kite 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/kite/core.rb +45 -28
- data/lib/kite/helpers.rb +7 -0
- data/lib/kite/version.rb +1 -1
- data/tpl/aws/bootstrap.sh +4 -7
- data/tpl/aws/{bin/make_manifest_bosh-init.sh → bosh/bosh_director.yml.erb} +22 -53
- data/tpl/aws/{bin/make_cloud_config.sh → concourse/aws_cloud.yml.erb} +3 -26
- data/tpl/aws/{bin/make_manifest_concourse-cluster.sh → concourse/concourse.yml.erb} +5 -20
- data/tpl/aws/terraform/main.tf +37 -0
- data/tpl/aws/terraform/network.tf +177 -0
- data/tpl/aws/terraform/outputs.tf +5 -5
- data/tpl/aws/terraform/terraform.tfvars.erb +18 -7
- data/tpl/aws/terraform/variables.tf +52 -18
- data/tpl/gcp/bosh-install.sh.erb +18 -0
- data/tpl/gcp/terraform/main.tf +56 -0
- data/tpl/gcp/terraform/network.tf +30 -0
- data/tpl/gcp/terraform/outputs.tf +3 -0
- data/tpl/gcp/terraform/terraform.tfvars.erb +14 -0
- data/tpl/gcp/terraform/variables.tf +32 -0
- data/tpl/skel/config/cloud.yml +22 -20
- metadata +13 -24
- data/tpl/aws/env.example.erb +0 -12
- data/tpl/aws/terraform/aws-concourse.tf +0 -127
- data/tpl/aws/terraform/aws-vault.tf +0 -26
- data/tpl/aws/terraform/bosh-aws-base.tf +0 -118
- data/tpl/gcp/INSTALL.md +0 -25
- data/tpl/gcp/README.md +0 -377
- data/tpl/gcp/cloud-config.yml.erb +0 -66
- data/tpl/gcp/concourse.tf +0 -62
- data/tpl/gcp/concourse.yml.erb +0 -101
- data/tpl/gcp/env.example.erb +0 -7
- data/tpl/gcp/main.tf +0 -107
- data/tpl/gcp/manifest.yml.erb +0 -173
- data/tpl/gcp/scripts/01_create_infrastructure.sh +0 -24
- data/tpl/gcp/scripts/02_deploy_director.sh +0 -35
- data/tpl/gcp/scripts/03_deploy_concourse.sh +0 -29
- data/tpl/gcp/scripts/04_delete_director.sh +0 -6
- data/tpl/gcp/scripts/05_delete_infrastructure.sh +0 -23
- data/tpl/gcp/scripts/bootstrap.sh +0 -22
- data/tpl/gcp/scripts/delete.sh +0 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1350153f9c5242c19356d1c6797de0d7897b990f
|
4
|
+
data.tar.gz: 9036d77e615d36dba63fc56a1336e5888de7c757
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 22c58c7d7b01bcc7affe6bc0bac131b231ebd7bb49b56e298f5d91a6d66a273d8e4783aa5db14f6b2bf67e63d41e95aa4f9ae4ef151e253779ff757ae3588491
|
7
|
+
data.tar.gz: fbe6f97793d40e992194dec5f03b4f1d98624c1be3dd78a2bd6acbbe4e54a2d32ce45acc97552da3ad2f9ff898a0ce1893fedaae6c20d5724c5af04cc6efb51d
|
data/lib/kite/core.rb
CHANGED
@@ -7,7 +7,6 @@ module Kite
|
|
7
7
|
File.expand_path(File.join(File.dirname(__FILE__), "../../tpl"))
|
8
8
|
end
|
9
9
|
|
10
|
-
method_option :cloud, type: :string, desc: "Cloud provider", enum: %w{aws gcp}
|
11
10
|
