kite 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +2 -0
- data/CHANGELOG.md +18 -1
- data/Dockerfile +30 -9
- data/Makefile +21 -9
- data/README.md +9 -0
- data/bin/concourse/check +12 -0
- data/bin/concourse/in +12 -0
- data/bin/concourse/out +46 -0
- data/config/pipelines/review.yml +158 -0
- data/config/pipelines/tasks/create-pull-requests-tag.yml +13 -0
- data/config/pipelines/tasks/create-repository-tag.yml +13 -0
- data/config/pipelines/tasks/run-master-tests.yml +12 -0
- data/config/pipelines/tasks/run-pr-tests.yml +12 -0
- data/kite.gemspec +1 -1
- data/lib/kite/generate.rb +39 -0
- data/lib/kite/helpers/concourse.rb +36 -0
- data/lib/kite/render.rb +68 -2
- data/lib/kite/version.rb +1 -1
- data/tpl/aws/README.md +20 -0
- data/tpl/aws/bin/concourse-deploy.sh.tt +4 -1
- data/tpl/aws/bin/ingress-deploy.sh.tt +7 -0
- data/tpl/aws/bin/ingress-update.sh.tt +7 -0
- data/tpl/aws/bin/kops-delete.sh.erb +5 -0
- data/tpl/aws/bin/kops-deploy.sh.erb +11 -0
- data/tpl/aws/bin/oauth-deploy.sh.tt +17 -0
- data/tpl/aws/bin/prometheus-deploy.sh.tt +23 -0
- data/tpl/aws/bosh-vars.yml.erb +1 -0
- data/tpl/aws/config/oauth.yml +59 -0
- data/tpl/aws/deployments/bosh/cloud-config.yml.tt +17 -1
- data/tpl/aws/deployments/concourse/concourse.yml.tt +6 -0
- data/tpl/aws/deployments/ingress/ingress.yml.erb +78 -0
- data/tpl/aws/deployments/oauth/oauth.yml.tt +95 -0
- data/tpl/aws/deployments/prometheus/monitor-bosh.yml +518 -0
- data/tpl/aws/deployments/prometheus/monitor-kubernetes.yml +30 -0
- data/tpl/aws/deployments/prometheus/prometheus.yml.tt +184 -0
- data/tpl/aws/docs/concourse.md +2 -2
- data/tpl/aws/docs/ingress.md +14 -0
- data/tpl/aws/docs/kops.md +5 -8
- data/tpl/aws/docs/oauth.md +24 -0
- data/tpl/aws/docs/prometheus.md +31 -0
- data/tpl/aws/terraform/kite_bucket.tf +8 -0
- data/tpl/aws/terraform/network.tf.tt +27 -0
- data/tpl/aws/terraform/outputs.tf +4 -0
- data/tpl/aws/terraform/terraform.tfvars.tt +1 -0
- data/tpl/aws/terraform/variables.tf +4 -0
- data/tpl/gcp/README.md +19 -3
- data/tpl/gcp/bin/base/setup-tunnel.sh.tt +8 -3
- data/tpl/gcp/bin/bosh-install.sh.tt +4 -0
- data/tpl/gcp/bin/concourse-deploy.sh.tt +4 -1
- data/tpl/gcp/bin/ingress-deploy.sh.tt +7 -0
- data/tpl/gcp/bin/ingress-update.sh.tt +7 -0
- data/tpl/gcp/bin/oauth-deploy.sh.tt +19 -0
- data/tpl/gcp/bin/prometheus-deploy.sh.tt +23 -0
- data/tpl/gcp/bin/vault-deploy.sh.tt +1 -1
- data/tpl/gcp/bosh-vars.yml.erb +1 -0
- data/tpl/gcp/config/oauth.yml +59 -0
- data/tpl/gcp/deployments/bosh/cloud-config.yml.tt +17 -3
- data/tpl/gcp/deployments/concourse/concourse.yml.tt +15 -5
- data/tpl/gcp/deployments/ingress/ingress.yml.erb +111 -0
- data/tpl/gcp/deployments/oauth/oauth.yml.tt +95 -0
- data/tpl/gcp/deployments/prometheus/monitor-bosh.yml +518 -0
- data/tpl/gcp/deployments/prometheus/monitor-kubernetes.yml +30 -0
- data/tpl/gcp/deployments/prometheus/prometheus.yml +183 -0
- data/tpl/gcp/docs/bosh.md +5 -0
- data/tpl/gcp/docs/concourse.md +3 -3
- data/tpl/gcp/docs/ingress.md +12 -0
- data/tpl/gcp/docs/oauth.md +24 -0
- data/tpl/gcp/docs/prometheus.md +27 -0
