kite 0.2.0 → 1.0.0

data/tpl/aws/bin/base/cleanup.sh.tt

@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-
-# Remove existing BOSH deployments
-bosh -e <%= @values['bosh']['name'] %> -d concourse deld
-
-# Destroy BOSH director
-bosh delete-env deployments/bosh/bosh.yml \
-  --state=config/state.json \
-  --vars-store=config/creds.yml \
-  --vars-file=config/bosh-vars.yml \
-  --var-file private_key=<%= @values['kite']['private_key_path'] %> \
-  -o deployments/bosh/cpi.yml \
-  -o deployments/bosh/jumpbox-user.yml
-
-# Destroy Terraform-generated infrastructure
-pushd terraform && terraform destroy && popd
-
-# Remove files generated by kite
-rm -rf terraform deployments docs config/{creds.yml,bosh-vars.yml,jumpbox.key} bin/*.sh

data/tpl/aws/bin/base/set-env.sh.tt

@@ -1,7 +0,0 @@
-
-BASTION_IP="$(terraform output -state=terraform/terraform.tfstate bastion_ip)"
-
-export BASTION_IP
-export BOSH_ALL_PROXY=socks5://localhost:5000
-export BOSH_CLIENT=admin
-export BOSH_CLIENT_SECRET=`bosh int ./config/creds.yml --path /admin_password`

data/tpl/aws/bin/base/setup-tunnel.sh.tt

@@ -1,4 +0,0 @@
-BASTION_IP="$(terraform output -state=terraform/terraform.tfstate bastion_ip)"
-ssh -4 -D 5000 -fNC ubuntu@$BASTION_IP -i <%= @values['kite']['private_key_path'] %>
-
-export BOSH_ALL_PROXY=socks5://localhost:5000

data/tpl/aws/bin/bosh-install.sh.tt

@@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-
-set -xe
-
-# Create a new BOSH environment with Director
-bosh create-env deployments/bosh/bosh.yml \
-  --state=config/state.json \
-  --vars-store=config/creds.yml \
-  --vars-file=config/bosh-vars.yml \
-  --var-file private_key=<%= @values['kite']['private_key_path'] %> \
-  -o deployments/bosh/cpi.yml \
-  -o deployments/bosh/jumpbox-user.yml
-
-# Configure alias for the new environment
-bosh alias-env <%= @values['bosh']['name'] %> \
-  -e <%= @values['bosh']['static_ip'] %>  \
-  --ca-cert <(bosh int ./config/creds.yml --path /director_ssl/ca)
-
-bosh -e <%= @values['bosh']['name'] %> ucc deployments/bosh/cloud-config.yml
-
-# Get jumpbox user key
-bosh int config/creds.yml --path /jumpbox_ssh/private_key > config/jumpbox.key
-chmod 600 config/jumpbox.key

data/tpl/aws/bin/concourse-deploy.sh.tt

@@ -1,14 +0,0 @@
-#!/usr/bin/env bash
-
-set -xe
-
-# Upload necessary stemcells and releases
-bosh -e <%= @values['bosh']['name'] %> upload-stemcell https://bosh.io/d/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent
-bosh -e <%= @values['bosh']['name'] %> upload-release https://bosh.io/d/github.com/concourse/concourse
-bosh -e <%= @values['bosh']['name'] %> upload-release https://bosh.io/d/github.com/cloudfoundry-incubator/garden-runc-release
-
-# Deploy Concourse
-bosh -e <%= @values['bosh']['name'] %> -d concourse \
-  deploy deployments/concourse/concourse.yml \
-  -v vault_token=$1 \
-  --vars-store config/creds.yml

data/tpl/aws/bin/ingress-deploy.sh.tt

@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-set -xe
-
-bosh -e <%= @values['bosh']['name'] %> upload-release https://github.com/cloudfoundry-community/nginx-release/releases/download/v1.12.1/nginx-1.12.1.tgz
-
-bosh -e <%= @values['bosh']['name'] %> -d ingress deploy deployments/ingress/ingress.yml

data/tpl/aws/bin/ingress-update.sh.tt

@@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-set -xe
-
-kite render manifest ingress --cloud aws
-
-bosh -e <%= @values['bosh']['name'] %> -d ingress deploy deployments/ingress/ingress.yml

data/tpl/aws/bin/kops-delete.sh.erb

@@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-
-export KOPS_STATE_STORE=s3://<%= @values['kite']['bucket_name'] %>
-
-kops delete cluster <%= @values['aws']['kops_address'] %> --yes