desc "new CLOUD_PATH", "Generate Cloud infrastructure skeleton from configuration"
|
12
11
|
def new(cloud_name)
|
13
12
|
target = Kite::Cloud.new(self, cloud_name)
|
@@ -21,36 +20,54 @@ module Kite
|
|
21
20
|
@values = YAML.load(File.read('config/cloud.yml'))
|
22
21
|
|
23
22
|
case options[:cloud]
|
24
|
-
when
|
25
|
-
copy_file(
|
26
|
-
copy_file(
|
27
|
-
copy_file(
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
copy_file(
|
32
|
-
copy_file(
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
copy_file(
|
38
|
-
copy_file(
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
23
|
+
when 'aws'
|
24
|
+
copy_file('aws/terraform/main.tf', 'terraform/main.tf')
|
25
|
+
copy_file('aws/terraform/network.tf', 'terraform/network.tf')
|
26
|
+
copy_file('aws/terraform/outputs.tf', 'terraform/outputs.tf')
|
27
|
+
copy_file('aws/terraform/variables.tf', 'terraform/variables.tf')
|
28
|
+
template('aws/terraform/terraform.tfvars.erb', 'terraform/terraform.tfvars')
|
29
|
+
|
30
|
+
copy_file('aws/README.md', 'README.md')
|
31
|
+
copy_file('aws/bootstrap.sh', 'bootstrap.sh')
|
32
|
+
|
33
|
+
when 'gcp'
|
34
|
+
copy_file('gcp/terraform/main.tf', 'terraform/main.tf')
|
35
|
+
copy_file('gcp/terraform/network.tf', 'terraform/network.tf')
|
36
|
+
copy_file('gcp/terraform/outputs.tf', 'terraform/outputs.tf')
|
37
|
+
copy_file('gcp/terraform/variables.tf', 'terraform/variables.tf')
|
38
|
+
template('gcp/terraform/terraform.tfvars.erb', 'terraform/terraform.tfvars')
|
39
|
+
template('gcp/bosh-install.sh.erb', 'bin/bosh-install.sh')
|
40
|
+
chmod('bin/bosh-install.sh', 0755)
|
41
|
+
|
42
|
+
else
|
43
|
+
say 'Cloud provider not specified'
|
44
|
+
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
desc 'render MANIFEST', 'Render manifest file from configuration and Terraform output'
|
49
|
+
def render(manifest)
|
50
|
+
say "Rendering #{ manifest } manifest", :green
|
51
|
+
@values = YAML.load(File.read('config/cloud.yml'))
|
52
|
+
@tf_output = parse_tf_state('terraform/terraform.tfstate')
|
53
|
+
|
54
|
+
case manifest
|
55
|
+
when "bosh"
|
56
|
+
template("aws/bosh/bosh_director.yml.erb", "bosh_director.yml")
|
57
|
+
|
58
|
+
when "concourse"
|
59
|
+
template("aws/concourse/aws_cloud.yml.erb", "aws_cloud.yml")
|
60
|
+
template("aws/concourse/concourse.yml.erb", "concourse.yml")
|
61
|
+
|
50
62
|
else
|
51
|
-
say "
|
63
|
+
say "Manifest type not specified"
|
52
64
|
|
53
65
|
end
|
54
66
|
end
|
67
|
+
|
68
|
+
desc "version", "Return kite version"
|
69
|
+
def version
|
70
|
+
say "v#{ Kite::VERSION }"
|
71
|
+
end
|
55
72