- data/tpl/gcp/docs/vault.md +2 -1
- data/tpl/gcp/terraform/main.tf +6 -1
- data/tpl/gcp/terraform/outputs.tf +4 -0
- data/tpl/service/%output_path%/charts/%app_name%/Chart.yaml.tt +4 -0
- data/tpl/service/%output_path%/charts/%app_name%/templates/NOTES.txt.tt +19 -0
- data/tpl/service/%output_path%/charts/%app_name%/templates/_helpers.tpl +16 -0
- data/tpl/service/%output_path%/charts/%app_name%/templates/deployment.yaml +37 -0
- data/tpl/service/%output_path%/charts/%app_name%/templates/ingress.yaml +32 -0
- data/tpl/service/%output_path%/charts/%app_name%/templates/service.yaml +19 -0
- data/tpl/service/%output_path%/charts/%app_name%/values.yaml.tt +37 -0
- data/tpl/service/%output_path%/environments/.keep +0 -0
- data/tpl/service/%output_path%/pipelines/review.yml.tt +189 -0
- data/tpl/service/%output_path%/pipelines/tasks/create-pull-requests-tag.yml.tt +13 -0
- data/tpl/service/%output_path%/pipelines/tasks/create-repository-tag.yml.tt +13 -0
- data/tpl/service/%output_path%/pipelines/tasks/helm-deploy.yml.tt +22 -0
- data/tpl/service/%output_path%/pipelines/tasks/run-master-tests.yml.tt +12 -0
- data/tpl/service/%output_path%/pipelines/tasks/run-pr-tests.yml.tt +12 -0
- data/tpl/service/Dockerfile.tt +4 -0
- data/tpl/service/Makefile.tt +28 -0
- data/tpl/service/VERSION.tt +1 -0
- data/tpl/service/docs/pipeline.md.tt +58 -0
- data/tpl/skel/config/cloud.yml +30 -5
- metadata +58 -5
- data/tpl/gcp/deployments/nginx/nginx.yml.erb +0 -62
data/kite.gemspec
CHANGED
@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
|
|
17
17
|
f.match(%r{^(test|spec|features)/})
|
18
18
|
end
|
19
19
|
spec.bindir = "bin"
|
20
|
-
spec.executables =
|
20
|
+
spec.executables = ["kite"]
|
21
21
|
spec.require_paths = ["lib"]
|
22
22
|
|
23
23
|
spec.add_dependency "thor"
|
data/lib/kite/generate.rb
CHANGED
@@ -17,9 +17,13 @@ module Kite
|
|
17
17
|
copy_file('aws/docs/kops.md', 'docs/kops.md')
|
18
18
|
|
19
19
|
directory('aws/bin/base', 'bin')
|
20
|
+
template('aws/bin/kops-deploy.sh.erb', 'bin/kops-deploy.sh')
|
21
|
+
template('aws/bin/kops-delete.sh.erb', 'bin/kops-delete.sh')
|
20
22
|
chmod('bin/bootstrap.sh', 0755)
|
21
23
|
chmod('bin/cleanup.sh', 0755)
|
22
24
|
chmod('bin/setup-tunnel.sh', 0755)
|
25
|
+
chmod('bin/kops-deploy.sh', 0755)
|
26
|
+
chmod('bin/kops-delete.sh', 0755)
|
23
27
|
|
24
28
|
when 'gcp'
|
25
29
|
directory('gcp/terraform', 'terraform')
|
@@ -42,5 +46,40 @@ module Kite
|
|
42
46
|
def task()
|
43
47
|
say "Generating task #{ options[:name] } IaC", :green
|
44
48
|
end
|
49
|
+
|
50
|
+
method_option :git, type: :string, desc: "Git repository", required: true
|
51
|
+
method_option :name, type: :string, desc: "Name of the service", required: false
|
52
|
+
method_option :image, type: :string, desc: "Docker image full name", required: true
|
53
|
+
method_option :output, type: :string, desc: "Config output sub-directory", default: "config"
|
54
|
+
method_option :slack, type: :string, desc: "Slack notifications", requied: false, default: nil
|
55
|
+
