kite 0.0.9 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: '0499a1f48e1e1ff191047b0a757469b537cebf0a'
-  data.tar.gz: c562a68c9cf7c851f5088ac6413a2b7d756e0c65
+  metadata.gz: e147a21c1ce86a6b496f71c358b65d0f135fd150
+  data.tar.gz: 9778352a81fd5503e02d63cccd30258259ecfb9e
 SHA512:
-  metadata.gz: cd0754e76c673d8001452b1c053d76c2e4053d0ce916b5df8ab18a2dc92212c5d3e359376cd70df6d5e1160ee33a5f9529cc5f626eb2e926747cb452d1421f70
-  data.tar.gz: 071f54533c2228073440213c31145e42668c510de0fe377f15950fd0c93614575a16abc8a69df9b8e1bf88d553f898c7821a3fe4db5f0991c80529fd98a0dd65
+  metadata.gz: 7b73426bd0445b7d1cc51962ec5b6b0f56d801d0172d8802171638c1481c6e11cb9aaeaaa2c2ad0684a211a8b0fac6c7808920d3e306a6b4df16e28a94e2e769
+  data.tar.gz: b57f47dd619107714edae4673659520eb128e185c8c29ce5aee3b5a231005133b61569615a57e08d76ef7023526020fb5cb3b8f9e638e4403c98caa73e2b14ef

data/CHANGELOG.md

@@ -1,8 +1,7 @@
 # Change Log
 
-## [Unreleased](https://github.com/helios-technologies/kite/tree/HEAD)
-
-[Full Changelog](https://github.com/helios-technologies/kite/compare/v0.0.8...HEAD)
+## [v0.0.9](https://github.com/helios-technologies/kite/tree/v0.0.9) (2017-09-29)
+[Full Changelog](https://github.com/helios-technologies/kite/compare/v0.0.8...v0.0.9)
 
 **Closed issues:**
 
@@ -84,5 +83,3 @@
 
 ## [v0.0.2](https://github.com/helios-technologies/kite/tree/v0.0.2) (2017-08-24)
 
-
-\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*

data/README.md

@@ -46,10 +46,10 @@ $ kite new PROJECT_NAME
 
 ### Generate your infrastructure using terraform
 
-Generate the cloud IaC needed with 
+Generate the cloud IaC needed with
 
 ```
-$ kite generate --cloud=aws|gcp
+$ kite generate cloud --provider=aws|gcp
 ```
 
 you can now review and apply your terraform files.

data/lib/kite/generate.rb

@@ -14,10 +14,12 @@ module Kite
         when 'aws'
           directory('aws/terraform',                          'terraform')
           copy_file('aws/README.md',                          'README.md', force: true)
+          copy_file('aws/docs/kops.md',                       'docs/kops.md')
 
           directory('aws/bin/base',                           'bin')
           chmod('bin/bootstrap.sh', 0755)
           chmod('bin/cleanup.sh', 0755)
+          chmod('bin/setup-tunnel.sh', 0755)
 
         when 'gcp'
           directory('gcp/terraform',                          'terraform')
@@ -27,6 +29,7 @@ module Kite
           directory('gcp/bin/base',                           'bin')
           chmod('bin/bootstrap.sh', 0755)
           chmod('bin/cleanup.sh', 0755)
+          chmod('bin/setup-tunnel.sh', 0755)
 
         else
           say 'Cloud provider not specified'

data/lib/kite/version.rb

@@ -1,3 +1,3 @@
 module Kite
-  VERSION = "0.0.9"
+  VERSION = "0.1.0"
 end

data/tpl/aws/README.md

@@ -7,6 +7,9 @@ Apply terraform code
 pushd terraform && terraform init && terraform apply && popd
 ```
 
+[Note]
+To destroy Bastion later, use `terraform destroy -target aws_instance.bastion`
+
 Render BOSH manifest and related files
 ```
 kite render manifest bosh --cloud aws

data/tpl/aws/bin/base/cleanup.sh.tt

@@ -16,4 +16,4 @@ bosh delete-env deployments/bosh/bosh.yml \
 pushd terraform && terraform destroy && popd
 