|
end
|
56
73
|
end
|
data/lib/kite/helpers.rb
CHANGED
@@ -1,2 +1,9 @@
|
|
1
1
|
module Kite::Helpers
|
2
|
+
# Parse Terraform .tfstate file, returning the output hash
|
3
|
+
def parse_tf_state(path)
|
4
|
+
tf_state = YAML.load(File.open(path))
|
5
|
+
tf_output = tf_state["modules"].first["outputs"]
|
6
|
+
tf_output.map { |k, v| tf_output[k] = v["value"] }
|
7
|
+
tf_output
|
8
|
+
end
|
2
9
|
end
|
data/lib/kite/version.rb
CHANGED
data/tpl/aws/bootstrap.sh
CHANGED
@@ -1,24 +1,21 @@
|
|
1
1
|
#!/usr/bin/env bash
|
2
2
|
|
3
|
-
source ./.env
|
4
3
|
|
5
4
|
pushd terraform && terraform apply && popd
|
6
5
|
|
7
|
-
|
8
|
-
bosh-init deploy
|
6
|
+
kite render-manifest --manifest=bosh
|
7
|
+
bosh-init deploy bosh_director.yml
|
9
8
|
|
10
|
-
read -p "Enter bosh director ip: " bosh_director_ip
|
11
9
|
pushd terraform && BOSH_DIRECTOR_IP=$(terraform output eip) && popd
|
12
10
|
bosh target $BOSH_DIRECTOR_IP
|
13
11
|
|
14
|
-
|
15
|
-
bosh update cloud-config
|
12
|
+
kite render-manifest --manifest=concourse
|
13
|
+
bosh update cloud-config aws_cloud.yml
|
16
14
|
|
17
15
|
bosh upload stemcell https://bosh.io/d/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent
|
18
16
|
bosh upload release https://bosh.io/d/github.com/concourse/concourse
|
19
17
|
bosh upload release https://bosh.io/d/github.com/cloudfoundry-incubator/garden-runc-release
|
20
18
|
|
21
|
-
bash ./bin/make_manifest_concourse-cluster.sh
|
22
19
|
bosh deployment concourse.yml
|
23
20
|
|
24
21
|
bosh deploy
|
@@ -1,31 +1,3 @@
|
|
1
|
-
#!/bin/bash
|
2
|
-
#
|
3
|
-
# Please set the following environment variables:
|
4
|
-
# $AWS_ACCESS_KEY_ID
|
5
|
-
# $AWS_SECRET_ACCESS_KEY
|
6
|
-
# $AWS_REGION
|
7
|
-
# $AWS_AZ
|
8
|
-
# $BOSH_PASSWORD
|
9
|
-
# $AWS_KEYPAIR_KEY_NAME
|
10
|
-
# $PRIVATE_KEY_PATH
|
11
|
-
|
12
|
-
function getvars() {
|
13
|
-
cd terraform/
|
14
|
-
EIP=$(terraform output eip)
|
15
|
-
SUBNET=$(terraform output default_subnet_id)
|
16
|
-
SECURITY_GROUP=$(terraform output security_group_id)
|
17
|
-
cd ../
|
18
|
-
}
|
19
|
-
|
20
|
-
getvars
|
21
|
-
|
22
|
-
echo "Subnet = $SUBNET"
|
23
|
-
echo "Security Group = $SECURITY_GROUP"
|
24
|
-
echo "EIP = $EIP"
|
25
|
-
echo "AWS REGION = $AWS_REGION"
|
26
|
-
echo "AWS AZ = $AWS_AZ"
|
27
|
-
|
28
|
-
cat >bosh-director.yml <<YAML
|
29
1
|
---
|
30
2
|
name: bosh
|
31
3
|
|
@@ -46,7 +18,7 @@ resource_pools:
|
|
46
18
|
cloud_properties:
|
47
19
|
instance_type: m3.large
|
48
20
|
ephemeral_disk: {size: 25_000, type: gp2}
|
49
|
-
availability_zone:
|
21
|
+
availability_zone: <%= @values['aws']['az'] %>