method_option :provider, type: :string, desc: "Cloud provider", enum: %w{aws gcp}, required: false, default: nil
|
56
|
+
method_option :image_version, type: :string, desc: "Docker image tag", required: false, default: '0.1.0'
|
57
|
+
method_option :chart_version, type: :string, desc: "Chart version", required: false, default: '0.1.0'
|
58
|
+
desc "service NAME", "Generate new micro-service pipeline"
|
59
|
+
def service(path)
|
60
|
+
@name = options[:name] || File.basename(File.expand_path(path))
|
61
|
+
@title = @name.split(/\W/).map(&:capitalize).join(' ')
|
62
|
+
@git = options[:git]
|
63
|
+
@image = options[:image]
|
64
|
+
@provider = options[:provider]
|
65
|
+
@output = options[:output]
|
66
|
+
@slack = options[:slack]
|
67
|
+
@image_version = options[:image_version]
|
68
|
+
@chart_version = options[:chart_version]
|
69
|
+
|
70
|
+
say "Generating service #{ @name }", :green
|
71
|
+
directory('service', path)
|
72
|
+
end
|
73
|
+
|
74
|
+
no_commands do
|
75
|
+
def output_path
|
76
|
+
@output ||= "config"
|
77
|
+
end
|
78
|
+
|
79
|
+
def app_name
|
80
|
+
@name ||= "app-name"
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
45
84
|
end
|
46
85
|
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
require 'json'
|
2
|
+
require 'open3'
|
3
|
+
|
4
|
+
module Kite
|
5
|
+
module Helpers
|
6
|
+
# Helpers for concourse scripts
|
7
|
+
module Concourse
|
8
|
+
def self.params(data)
|
9
|
+
JSON.parse data
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.log(msg)
|
13
|
+
msg.split("\n").each { |line| $stderr.puts("[LOG] --- #{line}") }
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.respond(data)
|
17
|
+
# keep only valid concourse values
|
18
|
+
data.select! { |k, _| k.to_s =~ /(version|metadata)/ }
|
19
|
+
puts JSON.dump(data)
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.fatal(message)
|
23
|
+
respond(version: { status: 'error' }, metadata: [message])
|
24
|
+
exit 1
|
25
|
+
end
|
26
|
+
|
27
|
+
def self.execute(command, env = {})
|
28
|
+
log("+ #{ command }")
|
29
|
+
Open3.popen2e(env, command) do |stdin, stdout, wait_thr|
|
30
|
+
::Kite::Helpers::Concourse.log(stdout.read)
|
31
|
+
return wait_thr.value.exitstatus.zero?
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
data/lib/kite/render.rb
CHANGED
@@ -4,20 +4,62 @@ module Kite
|
|
4
4
|
|
5
5
|
include Kite::Helpers
|
6
6
|
|
7
|
+
no_commands do
|
8
|
+
def ingress_db_file
|
9
|
+
"config/ingress.yml"
|
10
|
+
end
|
11
|
+
|
12
|
+
def ingress_db
|
13
|
+
@db ||= YAML.load(File.read(ingress_db_file)) rescue {}
|
14
|
+
end
|
15
|
+
|
16
|
+
def ingress_db_save!
|
17
|
+
create_file ingress_db_file, YAML.dump(ingress_db), force: true
|
18
|
+
end
|
19
|
+
|
20
|
+
def ingress_add_entry(hostname, upstreams, args = {})
|
21
|
+
raise "upstreams argument should be an array" unless upstreams.is_a?(Array)
|
22
|
+
args[:port] ||= 80
|
23
|
+
args[:protocol] ||= "http"
|
24
|
+
ingress_db[hostname] = {
|
25
|
+
upstreams: upstreams,
|
26
|
+
port: args[:port],
|
27
|
+
protocol: args[:protocol],
|
28
|
+
}
|
29
|
+
ingress_db_save!