 # Remove files generated by kite
-rm -rf terraform deployments config/{creds.yml,bosh_vars.yml,jumpbox.key} bin/*.sh
+rm -rf terraform deployments docs config/{creds.yml,bosh-vars.yml,jumpbox.key} bin/*.sh

data/tpl/aws/bin/concourse-deploy.sh.tt

@@ -2,13 +2,10 @@
 
 set -xe
 
-# Render Concourse-related files
-kite render manifest concourse --cloud aws
-
 # Upload necessary stemcells and releases
 bosh -e <%= @values['bosh']['name'] %> upload-stemcell https://bosh.io/d/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent
 bosh -e <%= @values['bosh']['name'] %> upload-release https://bosh.io/d/github.com/concourse/concourse
 bosh -e <%= @values['bosh']['name'] %> upload-release https://bosh.io/d/github.com/cloudfoundry-incubator/garden-runc-release
 
 # Deploy Concourse
-bosh -e <%= @values['bosh']['name'] %> -d concourse deploy deployments/concourse/concourse.yml
+bosh -e <%= @values['bosh']['name'] %> -d concourse deploy deployments/concourse/concourse.yml -v vault_token=$1

data/tpl/aws/deployments/concourse/concourse.yml.tt

@@ -23,13 +23,13 @@ instance_groups:
       bind_port: 80
       external_url: <%= @values['concourse']['url'] %>
       basic_auth_username: <%= @values['concourse']['auth_username'] %>
-      basic_auth_password: <%= @values['concourse']['auth_password'] %>
+      basic_auth_password: ((auth_password))
       publicly_viewable: true
 
       vault:
         auth:
           backend: token
-          client_token: "your Vault root token here"
+          client_token: ((vault_token))
         path_prefix: /concourse
         url: "http://<%= @private_subnet[11] %>:8200" # assuming Vault is deployed first
 
@@ -53,7 +53,7 @@ instance_groups:
       databases:
       - name: *atc_db
         role: admin
-        password: <%= @values['concourse']['db_password'] %>
+        password: ((db_password))
 
 - name: worker
   instances: 1

data/tpl/aws/docs/bosh.md

@@ -11,7 +11,7 @@
 
 Render bosh deployment
 ```
-kite render manifest bosh --cloud=gcp
+kite render manifest bosh --cloud=aws
 ```
 
 Setup tunnel

data/tpl/aws/docs/concourse.md

@@ -10,9 +10,20 @@
 
 Fill out the "token" field in `deployments/concourse/concourse.yml` with root token received from `vault init`.
 
-Deploy Concourse
+Deploy Concourse by running the script with the required arguments
 ```
-./bin/concourse-deploy.sh
+./bin/concourse-deploy.sh *concourse_auth_password* *concourse_db_password* *vault_token*
+```
+
+### Connect GitHub oAuth
+
+To configure GitHub oAuth, you'll first need to [create](https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/registering-oauth-apps) a GitHub oAuth app.
+
+```
+fly set-team -n concourse \
+    --github-auth-client-id D \
+    --github-auth-client-secret $CLIENT_SECRET \
+    --github-auth-team concourse/Pivotal
 ```
 
 ### Test

data/tpl/aws/docs/kops.md

@@ -0,0 +1,38 @@
+#### KOPS
+
+### Prerequisites
+
+- [kubectl](https://github.com/kubernetes/kops/blob/master/docs/install.md#kubectl) installed
+- [kops](https://github.com/kubernetes/kops/blob/master/docs/install.md) client installed
+- SSH key generated(needed for accessing cluster's master)
+- Amazon S3 bucket for storing cluster's state created
+- Route 53 domain for cluster access
+- IAM user with correct policies:
+     - AmazonEC2FullAccess
+     - AmazonRoute53FullAccess
+     - AmazonS3FullAccess
+     - IAMFullAccess
+     - AmazonVPCFullAccess
+
+### Setup
+
+Export AWS access keys and ID if you didn't before
+```
+export AWS_ACCESS_KEY_ID=<access key>
+export AWS_SECRET_ACCESS_KEY=<secret key>
+```
+
+Create cluster configuration
+```
+kops create cluster --name *kops.example.com* --state "s3://kops-example-state-store" --zones *eu-central-1b* --ssh-public-key *path to SSH key*
+```
+
+Review and edit cluster configuration if needed
+```
+kops edit cluster --name *kops.example.com* --state "s3://kops-example-state-store"
+```
+
+Build the cluster
+```
+kops update cluster --name *kops.example.com* --state "s3://kops-example-state-store" --yes
+```