data/tpl/aws/bin/kops-deploy.sh.erb

@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-
-set NAME=<%= @values['k8s']['cluster_address'] %>
-set KOPS_STATE_STORE=s3://<%= @values['kite']['bucket_name'] %>
-
-kops create cluster \
-  --zones <%= @values['aws']['zone'] %> \
-  --ssh-public-key <%= @values['kite']['public_key_path'] %> \
-  $NAME
-
-kops update cluster $NAME --yes

data/tpl/aws/bin/oauth-deploy.sh.tt

@@ -1,17 +0,0 @@
-#!/usr/bin/env bash
-
-set -xe
-
-# Upload necessary stemcells and releases
-bosh -e <%= @values['bosh']['name'] %> upload-stemcell \
-  https://bosh.io/d/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent
-
-bosh -e <%= @values['bosh']['name'] %> upload-release \
-  https://bosh.io/d/github.com/cloudfoundry/uaa-release
-
-# Deploy Concourse
-bosh -e <%= @values['bosh']['name'] %> -d oauth deploy \
-  deployments/oauth/oauth.yml \
-  --vars-store config/creds.yml \
-  -o config/oauth.yml \
-  && ./bin/ingress-update.sh

data/tpl/aws/bin/prometheus-deploy.sh.tt

@@ -1,23 +0,0 @@
-#!/usr/bin/env bash
-
-set -xe
-
-# Upload necessary stemcells and releases
-bosh -e <%= @values['bosh']['name'] %> upload-stemcell https://bosh.io/d/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent
-
-# Extract BOSH Director's SSL certificate
-bosh int ./config/creds.yml --path /director_ssl/certificate > bosh.ca
-
-# Deploy Prometheus
-bosh -e <%= @values['bosh']['name'] %> -d prometheus \
-  deploy deployments/prometheus/prometheus.yml \
-  --vars-store config/creds.yml \
-  -o deployments/prometheus/monitor-kubernetes.yml \
-  --vars-file config/bosh-vars.yml \
-  --var-file kubernetes_kubeconfig=<%= @values['k8s']['config_path'] %> \
-  -o deployments/prometheus/monitor-bosh.yml \
-  -v bosh_url=<%= @values['bosh']['static_ip'] %> \
-  -v bosh_username=admin \
-  -v bosh_password=`bosh int ./config/creds.yml --path /admin_password` \
-  --var-file bosh_ca_cert=bosh.ca \
-  -v metrics_environment=kite

data/tpl/aws/bin/vault-deploy.sh.tt

@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-
-set -xe
-
-# Upload necessary stemcells and releases
-bosh -e <%= @values['bosh']['name'] %> upload-stemcell https://bosh.io/d/stemcells/bosh-aws-xen-hvm-ubuntu-trusty-go_agent
-bosh -e <%= @values['bosh']['name'] %> upload-release https://bosh.io/d/github.com/cloudfoundry-community/vault-boshrelease
-
-# Deploy Vault
-bosh -e <%= @values['bosh']['name'] %> -d vault deploy deployments/vault/vault.yml

data/tpl/aws/bosh-vars.yml.erb

@@ -1,12 +0,0 @@
-director_name:             <%= @values['bosh']['name'] %>
-internal_cidr:             <%= @values['aws']['private_subnet']['network'] %>
-internal_gw:               <%= @values['aws']['private_subnet']['gateway'] %>
-internal_ip:               <%= @values['bosh']['static_ip'] %>
-access_key_id:             <%= @values['aws']['access_key'] %>
-secret_access_key:         <%= @values['aws']['secret_key'] %>
-region:                    <%= @values['aws']['region'] %>
-az:                        <%= @values['aws']['zone'] %>
-default_key_name:          <%= @values['kite']['keypair_name'] %>
-default_security_groups:   [<%= @tf_output['security_group_id'] %>]
-subnet_id:                 <%= @tf_output['platform_subnet_id'] %>
-kubernetes_apiserver:      <%= @values['aws']['kops_api_server_address'] %>