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
7
33
|
desc "manifest <type>", "Renders a manifest of selected type"
|
34
|
+
long_desc <<-LONGDESC
|
35
|
+
Available types:
|
36
|
+
\x5 BOSH Render Bosh environement
|
37
|
+
\x5 CONCOURSE Render Concourse deployment
|
38
|
+
\x5 VAULT Render Vault deployment
|
39
|
+
\x5 INGRESS Render Ingress deployment
|
40
|
+
\x5 PROMETHEUS Render Prometheus deployment
|
41
|
+
\x5 OAUTH Render OAuth (UAA) deployment
|
42
|
+
LONGDESC
|
8
43
|
method_option :cloud, type: :string, desc: "Cloud provider", enum: %w{aws gcp}, required: true
|
9
44
|
# Render a manifest of selected type based on <b>config/cloud.yml</b> and <b>terraform apply</b> results
|
10
45
|
def manifest(type)
|
46
|
+
type = type.downcase
|
11
47
|
say "Rendering #{type} manifest", :green
|
12
48
|
@values = parse_cloud_config
|
13
49
|
@tf_output = parse_tf_state('terraform/terraform.tfstate') if options[:cloud] == 'aws'
|
14
50
|
|
15
51
|
if options[:cloud] == 'aws'
|
16
52
|
@private_subnet = IPAddr.new(@values['aws']['private_subnet']['network']).to_range.to_a
|
53
|
+
@public_subnet = IPAddr.new(@values['aws']['public_subnet']['network']).to_range.to_a
|
17
54
|
else
|
18
55
|
@private_subnet = IPAddr.new(@values['gcp']['subnet_cidr']).to_range.to_a
|
19
56
|
end
|
20
57
|
|
58
|
+
@static_ip_vault = @private_subnet[11].to_s
|
59
|
+
@static_ips_concourse = [@private_subnet[12]].map(&:to_s)
|
60
|
+
@static_ip_prometheus_stack = @private_subnet[18].to_s
|
61
|
+
@static_ip_oauth = @private_subnet[23].to_s
|
62
|
+
|
21
63
|
case type
|
22
64
|
when "bosh"
|
23
65
|
directory("#{options[:cloud]}/deployments/bosh", 'deployments/bosh')
|
@@ -31,15 +73,39 @@ module Kite
|
|
31
73
|
copy_file("#{options[:cloud]}/docs/concourse.md", "docs/concourse.md")
|
32
74
|
template("#{options[:cloud]}/bin/concourse-deploy.sh.tt", "bin/concourse-deploy.sh")
|
33
75
|
chmod('bin/concourse-deploy.sh', 0755)
|
76
|
+
ingress_add_entry(@values['concourse']['hostname'], @static_ips_concourse, port: 8080)
|
34
77
|
|
35
78
|
when "vault"
|
36
79
|
template("#{options[:cloud]}/deployments/vault/vault.yml.erb", "deployments/vault/vault.yml")
|
37
80
|
copy_file("#{options[:cloud]}/docs/vault.md", "docs/vault.md")
|
38
81
|
template("#{options[:cloud]}/bin/vault-deploy.sh.tt", "bin/vault-deploy.sh")
|
39
82
|
chmod('bin/vault-deploy.sh', 0755)
|
83
|
+
ingress_add_entry(@values['vault']['hostname'], [@static_ip_vault], port: 8200)
|
84
|
+
|
85
|
+
when "ingress"
|
86
|
+
template("#{options[:cloud]}/deployments/ingress/ingress.yml.erb", "deployments/ingress/ingress.yml")
|
87
|
+
copy_file("#{options[:cloud]}/docs/ingress.md", "docs/ingress.md")
|
88
|
+
template("#{options[:cloud]}/bin/ingress-deploy.sh.tt", "bin/ingress-deploy.sh")
|
89
|
+
template("#{options[:cloud]}/bin/ingress-update.sh.tt", "bin/ingress-update.sh")
|
90
|
+
chmod('bin/ingress-deploy.sh', 0755)
|
91
|
+
chmod('bin/ingress-update.sh', 0755)
|
92
|
+
|
93
|
+
when "prometheus"
|
94
|
+
directory("#{options[:cloud]}/deployments/prometheus", "deployments/prometheus")
|
95
|
+
copy_file("#{options[:cloud]}/docs/prometheus.md", "docs/prometheus.md")
