prod-i01-aws-us-east-1  |
+| prod.twplatformlabs.org-gateway       | (*.)prod.twplatformlabs.org       | prod-i01-aws-us-east-1  |
+| prod.twplatformlabs.link-gateway      | (*.)prod.twplatformlabs.link      | prod-i01-aws-us-east-1  |
+
+
+A typical external->internal routing patterns where an external api-gateway has been integrated for domains would be:
+
+api.twdps.io  >  "external api gateway"  >  api.prod.twdps.io
+dev.api.twdps.io > "external api gateway" > api.stage.twdps.io  # or whatever environment constitutes a publically useable test env
+
+A small list of example early-adopter customers have their configuration managed by this temporary, simple ns management pipeline.  
+
+| alpha teams        | sbx-i01-aws-us-east-1  | prod-i01-aws-us-east-2  |
+|--------------------|:----------------------:|:-----------------------:|
+| platform           | preview                | dev, qa, prod           |
+| demo               | preview                | dev, qa, prod           |
+| demo-publications  |                        | dev, qa, prod           |
+| demo-reviews       |                        | dev, qa, prod           |
+
+For each, there will be a demo-preview, demo-dev and so on depending on the team and the cluster. Only demo and platform have a preview ns in the sbx cluster for demonstrating the role of the preview cluster.  
+
+## Note
+
+This pipeline is expected to be short-lived and only used to support a small number of teams onboarded. Any scale at all will demonstrate that this is unsustainable. The value is limited to accelerating a small number of early adoptors onto the plateform to provide the necessary feedback loop for validating a minimum feature set prior to general availability. Prior to GA, the custom platform integration APIs should be deployed to perform the tasks of this static repo in a scalable and resilient architecture.  
+
+## maintainers  
+
+This is a replacement for earlier pre-release alpha team configuration.
+
+## Deprecated
 
 Default environment gateways:  
 
@@ -45,16 +85,5 @@ A small list of example early-adopter customers have their configuration managed
 | alpha teams           | sbx-i01-aws-us-east-1  | prod-i01-aws-us-east-2  |
 |-----------------------|:----------------------:|:-----------------------:|
 | twdps-core-labs-team  | preview                | dev, qa, prod           |
-| demo                  | preview                | dev, qa, prod           |
-| demo-publications     |                        | dev, qa, prod           |
-| demo-reviews          |                        | dev, qa, prod           |
 
 For each, there will be a demo-preview, demo-dev and so on depending on the team and the cluster. Only demo and twdps-core-labs-team have a preview ns in the sbx cluster for demonstrating the role of the preview cluster.  
-
-## Note
-
-This pipeline is expected to be short-lived and only used to support a small number of teams onboarded. Any scale at all will demonstrate that this is unsustainable. The value is limited to accelerating a small number of early adoptors onto the plateform to provide the necessary feedback loop for validating a minimum feature set prior to general availability. Prior to GA, the custom platform integration APIs should be deployed to perform the tasks of this static repo in a scalable and resilient architecture.  
-
-## maintainers  
-
-This is a replacement for earlier pre-release alpha team configuration.

README.md

@@ -14,6 +14,11 @@
     "qa",
     "prod"
   ],
+  "platform": [
+    "dev",
+    "qa",
+    "prod"
+  ],
   "twdps-core-labs-team": [
     "dev",
     "qa",

environments/prod-i01-aws-us-east-2-teams.json

@@ -1,11 +1,17 @@
 {
-  "aws_account_id": "{{ op://empc-lab/aws-dps-1/aws-account-id }}",
+  "aws_account_id": "{{ op://platform/aws-platform/aws-account-id }}",
   "aws_assume_role": "PSKRoles/PSKControlPlaneBaseRole",
   "aws_region": "us-east-2",
   "cluster_name": "prod-i01-aws-us-east-2",
   "external_dns_chart_version": "1.15.0",
 
   "cluster_domains": [
+    "dev.twplatformlabs.org",
+    "dev.twplatformlabs.link",
+    "qa.twplatformlabs.org",
+    "qa.twplatformlabs.link",
+    "api.twplatformlabs.org",
+    "api.twplatformlabs.link",
     "dev.twdps.digital",
     "dev.twdps.io",
     "qa.twdps.digital",
@@ -14,5 +20,5 @@
     "api.twdps.io"
   ],
   "issuerEndpoint": "https://acme-v02.api.letsencrypt.org/directory",
-  "issuerEmail": "twdps.io@gmail.com"
+  "issuerEmail": "twplatformlabs@gmail.com"
 }

environments/prod-i01-aws-us-east-2.auto.tfvars.json.tpl

@@ -2,6 +2,9 @@
   "demo": [
     "preview"
   ],
+  "platform": [
+    "preview"
+  ],
   "twdps-core-labs-team": [
     "preview"
   ]

environments/sbx-i01-aws-us-east-1-teams.json

@@ -1,14 +1,16 @@
 {
-  "aws_account_id": "{{ op://empc-lab/aws-dps-2/aws-account-id }}",
+  "aws_account_id": "{{ op://platform/aws-sandbox/aws-account-id }}",
   "aws_assume_role": "PSKRoles/PSKControlPlaneBaseRole",
   "aws_region": "us-east-1",
   "cluster_name": "sbx-i01-aws-us-east-1",
   "external_dns_chart_version": "1.15.0",
 