data/tpl/aws/docs/vault.md

@@ -16,7 +16,7 @@ To deploy Vault, use `./bin/vault-deploy.sh`
 
 ### Connection
 
-- Export your Vault's IP using `export VAULT_ADDR=*vault_ip*`
+- Export your Vault's IP using `export VAULT_ADDR=http://*vault_ip*:8200`
 - Run `vault init` to initialize the vault
 - Store the keys displayed after init
 - Unseal the vault by running `vault unseal` three times using three keys from the previous step
@@ -31,3 +31,5 @@ To deploy Vault, use `./bin/vault-deploy.sh`
 Before using Vault with Concourse you should mount a secrets backend with `vault mount -path=concourse kv`
 
 To add new secrets accessible for Concourse use `vault write concourse/main/*secret_name* value="*secret_value*"`
+
+#### It's recommended to create a separate token for Concourse by using `vault token-create`

data/tpl/gcp/README.md

@@ -7,11 +7,15 @@ Set path to your service account credentials:
 export GOOGLE_CREDENTIALS=*~/credentials/service-account.json*
 ```
 
+
 Apply terraform code
 ```
 pushd terraform && terraform init && terraform apply && popd
 ```
 
+[Note]
+To destroy Bastion later, use `terraform destroy -target google_compute_instance.bastion`
+
 Render BOSH manifest and related files
 ```
 kite render manifest bosh --cloud gcp

data/tpl/gcp/bin/base/cleanup.sh.tt

@@ -17,4 +17,4 @@ bosh delete-env deployments/bosh/bosh.yml \
 pushd terraform && terraform destroy && popd
 
 # Remove files generated by kite
-rm -rf terraform deployments config/{creds.yml,bosh_vars.yml,jumpbox.key} bin/*.sh
+rm -rf terraform deployments docs config/{creds.yml,bosh_vars.yml,jumpbox.key} bin/*.sh

data/tpl/gcp/bin/concourse-deploy.sh.tt

@@ -8,4 +8,4 @@ bosh -e <%= @values['bosh']['name'] %> upload-release https://github.com/concour
 bosh -e <%= @values['bosh']['name'] %> upload-release https://github.com/concourse/concourse/releases/download/v3.4.1/garden-runc-1.6.0.tgz
 
 # Deploy Concourse
-bosh -e <%= @values['bosh']['name'] %> -d concourse deploy deployments/concourse/concourse.yml
+bosh -e <%= @values['bosh']['name'] %> -d concourse deploy deployments/concourse/concourse.yml -v auth_password=$1  -v db_password=$2 -v vault_token=$3

data/tpl/gcp/bin/vault-deploy.sh.tt

@@ -2,9 +2,6 @@
 
 set -xe
 
-# Render Concourse-related files
-kite render manifest vault --cloud gcp
-
 # Upload necessary stemcells and releases
 bosh -e <%= @values['bosh']['name'] %> upload-stemcell https://s3.amazonaws.com/bosh-core-stemcells/google/bosh-stemcell-3445.7-google-kvm-ubuntu-trusty-go_agent.tgz
 bosh -e <%= @values['bosh']['name'] %> upload-release https://bosh.io/d/github.com/cloudfoundry-community/vault-boshrelease

data/tpl/gcp/deployments/bosh/cloud-config.yml.tt

@@ -46,6 +46,8 @@ networks:
         subnetwork_name: <%= @values['gcp']['subnet_name'] %>
         ephemeral_external_ip: false
         tags:
+          - no-ip
+          - platform-internal
           - concourse-public
           - concourse-internal
 

