kite 0.1.0 → 0.2.0

data/tpl/service/%output_path%/charts/%app_name%/templates/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "fullname" . }}
+  labels:
+    app: {{ template "name" . }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.externalPort }}
+      targetPort: {{ .Values.service.internalPort }}
+      protocol: TCP
+      name: {{ .Values.service.name }}
+  selector:
+    app: {{ template "name" . }}
+    release: {{ .Release.Name }}

data/tpl/service/%output_path%/charts/%app_name%/values.yaml.tt

@@ -0,0 +1,37 @@
+# Default values for <%= @name %>.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+replicaCount: 1
+image:
+  repository: <%= @image %>
+  tag: <%= @image_version %>
+  pullPolicy: IfNotPresent
+service:
+  name: <%= @name %>
+  type: ClusterIP
+  externalPort: 8080
+  internalPort: 8080
+ingress:
+  enabled: false
+  # Used to create Ingress record (should used with service.type: ClusterIP).
+  hosts:
+    - <%= @name %>.local
+  annotations:
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  tls:
+    # Secrets must be manually created in the namespace.
+    # - secretName: <%= @name %>-tls
+    #   hosts:
+    #     - <%= @name %>.local
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious 
+  # choice for the user. This also increases chances charts run on environments with little 
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following 
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  #requests:
+  #  cpu: 100m
+  #  memory: 128Mi