   "cluster_domains": [
+    "preview.twplatformlabs.org",
+    "preview.twplatformlabs.link",
     "preview.twdps.digital",
     "preview.twdps.io"
   ],
   "issuerEndpoint": "https://acme-v02.api.letsencrypt.org/directory",
-  "issuerEmail": "twdps.io@gmail.com"
+  "issuerEmail": "twplatformlabs@gmail.com"
 }

environments/sbx-i01-aws-us-east-1.auto.tfvars.json.tpl

@@ -1,7 +1,7 @@
-export TFE_TOKEN={{ op://empc-lab/svc-terraform-cloud/team-api-token }}
-export GH_TOKEN={{ op://empc-lab/svc-github/access-token }}
-export SLACK_BOT_TOKEN={{ op://empc-lab/svc-slack/post-bot-token }}
-export DOCKERREGISTRYACCESS={{ op://empc-lab/svc-github/dockerconfigjson }}
+export TFE_TOKEN={{ op://platform/svc-terraform-cloud/team-api-token }}
+export GH_TOKEN={{ op://platform/svc-github/access-token }}
+export SLACK_BOT_TOKEN={{ op://platform/svc-slack/platform-slack-bot-token }}
+export DOCKERREGISTRYACCESS={{ op://platform/svc-github/dockerconfigjson }}
 
-export AWS_ACCESS_KEY_ID={{ op://empc-lab/aws-dps-2/PSKProdServiceAccount-aws-access-key-id }}
-export AWS_SECRET_ACCESS_KEY={{ op://empc-lab/aws-dps-2/PSKProdServiceAccount-aws-secret-access-key }}
+export AWS_ACCESS_KEY_ID={{ op://platform/aws-sandbox/PSKProdServiceAccount-aws-access-key-id }}
+export AWS_SECRET_ACCESS_KEY={{ op://platform/aws-sandbox/PSKProdServiceAccount-aws-secret-access-key }}

op.prod-i01-aws-us-east-2.env

@@ -1,4 +1,5 @@
-export TFE_TOKEN={{ op://empc-lab/svc-terraform-cloud/team-api-token }}
-export DOCKERREGISTRYACCESS={{ op://empc-lab/svc-github/dockerconfigjson }}
-export AWS_ACCESS_KEY_ID={{ op://empc-lab/aws-dps-2/PSKNonprodServiceAccount-aws-access-key-id }}
-export AWS_SECRET_ACCESS_KEY={{ op://empc-lab/aws-dps-2/PSKNonprodServiceAccount-aws-secret-access-key }}
+export TFE_TOKEN={{ op://platform/svc-terraform-cloud/team-api-token }}
+export DOCKERREGISTRYACCESS={{ op://platform/svc-github/dockerconfigjson }}
+
+export AWS_ACCESS_KEY_ID={{ op://platform/aws-sandbox/PSKNonprodServiceAccount-aws-access-key-id }}
+export AWS_SECRET_ACCESS_KEY={{ op://platform/aws-sandbox/PSKNonprodServiceAccount-aws-secret-access-key }}

op.sbx-i01-aws-us-east-1.env

@@ -14,10 +14,10 @@ teams=$(jq -r 'keys[]' $json_file)
 echo "generate $cluster_name team namespace resource files"
 for team in $teams; do
   echo "team: $team"
-  
+
   # Read the namespaces that should exist for the current team
   namespaces=$(jq -r --arg k "$team" '.[$k][]' $json_file)
-  
+
   # Iterate over each namespace
   for namespace in $namespaces; do
     echo "  namespace: $namespace"
@@ -91,7 +91,7 @@ metadata:
   namespace: $team-$namespace
 subjects:
   - kind: Group
-    name: ThoughtWorks-DPS/$team
+    name: twplatformlabs/$team
     apiGroup: rbac.authorization.k8s.io
 roleRef:
   kind: Role

scripts/deploy_namespaces.sh

@@ -11,10 +11,10 @@ else
   testenv="dev"
 fi
 
-echo "testing https://httpbin.$testenv.twdps.io/json"
+echo "testing https://httpbin.$testenv.twplatformlabs.org/json"
 bash scripts/toggle_httpbin.sh on $cluster_name
 
-jsonResponse=$(curl -X GET "https://httpbin.$testenv.twdps.io/json" -H "accept: application/json")
+jsonResponse=$(curl -X GET "https://httpbin.$testenv.twplatformlabs.org/json" -H "accept: application/json")
 echo "response $jsonResponse"
 if [[ ! $jsonResponse =~ "slideshow" ]]; then
   echo "httpbin not responding"

scripts/gateway_functional_test.sh

@@ -26,9 +26,9 @@ metadata:
   namespace: default-mtls
 spec:
   hosts:
-  - "httpbin.$testenv.twdps.io"
+  - "httpbin.$testenv.twplatformlabs.org"
   gateways:
-  - istio-system/$testenv-twdps-io-gateway
+  - istio-system/$testenv-twplatformlabs-org-gateway
   http:
     - route:
       - destination:

scripts/toggle_httpbin.sh

@@ -8,7 +8,7 @@ data "aws_iam_openid_connect_provider" "eks" {
 
 module "external_dns_irsa_role" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 5.40.0"
+  version = "~> 5.52.2"
 
   role_path                  = "/PSKRoles/"
   role_name                  = "simple-teams-external-dns-sa"

service-account-role-external-dns.tf

@@ -7,7 +7,7 @@ variable "aws_region" {
 }
 
 variable "aws_account_id" {
-  type      = string
+  type = string
   validation {
     condition     = length(var.aws_account_id) == 12 && can(regex("^\\d{12}$", var.aws_account_id))
     error_message = "Invalid AWS account ID"

variables.tf

@@ -9,7 +9,7 @@ terraform {
 
   backend "remote" {
     hostname     = "app.terraform.io"
-    organization = "twdps"
+    organization = "twplatformlabs"
     workspaces {
       prefix = "psk-platform-simple-teams-and-ns-"
     }