|
50
22
|
|
51
23
|
disk_pools:
|
52
24
|
- name: disks
|
@@ -60,9 +32,7 @@ networks:
|
|
60
32
|
- range: 10.0.0.0/24
|
61
33
|
gateway: 10.0.0.1
|
62
34
|
dns: [10.0.0.2]
|
63
|
-
cloud_properties: {subnet:
|
64
|
-
- name: public
|
65
|
-
type: vip
|
35
|
+
cloud_properties: {subnet: <%= @tf_output['default_subnet_id'] %>}
|
66
36
|
|
67
37
|
jobs:
|
68
38
|
- name: bosh
|
@@ -85,19 +55,19 @@ jobs:
|
|
85
55
|
static_ips: [10.0.0.6]
|
86
56
|
default: [dns, gateway]
|
87
57
|
- name: public
|
88
|
-
static_ips: [
|
58
|
+
static_ips: [<%= @tf_output['eip'] %>]
|
89
59
|
|
90
60
|
properties:
|
91
61
|
nats:
|
92
62
|
address: 127.0.0.1
|
93
63
|
user: nats
|
94
|
-
password:
|
64
|
+
password: <%= @values['bosh']['password'] %>
|
95
65
|
|
96
66
|
postgres: &db
|
97
67
|
listen_address: 127.0.0.1
|
98
68
|
host: 127.0.0.1
|
99
69
|
user: postgres
|
100
|
-
password:
|
70
|
+
password: <%= @values['bosh']['password'] %>
|
101
71
|
database: bosh
|
102
72
|
adapter: postgres
|
103
73
|
|
@@ -105,17 +75,17 @@ jobs:
|
|
105
75
|
address: 10.0.0.6
|
106
76
|
host: 10.0.0.6
|
107
77
|
db: *db
|
108
|
-
http: {user: admin, password:
|
78
|
+
http: {user: admin, password: <%= @values['bosh']['password'] %>, port: 25777}
|
109
79
|
username: admin
|
110
|
-
password:
|
80
|
+
password: <%= @values['bosh']['password'] %>
|
111
81
|
port: 25777
|
112
82
|
|
113
83
|
blobstore:
|
114
84
|
address: 10.0.0.6
|
115
85
|
port: 25250
|
116
86
|
provider: dav
|
117
|
-
director: {user: director, password:
|
118
|
-
agent: {user: agent, password:
|
87
|
+
director: {user: director, password: <%= @values['bosh']['password'] %>}
|
88
|
+
agent: {user: agent, password: <%= @values['bosh']['password'] %>}
|
119
89
|
|
120
90
|
director:
|
121
91
|
address: 127.0.0.1
|
@@ -127,21 +97,21 @@ jobs:
|
|
127
97
|
provider: local
|
128
98
|
local:
|
129
99
|
users:
|
130
|
-
- {name: admin, password:
|
131
|
-
- {name: hm, password:
|
100
|
+
- {name: admin, password: <%= @values['bosh']['password'] %>}
|
101
|
+
- {name: hm, password: <%= @values['bosh']['password'] %>}
|
132
102
|
|
133
103
|
hm:
|
134
|
-
director_account: {user: hm, password:
|
104
|
+
director_account: {user: hm, password: <%= @values['bosh']['password'] %>}
|
135
105
|
resurrector_enabled: true
|
136
106
|
|
137
107
|
aws: &aws
|
138
|
-
access_key_id:
|
139
|
-
secret_access_key:
|
140
|
-
default_key_name:
|
141
|
-
default_security_groups: [
|
142
|
-
region:
|
108
|
+
access_key_id: <%= @values['aws']['access_key'] %>
|
109
|
+
secret_access_key: <%= @values['aws']['secret_key'] %>