|
96
|
+
template("#{options[:cloud]}/bin/prometheus-deploy.sh.tt", "bin/prometheus-deploy.sh")
|
97
|
+
chmod('bin/prometheus-deploy.sh', 0755)
|
98
|
+
ingress_add_entry(@values['alertmanager']['hostname'], [@static_ip_prometheus_stack], port: 9093)
|
99
|
+
ingress_add_entry(@values['grafana']['hostname'], [@static_ip_prometheus_stack], port: 3000)
|
100
|
+
ingress_add_entry(@values['prometheus']['hostname'], [@static_ip_prometheus_stack], port: 9090)
|
40
101
|
|
41
|
-
when "
|
42
|
-
|
102
|
+
when "oauth"
|
103
|
+
directory("#{options[:cloud]}/deployments/oauth", "deployments/oauth")
|
104
|
+
copy_file("#{options[:cloud]}/config/oauth.yml", "config/oauth.yml")
|
105
|
+
template("#{options[:cloud]}/docs/oauth.md", "docs/oauth.md")
|
106
|
+
template("#{options[:cloud]}/bin/oauth-deploy.sh.tt", "bin/oauth-deploy.sh")
|
107
|
+
chmod('bin/oauth-deploy.sh', 0755)
|
108
|
+
ingress_add_entry(@values['oauth']['hostname'], [@static_ip_oauth], port: 8080)
|
43
109
|
|
44
110
|
else
|
45
111
|
say "Manifest type not specified"
|
data/lib/kite/version.rb
CHANGED
data/tpl/aws/README.md
CHANGED
@@ -17,6 +17,26 @@ kite render manifest bosh --cloud aws
|
|
17
17
|
|
18
18
|
Prepare BOSH environment using instructions from [docs/bosh.md](docs/bosh.md)
|
19
19
|
|
20
|
+
[Optional]
|
21
|
+
If you want to access components outside of your VPC, use the Ingress deployment:
|
22
|
+
|
23
|
+
Render Ingress deployment files
|
24
|
+
```
|
25
|
+
kite render manifest prometheus --cloud aws
|
26
|
+
```
|
27
|
+
|
28
|
+
Follow instructions from [docs/prometheus.md](docs/prometheus.md) to deploy Prometheus
|
29
|
+
|
30
|
+
[Note]
|
31
|
+
If you're using Ingress, create CNAME DNS records for each deployment as listed in `config/cloud.yml`(e.g. vault.example.com pointing to ingress.example.com)
|
32
|
+
|
33
|
+
Render Prometheus deployment files
|
34
|
+
```
|
35
|
+
kite render manifest prometheus --cloud aws
|
36
|
+
```
|
37
|
+
|
38
|
+
Follow instructions from [docs/prometheus.md](docs/prometheus.md) to deploy Prometheus
|
39
|
+
|
20
40
|
Render Vault deployment
|
21
41
|
```
|
22
42
|
kite render manifest vault --cloud aws
|
@@ -8,4 +8,7 @@ bosh -e <%= @values['bosh']['name'] %> upload-release https://bosh.io/d/github.c
|
|
8
8
|
bosh -e <%= @values['bosh']['name'] %> upload-release https://bosh.io/d/github.com/cloudfoundry-incubator/garden-runc-release
|
9
9
|
|
10
10
|
# Deploy Concourse
|
11
|
-
bosh -e <%= @values['bosh']['name'] %> -d concourse
|
11
|
+
bosh -e <%= @values['bosh']['name'] %> -d concourse \
|
12
|
+
deploy deployments/concourse/concourse.yml \
|
13
|
+
-v vault_token=$1 \
|
14
|
+
--vars-store config/creds.yml
|
@@ -0,0 +1,7 @@
|
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
|
3
|
+
set -xe
|
4
|
+
|
5
|
+
bosh -e <%= @values['bosh']['name'] %> upload-release https://github.com/cloudfoundry-community/nginx-release/releases/download/v1.12.1/nginx-1.12.1.tgz
|
6
|
+
|
7
|
+
bosh -e <%= @values['bosh']['name'] %> -d ingress deploy deployments/ingress/ingress.yml
|
@@ -0,0 +1,11 @@
|
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
|
3
|
+
set NAME=<%= @values['k8s']['cluster_address'] %>