data/tpl/aws/config/oauth.yml

@@ -1,59 +0,0 @@
-# Groups
-- type: replace
-  path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/scim?/groups?
-  value: { }
-    # sysops: For automation stuff
-
-# Users
-- type: replace
-  path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/scim?/users?
-  value: [ ]
-    # - email: sysops@example.com
-    #   password: changeme
-    #   name: sysops
-    #   firstName: Sys
-    #   lastName: Ops
-    #   origin: uaa
-    #   groups:
-    #     - sysops
-
-# OAuth clients
-- type: replace
-  path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients?
-  value: { }
-    # some-app:
-    #   app-icon: 0000000000000000000000000000000000000000000000000000000000000000
-    #   app-launch-url: http://myapppage.com
-    #   authorities: test_resource.test_action
-    #   authorized-grant-types: authorization_code,client_credentials,refresh_token
-    #   autoapprove:
-    #     - test_resource.test_action
-    #     - test_resource.other_action
-    #   id: app
-    #   override: true
-    #   redirect-uri: http://login.example.com
-    #   scope: test_resource.test_action,test_resource.other_action
-    #   secret: app-secret
-    #   show-on-homepage: true
-
-# UAA theming
-- type: replace
-  path: /instance_groups/name=uaa/jobs/name=uaa/properties/login/branding?
-  value: { }
-    # banner:
-    #   backgroundColor: "#eeeeee"
-    #   link: "https://example.com/logo.png"
-    #   text: "Hello!"
-    #   textColor: "#333333"
-    # company_name: "Company Name"
-    # footer_legal_text: "© 2017. Company Name. All right reserved."
-
-# Email notifications
-- type: replace
-  path: /instance_groups/name=uaa/jobs/name=uaa/properties/login/smtp?
-  value: { }
-    # auth: false
-    # from_address: hello@example.com
-    # host: localhost
-    # port: 2525
-    # starttls: false

data/tpl/aws/deployments/bosh/bosh.yml

@@ -1,144 +0,0 @@
----
-name: bosh
-
-releases:
-- name: bosh
-  version: "263"
-  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-263-ubuntu-trusty-3445.7-20170901-012146-902840377-20170901012153.tgz?versionId=89a.ZxB3Jc_gl6s4YESlL41xNOfoJKrO
-  sha1: cc71c2ee6992071b1e1f6ae9f2119c03a42521c5
-
-resource_pools:
-- name: vms
-  network: default
-  env:
-    bosh:
-      password: '*'
-      mbus:
-        cert: ((mbus_bootstrap_ssl))
-
-disk_pools:
-- name: disks
-  disk_size: 32_768
-
-networks:
-- name: default
-  type: manual
-  subnets:
-  - range: ((internal_cidr))
-    gateway: ((internal_gw))
-    static: [((internal_ip))]
-    dns: [8.8.8.8]
-
-instance_groups:
-- name: bosh
-  instances: 1
-  jobs:
-  - {name: nats, release: bosh}
-  - {name: postgres-9.4, release: bosh}
-  - {name: blobstore, release: bosh}
-  - {name: director, release: bosh}
-  - {name: health_monitor, release: bosh}
-  resource_pool: vms
-  persistent_disk_pool: disks
-  networks:
-  - name: default
-    static_ips: [((internal_ip))]
-  properties:
-    nats:
-      address: 127.0.0.1
-      user: nats
-      password: ((nats_password))
-    postgres: &db
-      listen_address: 127.0.0.1
-      host: 127.0.0.1
-      user: postgres
-      password: ((postgres_password))
-      database: bosh
-      adapter: postgres
-    blobstore:
-      address: ((internal_ip))
-      port: 25250
-      provider: dav
-      director:
-        user: director
-        password: ((blobstore_director_password))
-      agent:
-        user: agent
-        password: ((blobstore_agent_password))
-    director:
-      address: 127.0.0.1
-      name: ((director_name))
-      db: *db
-      flush_arp: true
-      enable_post_deploy: true
-      generate_vm_passwords: true
-      enable_dedicated_status_worker: true
-      enable_nats_delivered_templates: true
-      workers: 4
-      events:
-        record_events: true
-      ssl:
-        key: ((director_ssl.private_key))
-        cert: ((director_ssl.certificate))
-      user_management:
-        provider: local
-        local:
-          users:
-          - name: admin
-            password: ((admin_password))
-          - name: hm
-            password: ((hm_password))
-    hm:
-      director_account:
-        user: hm
-        password: ((hm_password))
-        ca_cert: ((director_ssl.ca))
-      resurrector_enabled: true
-    ntp: &ntp
-    - time1.google.com
-    - time2.google.com
-    - time3.google.com
-    - time4.google.com
-    agent:
-      mbus: nats://nats:((nats_password))@((internal_ip)):4222
-
-cloud_provider:
-  mbus: https://mbus:((mbus_bootstrap_password))@((internal_ip)):6868
-  cert: ((mbus_bootstrap_ssl))
-  properties:
-    agent: {mbus: "https://mbus:((mbus_bootstrap_password))@0.0.0.0:6868"}
-    blobstore: {provider: local, path: /var/vcap/micro_bosh/data/cache}
-    ntp: *ntp
-
-variables:
-- name: admin_password
-  type: password
-- name: blobstore_director_password
-  type: password
-- name: blobstore_agent_password
-  type: password
-- name: hm_password
-  type: password
-- name: mbus_bootstrap_password
-  type: password
-- name: nats_password
-  type: password
-- name: postgres_password
-  type: password
-- name: default_ca
-  type: certificate
-  options:
-    is_ca: true
-    common_name: ca
-- name: mbus_bootstrap_ssl
-  type: certificate
-  options:
-    ca: default_ca
-    common_name: ((internal_ip))
-    alternative_names: [((internal_ip))]
-- name: director_ssl
-  type: certificate
-  options:
-    ca: default_ca
-    common_name: ((internal_ip))
-    alternative_names: [((internal_ip))]