data/tpl/service/%output_path%/pipelines/review.yml.tt

@@ -0,0 +1,189 @@
+# Check `docs/pipeline.md` to get info about this file
+resource_types:
+<% unless @slack.nil? or @slack.empty? -%>
+  - name: slack-notification
+    type: docker-image
+    source:
+      repository: cfcommunity/slack-notification-resource
+      tag: latest
+<% end -%>
+  - name: pull-request
+    type: docker-image
+    source:
+      repository: jtarchie/pr
+
+resources:
+  - name: <%= @name %>-repository
+    type: git
+    source:
+      uri: <%= @git %>
+      branch: master
+      private_key: ((git_private_key))
+
+  - name: pull-requests
+    type: pull-request
+    source:
+      access_token: ((github_token))
+      base: master
+      private_key: ((git_private_key))
+      repo: <%= @git.gsub(/(.*:|.git)/, '').split('/').last(2).join('/') %>
+      uri: <%= @git %>
+
+  - name: <%= @name %>-image
+    type: docker-image
+    source:
+      repository: <%= @image %>
+      username: _json_key
+      password: ((gcr_password))
+<% unless @slack.nil? or @slack.empty? -%>
+  - name: slack-alert
+    type: slack-notification
+    source:
+      url: https://hooks.slack.com/services/((slack_webhook))
+<% end -%>
+
+jobs:
+  - name: pr-build
+    plan:
+      - get: pull-requests
+        trigger: true
+      - task: tag
+        file: pull-requests/<%= @output %>/pipelines/tasks/create-pull-requests-tag.yml
+      - put: <%= @name %>-image
+        params:
+          build: pull-requests
+          tag: tag/name
+
+  - name: pr-unit
+    serial: true
+    plan:
+      - get: pull-requests
+        passed: [pr-build]
+        trigger: true
+      - get: <%= @name %>-image
+        passed: [pr-build]
+        trigger: true
+      - put: pull-requests
+        params:
+          path: pull-requests
+          status: pending
+      - task: run-tests
+        file: pull-requests/<%= @output %>/pipelines/tasks/run-pr-tests.yml
+        on_success:
+          do:
+          - put: pull-requests
+            params:
+              path: pull-requests
+              status: success
+<% unless @slack.nil? or @slack.empty? -%>
+          - put: slack-alert
+            params:
+              channel: '#<%= @slack %>'
+              text: |
+                <%= @name %> PR tests have passed! :thumbsup_all:
+                Check it out at:
+                $ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME
+                or at:
+                $ATC_EXTERNAL_URL/builds/$BUILD_ID
+                see on github:
+                `cat pull-requests/.git/url`
+<% end -%>
+        on_failure:
+          do:
+          - put: pull-requests
+            params:
+              path: pull-requests
+              status: failure
+<% unless @slack.nil? or @slack.empty? -%>
+          - put: slack-alert
+            params:
+              channel: '#<%= @slack %>'
+              text: |
+                <%= @name %> PR tests have failed! :thumbsdown_all:
+                Check it out at:
+                $ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME
+                or at:
+                $ATC_EXTERNAL_URL/builds/$BUILD_ID
+                see on github:
+                `cat pull-requests/.git/url`
+<% end -%>
+
+  - name: master-build
+    serial: true
+    plan:
+      - get: <%= @name %>-repository
+        trigger: true
+      - task: tag
+        file: <%= @name %>-repository/<%= @output %>/pipelines/tasks/create-repository-tag.yml
+      - put: <%= @name %>-image
+        params:
+          build: <%= @name %>-repository
+          tag: tag/name
+<% unless @slack.nil? or @slack.empty? -%>
+      - put: slack-alert
+        params:
+          channel: '#<%= @slack %>'
+          text: |
+            <%= @name %> master branch was built and pushed!
+            Check it out at:
+            $ATC_EXTERNAL_URL/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME
+            or at:
+            $ATC_EXTERNAL_URL/builds/$BUILD_ID
+<% end -%>
+
+  - name: master-unit
+    serial: true
+    plan:
+      - get: <%= @name %>-repository
+        passed: [master-build]
+        trigger: true
+      - get: <%= @name %>-image
+        passed: [master-build]
+        trigger: true
+      - task: run-tests
+        file: <%= @name %>-repository/<%= @output %>/pipelines/tasks/run-master-tests.yml
+<% unless @slack.nil? or @slack.empty? -%>
+        on_success:
+          put: slack-alert
+          params:
+            channel: '#<%= @slack %>'
+            text: |
+              <%= @name %> master tests have passed! :thumbsup_all:
+              Check it out at:
+              $ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME
+              or at:
+              $ATC_EXTERNAL_URL/builds/$BUILD_ID
+
+        on_failure:
+          put: slack-alert
+          params:
+            channel: '#<%= @slack %>'
+            text: |
+              <%= @name %> master tests have failed! :thumbsdown_all:
+              Check it out at:
+              $ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME
+              or at:
+              $ATC_EXTERNAL_URL/builds/$BUILD_ID
+<% end -%>
+
+  - name: helm-deploy
+    serial: true
+    plan:
+      - get: <%= @name %>-repository
+      - task: helm-deploy
+        file: <%= @name %>-repository/<%= @output %>/pipelines/tasks/helm-deploy.yml
+        params:
+          GOOGLE_APPLICATION_JSON: ((gcr_password))
+          KUBECONFIG_FILE: ((kubeconfig))
+<% unless @slack.nil? or @slack.empty? -%>
+        on_success:
+          put: slack-alert
+          params:
+            channel: '#<%= @slack %>'
+            text: |
+              <%= @name %> deployment has succeeded! :thumbsup_all:
+              Check it out at:
+              $ATC_EXTERNAL_URL/teams/$BUILD_TEAM_NAME/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME
+              or at:
+              $ATC_EXTERNAL_URL/builds/$BUILD_ID
+<% end -%>

data/tpl/service/%output_path%/pipelines/tasks/create-pull-requests-tag.yml.tt

@@ -0,0 +1,13 @@
+---
+platform: linux
+image_resource:
+  type: docker-image
+  source:
+    repository: alpine/git
+run:
+  path: sh
+  args: ['-xc', 'cd pull-requests && git rev-parse --short=8 HEAD > ../tag/name']
+inputs:
+  - name: pull-requests
+outputs:
+  - name: tag