|
4
|
+
set KOPS_STATE_STORE=s3://<%= @values['kite']['bucket_name'] %>
|
5
|
+
|
6
|
+
kops create cluster \
|
7
|
+
--zones <%= @values['aws']['zone'] %> \
|
8
|
+
--ssh-public-key <%= @values['kite']['public_key_path'] %> \
|
9
|
+
$NAME
|
10
|
+
|
11
|
+
kops update cluster $NAME --yes
|
@@ -0,0 +1,17 @@
|
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
|
3
|
+
set -xe
|
4
|
+
|
5
|
+
# Upload necessary stemcells and releases
|
6
|
+
bosh -e <%= @values['bosh']['name'] %> upload-stemcell \
|
7
|
+
https://bosh.io/d/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent
|
8
|
+
|
9
|
+
bosh -e <%= @values['bosh']['name'] %> upload-release \
|
10
|
+
https://bosh.io/d/github.com/cloudfoundry/uaa-release
|
11
|
+
|
12
|
+
# Deploy Concourse
|
13
|
+
bosh -e <%= @values['bosh']['name'] %> -d oauth deploy \
|
14
|
+
deployments/oauth/oauth.yml \
|
15
|
+
--vars-store config/creds.yml \
|
16
|
+
-o config/oauth.yml \
|
17
|
+
&& ./bin/ingress-update.sh
|
@@ -0,0 +1,23 @@
|
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
|
3
|
+
set -xe
|
4
|
+
|
5
|
+
# Upload necessary stemcells and releases
|
6
|
+
bosh -e <%= @values['bosh']['name'] %> upload-stemcell https://bosh.io/d/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent
|
7
|
+
|
8
|
+
# Extract BOSH Director's SSL certificate
|
9
|
+
bosh int ./config/creds.yml --path /director_ssl/certificate > bosh.ca
|
10
|
+
|
11
|
+
# Deploy Prometheus
|
12
|
+
bosh -e <%= @values['bosh']['name'] %> -d prometheus \
|
13
|
+
deploy deployments/prometheus/prometheus.yml \
|
14
|
+
--vars-store config/creds.yml \
|
15
|
+
-o deployments/prometheus/monitor-kubernetes.yml \
|
16
|
+
--vars-file config/bosh-vars.yml \
|
17
|
+
--var-file kubernetes_kubeconfig=<%= @values['k8s']['config_path'] %> \
|
18
|
+
-o deployments/prometheus/monitor-bosh.yml \
|
19
|
+
-v bosh_url=<%= @values['bosh']['static_ip'] %> \
|
20
|
+
-v bosh_username=admin \
|
21
|
+
-v bosh_password=`bosh int ./config/creds.yml --path /admin_password` \
|
22
|
+
--var-file bosh_ca_cert=bosh.ca \
|
23
|
+
-v metrics_environment=kite
|
data/tpl/aws/bosh-vars.yml.erb
CHANGED
@@ -9,3 +9,4 @@ az: <%= @values['aws']['zone'] %>
|
|
9
9
|
default_key_name: <%= @values['kite']['keypair_name'] %>
|
10
10
|
default_security_groups: [<%= @tf_output['security_group_id'] %>]
|
11
11
|
subnet_id: <%= @tf_output['platform_subnet_id'] %>
|
12
|
+
kubernetes_apiserver: <%= @values['aws']['kops_api_server_address'] %>
|
@@ -0,0 +1,59 @@
|
|
1
|
+
# Groups
|
2
|
+
- type: replace
|
3
|
+
path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/scim?/groups?
|
4
|
+
value: { }
|
5
|
+
# sysops: For automation stuff
|
6
|
+
|
7
|
+
# Users
|
8
|
+
- type: replace
|
9
|
+
path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/scim?/users?
|
10
|
+
value: [ ]
|
11
|
+
# - email: sysops@example.com
|
12
|
+
# password: changeme
|
13
|
+
# name: sysops
|
14
|
+
# firstName: Sys
|
15
|
+
# lastName: Ops
|
16
|
+
# origin: uaa
|
17
|
+
# groups:
|
18
|
+
# - sysops
|
19
|
+
|
20
|
+
# OAuth clients
|
21
|
+
- type: replace
|
22
|
+
path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients?