data/tpl/aws/deployments/bosh/cloud-config.yml.tt

@@ -1,86 +0,0 @@
----
-azs:
-- name: z1
-  cloud_properties: {availability_zone: <%= @values['aws']['zone'] %>}
-
-vm_types:
-- name: concourse_standalone
-  cloud_properties:
-    instance_type: m3.large
-    ephemeral_disk: {size: 5000, type: gp2}
-    security_groups: [concourse-sg, bosh_sg]
-- name: concourse_web
-  cloud_properties:
-    instance_type: m3.medium
-    ephemeral_disk: {size: 3000, type: gp2}
-    security_groups: [concourse-sg, bosh_sg]
-- name: concourse_db
-  cloud_properties:
-    instance_type: m3.medium
-    ephemeral_disk: {size: 3000, type: gp2}
-    security_groups: [bosh_sg]
-- name: concourse_worker
-  cloud_properties:
-    instance_type: m3.large
-    ephemeral_disk: {size: 30000, type: gp2}
-    security_groups: [bosh_sg]
-- name: default
-  cloud_properties:
-    instance_type: t2.micro
-    ephemeral_disk: {size: 3000, type: gp2}
-    security_groups: [bosh_sg]
-- name: large
-  cloud_properties:
-    instance_type: m3.large
-    ephemeral_disk: {size: 5000, type: gp2}
-    security_groups: [bosh_sg]
-- name: vault-default
-  cloud_properties:
-    instance_type: t2.micro
-    ephemeral_disk: {size: 3000, type: gp2}
-    security_groups: [vault-sg, bosh_sg]
-- name: ingress_default
-  cloud_properties:
-    instance_type: t2.micro
-    ephemeral_disk: {size: 3000, type: gp2}
-    security_groups: [ingress-sg, bosh_sg]
-
-disk_types:
-- name: default
-  disk_size: 3000
-  cloud_properties: {type: gp2}
-- name: large
-  disk_size: 50_000
-  cloud_properties: {type: gp2}
-
-networks:
-- name: platform_dmz
-  type: manual
-  subnets:
-  - az: z1
-    range: <%= @values['aws']['public_subnet']['network'] %>
-    gateway: <%= @values['aws']['public_subnet']['gateway'] %>
-    reserved: [<%= ip_range(@public_subnet, (1..10)) %>] # Reserved range for the gateway, BOSH Director etc
-    # static: [<%= ip_range(@public_subnet, (11..16)) %>] # Static IP range for Vault, Concourse web panel, nginx etc
-    dns: [<%= @public_subnet[8].to_s %>]
-    cloud_properties: {subnet: <%= @tf_output['dmz_subnet_id'] %>}
-
-- name: platform_net
-  type: manual
-  subnets:
-  - az: z1
-    range: <%= @values['aws']['private_subnet']['network'] %>
-    gateway: <%= @values['aws']['private_subnet']['gateway'] %>
-    reserved: [<%= ip_range(@private_subnet, (1..10)) %>] # Reserved range for the gateway, BOSH Director etc
-    static: [<%= ip_range(@private_subnet, (11..20)) %>] # Static IP range for Vault, Concourse web panel, nginx etc
-    dns: [<%= @private_subnet[8].to_s %>]
-    cloud_properties: {subnet: <%= @tf_output['platform_subnet_id'] %>}
-- name: vip
-  type: vip
-
-compilation:
-  workers: 5
-  reuse_compilation_vms: true
-  az: z1
-  vm_type: large
-  network: platform_net