|
110
|
+
default_key_name: <%= @values['bosh']['keypair_name'] %>
|
111
|
+
default_security_groups: [<%= @tf_output['security_group_id'] %>]
|
112
|
+
region: <%= @values['aws']['region'] %>
|
143
113
|
|
144
|
-
agent: {mbus: "nats://nats
|
114
|
+
agent: {mbus: "nats://nats:<%= @values['bosh']['password'] %>@10.0.0.6:4222"}
|
145
115
|
|
146
116
|
ntp: &ntp [0.pool.ntp.org, 1.pool.ntp.org]
|
147
117
|
|
@@ -149,16 +119,15 @@ cloud_provider:
|
|
149
119
|
template: {name: aws_cpi, release: bosh-aws-cpi}
|
150
120
|
|
151
121
|
ssh_tunnel:
|
152
|
-
host:
|
122
|
+
host: <%= @tf_output['eip'] %> # <--- Replace with your Elastic IP address
|
153
123
|
port: 22
|
154
124
|
user: vcap
|
155
|
-
private_key:
|
125
|
+
private_key: <%= @values['bosh']['private_key_path'] %> # Path relative to this manifest file
|
156
126
|
|
157
|
-
mbus: "https://mbus
|
127
|
+
mbus: "https://mbus:<%= @values['bosh']['password'] %>@<%= @tf_output['eip'] %>:6868" # <--- Replace with Elastic IP
|
158
128
|
|
159
129
|
properties:
|
160
130
|
aws: *aws
|
161
|
-
agent: {mbus: "https://mbus
|
131
|
+
agent: {mbus: "https://mbus:<%= @values['bosh']['password'] %>@0.0.0.0:6868"}
|
162
132
|
blobstore: {provider: local, path: /var/vcap/micro_bosh/data/cache}
|
163
133
|
ntp: *ntp
|
164
|
-
YAML
|
@@ -1,28 +1,7 @@
|
|
1
|
-
#!/bin/bash
|
2
|
-
#
|
3
|
-
# Please set the following environment variables:
|
4
|
-
# $AWS_AZ
|
5
|
-
|
6
|
-
|
7
|
-
function getvars() {
|
8
|
-
cd terraform/
|
9
|
-
DEFAULT_SUBNET=$(terraform output default_subnet_id)
|
10
|
-
OPS_SUBNET=$(terraform output ops_services_subnet_id)
|
11
|
-
cd ../
|
12
|
-
}
|
13
|
-
|
14
|
-
getvars
|
15
|
-
|
16
|
-
echo "Default Subnet = $DEFAULT_SUBNET"
|
17
|
-
echo "Ops Services Subnet = $OPS_SUBNET"
|
18
|
-
echo "AWS AZ" = $AWS_AZ
|
19
|
-
|
20
|
-
|
21
|
-
cat >aws-cloud.yml <<YAML
|
22
1
|
---
|
23
2
|
azs:
|
24
3
|
- name: z1
|
25
|
-
cloud_properties: {availability_zone:
|
4
|
+
cloud_properties: {availability_zone: <%= @values['aws']['az'] %>}
|
26
5
|
|
27
6
|
vm_types:
|
28
7
|
- name: concourse_standalone
|
@@ -81,7 +60,7 @@ networks:
|
|
81
60
|
static: [10.0.0.6]
|
82
61
|
reserved: [10.0.0.1-10.0.0.5]
|
83
62
|
dns: [10.0.0.2]
|
84
|
-
cloud_properties: {subnet:
|
63
|
+
cloud_properties: {subnet: <%= @tf_output['default_subnet_id'] %>}
|
85
64
|
- name: ops_services
|
86
65
|
type: manual
|
87
66
|
subnets:
|
@@ -90,7 +69,7 @@ networks:
|
|
90
69
|
az: z1
|
91
70
|
reserved: [10.0.10.1-10.0.10.5]
|
92
71
|
dns: [10.0.0.2]
|
93
|
-
cloud_properties: {subnet:
|
72
|
+
cloud_properties: {subnet: <%= @tf_output['ops_services_subnet_id'] %>}
|
94
73
|
- name: vip
|
95
74
|
type: vip
|
96
75
|
|
@@ -100,5 +79,3 @@ compilation:
|
|
100
79
|
az: z1
|
101
80
|
vm_type: large
|
102
81
|
network: default
|
103
|
-
|
104
|
-
YAML
|
@@ -1,21 +1,7 @@
|
|
1
|
-
#!/bin/bash
|
2
|
-
#
|
3
|
-
# Please set the following environment variables:
|
4
|
-
# $DB_PASSWORD
|
5
|
-
# $CONCOURSE_URL
|
6
|
-
# $CONCOURSE_AUTH_USERNAME
|
7
|
-
# $CONCOURSE_AUTH_PASSWORD
|
8
|
-
|
9
|
-
DIRECTOR_UUID=`bosh status --uuid`
|
10
|
-
|
11
|
-
echo "director_uuid = $DIRECTOR_UUID"
|
12
|
-
echo "concourse url = $CONCOURSE_URL"
|
13
|
-
|
14
|
-
cat >concourse.yml <<YAML
|
15
1
|
---
|
16
2
|
name: concourse
|
17
3
|
|
18
|
-
director_uuid:
|
4
|
+
director_uuid: <%= %x(bosh status --uuid) %>
|
19
5
|
|
20
6
|
releases:
|
21
7
|
- name: concourse
|
@@ -40,10 +26,10 @@ instance_groups:
|
|
40
26
|
release: concourse
|
41
27
|
properties:
|
42
28
|
# replace with your CI's externally reachable URL e.g https://blah
|
43
|
-
external_url:
|
29
|
+
external_url: <%= @values['concourse']['url'] %>
|
44
30
|
|
45
|
-
basic_auth_username:
|
46
|
-
basic_auth_password:
|
31
|
+
basic_auth_username: <%= @values['concourse']['auth_username'] %>
|
32
|
+
basic_auth_password: <%= @values['concourse']['auth_password'] %>
|
47
33
|
|
48
34
|
postgresql_database: &atc_db atc
|
49
35
|
- name: tsa
|
@@ -65,7 +51,7 @@ instance_groups:
|
|
65
51
|
- name: *atc_db
|
66
52
|
# make up a role and password
|
67
53
|
role: dbrole
|
68
|
-
password:
|
54
|
+
password: <%= @values['concourse']['db_password'] %>
|
69
55
|
|
70
56
|
- name: worker
|
71
57
|
instances: 1
|
@@ -93,4 +79,3 @@ update:
|
|
93
79
|
serial: false
|
94
80
|
canary_watch_time: 1000-60000
|
95
81
|
update_watch_time: 1000-60000
|
96
|
-
YAML
|
@@ -0,0 +1,37 @@
|
|
1
|
+
# Specify the provider and access details
|
2
|
+
provider "aws" {
|
3
|
+
region = "${var.aws_region}"
|
4
|
+
access_key = "${var.aws_access_key}"
|
5
|
+
secret_key = "${var.aws_secret_key}"
|
6
|
+
}
|
7
|
+
|
8
|
+
resource "aws_key_pair" "platform_key" {
|
9
|
+
key_name = "${var.keypair_name}"
|
10
|
+
public_key = "${file("${var.public_key}")}"
|
11
|
+
}
|
12
|
+
|
13
|
+
resource "aws_instance" "bastion" {
|
14
|
+
ami = "${lookup(var.aws_amis, var.aws_region)}"
|
15
|
+
instance_type = "t2.small"
|
16
|
+
key_name = "${var.keypair_name}"
|
17
|
+
|
18
|
+
vpc_security_group_ids = ["${aws_security_group.bosh_sg.id}"]
|
19
|
+
subnet_id = "${aws_subnet.platform.id}"
|
20
|
+
|
21
|
+