data/tpl/service/%output_path%/pipelines/tasks/create-repository-tag.yml.tt

@@ -0,0 +1,13 @@
+---
+platform: linux
+image_resource:
+  type: docker-image
+  source:
+    repository: alpine/git
+run:
+  path: sh
+  args: ['-xc', 'cd <%= @name %>-repository && git rev-parse --short=8 HEAD > ../tag/name']
+inputs:
+  - name: <%= @name %>-repository
+outputs:
+  - name: tag

data/tpl/service/%output_path%/pipelines/tasks/helm-deploy.yml.tt

@@ -0,0 +1,22 @@
+---
+platform: linux
+
+image_resource:
+  type: docker-image
+  source:
+    repository: heliostech/kite
+
+inputs:
+  - name: <%= @name %>-repository
+
+run:
+  path: "sh"
+  args:
+    - "-exc"
+    - |
+      helm init --client-only
+      echo ${GOOGLE_APPLICATION_JSON} > gcr_credentials.json
+      export GOOGLE_APPLICATION_CREDENTIALS="${PWD}/gcr_credentials.json"
+      echo ${KUBECONFIG_FILE} | tr -d ' ' | base64 -d > kubeconfig
+      export KUBECONFIG="${PWD}/kubeconfig"
+      helm install <%= @name %>-repository/.kite/charts/<%= @name %>

data/tpl/service/%output_path%/pipelines/tasks/run-master-tests.yml.tt

@@ -0,0 +1,12 @@
+---
+platform: linux
+image_resource:
+  type: docker-image
+  source:
+    repository: <%= @image %>
+    username: _json_key
+    password: ((gcr_password))
+
+run:
+  path: sh
+  args: ["-exc", "echo Success"]

data/tpl/service/%output_path%/pipelines/tasks/run-pr-tests.yml.tt

@@ -0,0 +1,12 @@
+---
+platform: linux
+image_resource:
+  type: docker-image
+  source:
+    repository: <%= @image %>
+    username: _json_key
+    password: ((gcr_password))
+
+run:
+  path: sh
+  args: ["-exc", "echo Success"]

data/tpl/service/Dockerfile.tt

@@ -0,0 +1,4 @@
+FROM nginx:1.13
+# MAINTAINER Some Name <email@<%= @name %>.com>
+
+RUN echo "Hello, <%= @title %>!" > /usr/share/nginx/html/index.html

data/tpl/service/Makefile.tt

@@ -0,0 +1,28 @@
+VERSION := $(shell cat VERSION)
+IMAGE   := <%= @image %>:$(VERSION)
+
+.PHONY: default build push run ci deploy
+
+default: build run
+
+build:
+	@echo '> Building "<%= @name %>" docker image...'
+	@docker build -t $(IMAGE) .
+
+push: build
+<% if @provider == 'gcp' -%>
+	gcloud docker -- push $(IMAGE)
+<% else -%>
+	docker push $(IMAGE)
+<% end -%>
+
+run:
+	@echo '> Starting "<%= @name %>" container...'
+	@docker run -d $(IMAGE)
+
+ci:
+	@fly -t ci set-pipeline -p <%= @name %> -c <%= @output %>/pipelines/review.yml -n
+	@fly -t ci unpause-pipeline -p <%= @name %>
+
+deploy: push
+	@helm install ./<%= @output %>/charts/<%= @name %> --set "image.tag=$(VERSION)"