data/tpl/gcp/deployments/concourse/concourse.yml.tt

@@ -25,13 +25,13 @@ instance_groups:
       bind_port: 80
       external_url: <%= @values['concourse']['url'] %>
       basic_auth_username: <%= @values['concourse']['auth_username'] %>
-      basic_auth_password: <%= @values['concourse']['auth_password'] %>
+      basic_auth_password: ((auth_password))
       publicly_viewable: true
 
       vault:
         auth:
           backend: token
-          client_token: "your Vault root token here"
+          client_token: ((vault_token))
         path_prefix: /concourse
         url: "http://<%= @private_subnet[11] %>:8200" # expecting Vault to be deployed first
 
@@ -55,7 +55,7 @@ instance_groups:
       databases:
       - name: *atc_db
         role: admin
-        password: <%= @values['concourse']['db_password'] %>
+        password: ((db_password))
 
 - name: worker
   instances: 1

data/tpl/gcp/docs/concourse.md

@@ -10,9 +10,20 @@
 
 Fill out the "token" field in `deployments/concourse/concourse.yml` with root token received from `vault init`.
 
-Deploy Concourse
+Deploy Concourse by running the script with the required arguments
 ```
-./bin/concourse-deploy.sh
+./bin/concourse-deploy.sh *concourse_auth_password* *concourse_db_password* *vault_token*
+```
+
+### Connect GitHub oAuth
+
+To configure GitHub oAuth, you'll first need to [create](https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/registering-oauth-apps) a GitHub oAuth app.
+
+```
+fly set-team -n concourse \
+    --github-auth-client-id D \
+    --github-auth-client-secret $CLIENT_SECRET \
+    --github-auth-team concourse/Pivotal
 ```
 
 ### Test

data/tpl/gcp/docs/vault.md

@@ -16,7 +16,7 @@ To deploy Vault, use `./bin/vault-deploy.sh`
 
 ### Connection
 
-- Export your Vault's IP using `export VAULT_ADDR=*vault_ip*`
+- Export your Vault's IP using `export VAULT_ADDR=http://*vault_ip*:8200`
 - Run `vault init` to initialize the vault
 - Store the keys displayed after init
 - Unseal the vault by running `vault unseal` three times using three keys from the previous step
@@ -31,3 +31,5 @@ To deploy Vault, use `./bin/vault-deploy.sh`
 Before using Vault with Concourse you should mount a secrets backend with `vault mount -path=concourse kv`
 
 To add new secrets accessible for Concourse use `vault write concourse/main/*secret_name* value="*secret_value*"`
+
+#### It's recommended to create a separate token for Concourse by using `vault token-create`

data/tpl/gcp/terraform/main.tf

@@ -2,6 +2,7 @@ provider "google" {
   credentials = "${file("${var.credentials}")}"
   project = "${var.project}"
   region = "${var.region}"
+  version = "= 0.1.3"
 }
 
 # Allow SSH to Platform Bastion

data/tpl/skel/README.md.tt

@@ -1,4 +1,4 @@
 ## Generate a new cloud
 ```
-kite generate --cloud=<CLOUD_NAME>
+kite generate cloud --provider=<CLOUD_PROVIDER>
 ```

data/tpl/skel/config/cloud.yml

@@ -39,5 +39,3 @@ concourse:
   hostname: "concourse.example.com"
   url: "http://concourse.example.com"
   auth_username: "concourse"
-  auth_password: "concourse"
-  db_password: "concourse"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kite
 version: !ruby/object:Gem::Version
-  version: 0.0.9
+  version: 0.1.0
 platform: ruby
 authors:
 - Louis Bellet
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-09-29 00:00:00.000000000 Z
+date: 2017-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -143,6 +143,7 @@ files:
 - tpl/aws/deployments/vault/vault.yml.erb
 - tpl/aws/docs/bosh.md
 - tpl/aws/docs/concourse.md
+- tpl/aws/docs/kops.md
 - tpl/aws/docs/vault.md
 - tpl/aws/terraform/main.tf.tt
 - tpl/aws/terraform/network.tf.tt