associate_public_ip_address = true
|
22
|
+
|
23
|
+
tags {
|
24
|
+
Name = "bastion"
|
25
|
+
}
|
26
|
+
|
27
|
+
connection {
|
28
|
+
user = "ubuntu"
|
29
|
+
private_key = "${file(var.private_key)}"
|
30
|
+
}
|
31
|
+
|
32
|
+
provisioner "remote-exec" {
|
33
|
+
inline = [
|
34
|
+
"curl -fsSL get.docker.com | sh"
|
35
|
+
]
|
36
|
+
}
|
37
|
+
}
|
@@ -0,0 +1,177 @@
|
|
1
|
+
# Create a VPC to launch our instances into
|
2
|
+
resource "aws_vpc" "platform" {
|
3
|
+
cidr_block = "${var.aws_vpc_cidr_block}"
|
4
|
+
|
5
|
+
tags {
|
6
|
+
Name = "${var.aws_vpc_name}"
|
7
|
+
Component = "kite-platform"
|
8
|
+
}
|
9
|
+
}
|
10
|
+
|
11
|
+
# Create an internet gateway to give our subnet access to the outside world
|
12
|
+
resource "aws_internet_gateway" "platform" {
|
13
|
+
vpc_id = "${aws_vpc.platform.id}"
|
14
|
+
tags {
|
15
|
+
Name = "platform-gateway"
|
16
|
+
Component = "kite-platform"
|
17
|
+
}
|
18
|
+
}
|
19
|
+
|
20
|
+
# Grant the VPC internet access on its main route table
|
21
|
+
resource "aws_route" "internet_access" {
|
22
|
+
route_table_id = "${aws_vpc.platform.main_route_table_id}"
|
23
|
+
destination_cidr_block = "0.0.0.0/0"
|
24
|
+
gateway_id = "${aws_internet_gateway.platform.id}"
|
25
|
+
}
|
26
|
+
|
27
|
+
# Create a subnet to launch our instances into
|
28
|
+
resource "aws_subnet" "platform" {
|
29
|
+
vpc_id = "${aws_vpc.platform.id}"
|
30
|
+
availability_zone = "${var.aws_availability_zone}"
|
31
|
+
cidr_block = "${var.aws_platform_subnet_cidr_block}"
|
32
|
+
map_public_ip_on_launch = false
|
33
|
+
tags {
|
34
|
+
Name = "${var.aws_platform_subnet_name}"
|
35
|
+
Component = "kite-platform"
|
36
|
+
}
|
37
|
+
}
|
38
|
+
|
39
|
+
# Create an ops_services subnet
|
40
|
+
resource "aws_subnet" "ops_services" {
|
41
|
+
vpc_id = "${aws_vpc.platform.id}"
|
42
|
+
availability_zone = "${var.aws_availability_zone}"
|
43
|
+
cidr_block = "${var.aws_ops_subnet_cidr_block}"
|
44
|
+
map_public_ip_on_launch = false
|
45
|
+
tags {
|
46
|
+
Name = "${var.aws_ops_subnet_name}"
|
47
|
+
Component = "ops-services"
|
48
|
+
}
|
49
|
+
}
|
50
|
+
|
51
|
+
# The default security group
|
52
|
+
resource "aws_security_group" "bosh_sg" {
|
53
|
+
name = "bosh_sg"
|
54
|
+
description = "Default BOSH security group"
|
55
|
+
vpc_id = "${aws_vpc.platform.id}"
|
56
|
+
tags {
|
57
|
+
Name = "bosh-sq"
|
58
|
+
Component = "bosh-director"
|
59
|
+
}
|
60
|
+
|
61
|
+
# inbound access rules
|
62
|
+
ingress {
|
63
|
+
from_port = 6868
|
64
|
+
to_port = 6868
|
65
|
+
protocol = "tcp"
|
66
|
+
cidr_blocks = [
|
67
|
+
"0.0.0.0/0"]