data/tpl/service/VERSION.tt

@@ -0,0 +1 @@
+<%= @image_version %>

data/tpl/service/docs/pipeline.md.tt

@@ -0,0 +1,58 @@
+# <%= @title %> CI Documentation
+
+# About
+__Pipeline__ described in `<%= output_path %>/pipelines/review.yml`
+
+## Credentials overview
+
+  - git_private_key - RSA key with access to your repository
+  - github_token    - [Github token](https://github.com/settings/tokens) with access to web hooks
+  - gcr_password    - JSON containing your [GCP credentials](https://developers.google.com/identity/protocols/application-default-credentials)
+  - slack_webhook   - address of your [Slack Incoming Webhook](https://api.slack.com/incoming-webhooks)
+  - kubeconfig      - your Kubernetes config encoded in base64
+
+## Configurations overview
+
+A pipeline is configured with __three sections__:
+
+- `resource_types`
+- `resources`
+- `jobs`
+
+In `resource_types` added additional resource types used by pipeline.
+Each resource in a pipeline has a type. The resource's type determines what versions are detected, the bits that are fetched when used for a get step, and the side effect that occurs when used for a put step.
+Out of the box, Concourse comes with a few resource types to cover common CI use cases like dealing with Git repositories and S3 buckets.
+Here is `pull-request` type.
+
+In `resources` described objects that are going to be used for jobs in the pipeline. They are listed under the resources key in the pipeline configuration.
+
+In `jobs` described actions of pipeline, how resources progress through it, and how everything is visualized.
+
+## Configure jobs
+
+- `build-pull-request`
+    - set `trigger: true` to make a new build of the job when new pull request available
+    - configure `base: <branch_name>` to change which branch should be watched
+
+- `build-master`
+    - set `serial: true` to build and execute one-by-one, rather than executing in parallel
+    - set `trigger: true` to make a new build of the job when new version available on git.
+    - configure <%= @name %>-repository `uri` to change ssh link to your respository.
+    - configure <%= @name %>-repository `branch` to change building branch of your respository.
+
+# Getting stated
+
+## Login to concourse
+```shell
+fly -t ci login -n TEAM_NAME -c CONCOURSE_URL
+```
+
+## Create or update the pipeline
+```shell
+fly -t ci set-pipeline -p <%= @name %> -c <%= output_path %>/pipelines/review.yml -n
+```
+
+## Un-pause the pipeline
+```shell
+fly -t ci unpause-pipeline -p <%= @name %>
+```

data/tpl/skel/config/cloud.yml

@@ -2,7 +2,7 @@ kite:
   keypair_name: "kitekey"
   public_key_path: "~/.ssh/kite.key.pub"
   private_key_path: "~/.ssh/kite.key"
-  bucket_name: "kite-state"
+  bucket_name: "kite-state-project-example"
 
 aws:
   access_key: "enter your amazon key"
@@ -14,6 +14,7 @@ aws:
   vpc_id: "" # submit vpc id if you want to use an existing vpc
   public_subnet:
     name: "platform-dmz"
+    gateway: "10.0.10.1"
     network: "10.0.10.0/26"
     id: "" # submit id if you want to use an existing public subnet
   private_subnet:
@@ -24,18 +25,42 @@ aws:
 gcp:
   project: "gcp-project"
   region: "europe-west1"
-  zone: "europe-west1-b"
+  zone: "europe-west1-c"
   service_account: "~/safe/terraform.json"
   vpc_name: "platform-tools"
   subnet_name: "platform-net"
-  subnet_cidr: "10.0.0.0/24"
-  internal_gw: "10.0.0.2"
+  subnet_cidr: "10.0.20.0/24"
+  internal_gw: "10.0.20.2"
 
 bosh:
   name: "bosh-director"
   static_ip: "10.0.20.10"
 
+k8s:
+  config_path: "~/.kube/config"
+  cluster_address: "k8s.example.com"
+  api_server_address: "https://api.k8s.example.com"
+
+ingress:
+  vip: "42.42.42.42"
+
+vault:
+  hostname: "vault.example.com"
+
+prometheus:
+  hostname: "prometheus.example.com"
+
+grafana:
+  hostname: "grafana.example.com"
+
+alertmanager:
+  hostname: "alertmanager.example.com"
+
 concourse:
   hostname: "concourse.example.com"
-  url: "http://concourse.example.com"
+  url: "https://concourse.example.com"
   auth_username: "concourse"
+
+oauth:
+  hostname: "oauth.example.com"
+  url: "https://oauth.example.com"