|
23
|
+
value: { }
|
24
|
+
# some-app:
|
25
|
+
# app-icon: 0000000000000000000000000000000000000000000000000000000000000000
|
26
|
+
# app-launch-url: http://myapppage.com
|
27
|
+
# authorities: test_resource.test_action
|
28
|
+
# authorized-grant-types: authorization_code,client_credentials,refresh_token
|
29
|
+
# autoapprove:
|
30
|
+
# - test_resource.test_action
|
31
|
+
# - test_resource.other_action
|
32
|
+
# id: app
|
33
|
+
# override: true
|
34
|
+
# redirect-uri: http://login.example.com
|
35
|
+
# scope: test_resource.test_action,test_resource.other_action
|
36
|
+
# secret: app-secret
|
37
|
+
# show-on-homepage: true
|
38
|
+
|
39
|
+
# UAA theming
|
40
|
+
- type: replace
|
41
|
+
path: /instance_groups/name=uaa/jobs/name=uaa/properties/login/branding?
|
42
|
+
value: { }
|
43
|
+
# banner:
|
44
|
+
# backgroundColor: "#eeeeee"
|
45
|
+
# link: "https://example.com/logo.png"
|
46
|
+
# text: "Hello!"
|
47
|
+
# textColor: "#333333"
|
48
|
+
# company_name: "Company Name"
|
49
|
+
# footer_legal_text: "© 2017. Company Name. All right reserved."
|
50
|
+
|
51
|
+
# Email notifications
|
52
|
+
- type: replace
|
53
|
+
path: /instance_groups/name=uaa/jobs/name=uaa/properties/login/smtp?
|
54
|
+
value: { }
|
55
|
+
# auth: false
|
56
|
+
# from_address: hello@example.com
|
57
|
+
# host: localhost
|
58
|
+
# port: 2525
|
59
|
+
# starttls: false
|
@@ -39,6 +39,11 @@ vm_types:
|
|
39
39
|
instance_type: t2.micro
|
40
40
|
ephemeral_disk: {size: 3000, type: gp2}
|
41
41
|
security_groups: [vault-sg, bosh_sg]
|
42
|
+
- name: ingress_default
|
43
|
+
cloud_properties:
|
44
|
+
instance_type: t2.micro
|
45
|
+
ephemeral_disk: {size: 3000, type: gp2}
|
46
|
+
security_groups: [ingress-sg, bosh_sg]
|
42
47
|
|
43
48
|
disk_types:
|
44
49
|
- name: default
|
@@ -49,6 +54,17 @@ disk_types:
|
|
49
54
|
cloud_properties: {type: gp2}
|
50
55
|
|
51
56
|
networks:
|
57
|
+
- name: platform_dmz
|
58
|
+
type: manual
|
59
|
+
subnets:
|
60
|
+
- az: z1
|
61
|
+
range: <%= @values['aws']['public_subnet']['network'] %>
|
62
|
+
gateway: <%= @values['aws']['public_subnet']['gateway'] %>
|
63
|
+
reserved: [<%= ip_range(@public_subnet, (1..10)) %>] # Reserved range for the gateway, BOSH Director etc
|
64
|
+
# static: [<%= ip_range(@public_subnet, (11..16)) %>] # Static IP range for Vault, Concourse web panel, nginx etc
|
65
|
+
dns: [<%= @public_subnet[8].to_s %>]
|
66
|
+
cloud_properties: {subnet: <%= @tf_output['dmz_subnet_id'] %>}
|
67
|
+
|
52
68
|
- name: platform_net
|
53
69
|
type: manual
|
54
70
|
subnets:
|
@@ -56,7 +72,7 @@ networks:
|
|
56
72
|
range: <%= @values['aws']['private_subnet']['network'] %>
|
57
73
|
gateway: <%= @values['aws']['private_subnet']['gateway'] %>
|
58
74
|
reserved: [<%= ip_range(@private_subnet, (1..10)) %>] # Reserved range for the gateway, BOSH Director etc
|
59
|
-
static: [<%= ip_range(@private_subnet, (11..
|
75
|
+
static: [<%= ip_range(@private_subnet, (11..20)) %>] # Static IP range for Vault, Concourse web panel, nginx etc
|
60
76
|
dns: [<%= @private_subnet[8].to_s %>]
|
61
77
|
cloud_properties: {subnet: <%= @tf_output['platform_subnet_id'] %>}
|
62
78
|
- name: vip
|