|
68
|
+
}
|
69
|
+
|
70
|
+
ingress {
|
71
|
+
from_port = 25555
|
72
|
+
to_port = 25555
|
73
|
+
protocol = "tcp"
|
74
|
+
cidr_blocks = [
|
75
|
+
"0.0.0.0/0"]
|
76
|
+
}
|
77
|
+
|
78
|
+
ingress {
|
79
|
+
from_port = 22
|
80
|
+
to_port = 22
|
81
|
+
protocol = "tcp"
|
82
|
+
cidr_blocks = [
|
83
|
+
"0.0.0.0/0"]
|
84
|
+
}
|
85
|
+
|
86
|
+
ingress {
|
87
|
+
from_port = 0
|
88
|
+
to_port = 65535
|
89
|
+
protocol = "tcp"
|
90
|
+
self = true
|
91
|
+
}
|
92
|
+
|
93
|
+
ingress {
|
94
|
+
from_port = 0
|
95
|
+
to_port = 65535
|
96
|
+
protocol = "udp"
|
97
|
+
self = true
|
98
|
+
}
|
99
|
+
|
100
|
+
# outbound internet access
|
101
|
+
egress {
|
102
|
+
from_port = 0
|
103
|
+
to_port = 0
|
104
|
+
protocol = "-1"
|
105
|
+
cidr_blocks = [
|
106
|
+
"0.0.0.0/0"]
|
107
|
+
}
|
108
|
+
}
|
109
|
+
|
110
|
+
# Create a Concourse security group
|
111
|
+
resource "aws_security_group" "concourse_sg" {
|
112
|
+
name = "concourse-sg"
|
113
|
+
description = "Concourse security group"
|
114
|
+
vpc_id = "${aws_vpc.platform.id}"
|
115
|
+
tags {
|
116
|
+
Name = "concourse-sg"
|
117
|
+
Component = "concourse"
|
118
|
+
}
|
119
|
+
|
120
|
+
# outbound internet access
|
121
|
+
egress {
|
122
|
+
from_port = 0
|
123
|
+
to_port = 0
|
124
|
+
protocol = "-1"
|
125
|
+
cidr_blocks = ["0.0.0.0/0"]
|
126
|
+
}
|
127
|
+
|
128
|
+
# inbound connections from ELB
|
129
|
+
ingress {
|
130
|
+
from_port = 8080
|
131
|
+
to_port = 8080
|
132
|
+
protocol = "tcp"
|
133
|
+
cidr_blocks = ["0.0.0.0/0"]
|
134
|
+
}
|
135
|
+
|
136
|
+
ingress {
|
137
|
+
from_port = 8080
|
138
|
+
to_port = 8080
|
139
|
+
protocol = "tcp"
|
140
|
+
cidr_blocks = [
|
141
|
+
"0.0.0.0/0"]
|
142
|
+
}
|
143
|
+
|
144
|
+
ingress {
|
145
|
+
from_port = 2222
|
146
|
+
to_port = 2222
|
147
|
+
protocol = "tcp"
|
148
|
+
cidr_blocks = ["0.0.0.0/0"]
|
149
|
+
}
|
150
|
+
}
|
151
|
+
|
152
|
+
# Create a Vault security group
|
153
|
+
resource "aws_security_group" "vault_sg" {
|
154
|
+
name = "vault-sg"
|
155
|
+
description = "Vault security group"
|
156
|
+
vpc_id = "${aws_vpc.platform.id}"
|
157
|
+
tags {
|
158
|
+
Name = "vault-sg"
|
159
|
+
Component = "vault"
|
160
|
+
}
|
161
|
+
|
162
|
+
# outbound internet access
|
163
|
+
egress {
|
164
|
+
from_port = 0
|
165
|
+
to_port = 0
|
166
|
+
protocol = "-1"
|
167
|
+
cidr_blocks = ["0.0.0.0/0"]
|
168
|
+
}
|
169
|
+
|
170
|
+
# inbound http
|
171
|
+
ingress {
|
172
|
+
from_port = 8200
|
173
|
+
to_port = 8200
|
174
|
+
protocol = "tcp"
|
175
|
+
cidr_blocks = ["0.0.0.0/0"]
|
176
|
+
}
|
177
|
+
}
|