kite 0.2.0 → 1.0.0

data/tpl/aws/deployments/prometheus/monitor-kubernetes.yml

@@ -1,30 +0,0 @@
-# This file assumes bosh_exporter based Service Discovery is being used: ./monitor-bosh.yml
-
-# Exporter jobs
-- type: replace
-  path: /instance_groups/name=prometheus/jobs/-
-  value:
-    name: kube_state_metrics_exporter
-    release: prometheus
-    properties:
-      kube_state_metrics_exporter:
-        apiserver: "((kubernetes_apiserver))"
-        kubeconfig: ((kubernetes_kubeconfig))
-
-# Prometheus Alerts
-- type: replace
-  path: /instance_groups/name=prometheus/jobs/name=kubernetes_alerts?/release
-  value: prometheus
-
-- type: replace
-  path: /instance_groups/name=prometheus/jobs/name=prometheus/properties/prometheus/rule_files/-
-  value: /var/vcap/jobs/kubernetes_alerts/*.alerts
-
-# Grafana Dashboards
-- type: replace
-  path: /instance_groups/name=grafana/jobs/name=kubernetes_dashboards?/release
-  value: prometheus
-
-- type: replace
-  path: /instance_groups/name=grafana/jobs/name=grafana/properties/grafana/prometheus/dashboard_files/-
-  value: /var/vcap/jobs/kubernetes_dashboards/*.json

data/tpl/aws/deployments/prometheus/prometheus.yml.tt

@@ -1,184 +0,0 @@
-name: prometheus
-
-instance_groups:
-  - name: alertmanager
-    azs:
-      - z1
-    instances: 1
-    vm_type: default
-    persistent_disk_type: default
-    stemcell: default
-    networks:
-      - name: platform_net
-        static_ips: [<%= @private_subnet[15] %>]
-    jobs:
-      - name: alertmanager
-        release: prometheus
-        properties:
-          alertmanager:
-            mesh:
-              password: ((alertmanager_mesh_password))
-            route:
-              receiver: default
-            receivers:
-              - name: default
-            test_alert:
-              daily: true
-
-  - name: prometheus
-    azs:
-      - z1
-    instances: 1
-    vm_type: default
-    persistent_disk_type: default
-    stemcell: default
-    networks:
-      - name: platform_net
-        static_ips: [<%= @private_subnet[16] %>]
-    jobs:
-      - name: prometheus
-        release: prometheus
-        properties:
-          prometheus:
-            rule_files:
-              - /var/vcap/jobs/postgres_alerts/*.alerts
-              - /var/vcap/jobs/prometheus_alerts/*.alerts
-            scrape_configs:
-              - job_name: prometheus
-                static_configs:
-                - targets:
-                  - localhost:9090
-      - name: postgres_alerts
-        release: prometheus
-      - name: prometheus_alerts
-        release: prometheus
-
-  - name: database
-    azs:
-      - z1
-    instances: 1
-    vm_type: default
-    persistent_disk_type: default
-    stemcell: default
-    networks:
-      - name: platform_net
-    jobs:
-      - name: postgres
-        release: postgres
-        properties:
-          databases:
-            port: 5432
-            databases:
-              - name: grafana
-                citext: true
-            roles:
-              - name: grafana
-                password: ((postgres_grafana_password))
-      - name: postgres_exporter
-        release: prometheus
-        properties:
-          postgres_exporter:
-            datasource_name: postgresql://grafana:((postgres_grafana_password))@127.0.0.1:5432/?sslmode=disable
-
-  - name: grafana
-    azs:
-      - z1
-    instances: 1
-    vm_type: default
-    persistent_disk_type: default
-    stemcell: default
-    networks:
-      - name: platform_net
-        static_ips: [<%= @private_subnet[17] %>]
-    jobs:
-      - name: grafana
-        release: prometheus
-        properties:
-          grafana:
-            database:
-              type: postgres
-              port: 5432
-              name: grafana
-              user: grafana
-              password: ((postgres_grafana_password))
-            session:
-              provider: postgres
-              provider_port: 5432
-              provider_name: grafana
-              provider_user: grafana
-              provider_password: ((postgres_grafana_password))
-            security:
-              admin_user: admin
-              admin_password: ((grafana_password))
-              secret_key: ((grafana_secret_key))
-            dashboards:
-              json:
-                enabled: true
-            prometheus:
-              dashboard_files:
-                - /var/vcap/jobs/grafana_dashboards/*.json
-                - /var/vcap/jobs/postgres_dashboards/*.json
-                - /var/vcap/jobs/prometheus_dashboards/*.json
-      - name: grafana_dashboards
-        release: prometheus
-      - name: postgres_dashboards
-        release: prometheus
-      - name: prometheus_dashboards
-        release: prometheus
-
-  - name: nginx
-    azs:
-      - z1
-    instances: 1
-    vm_type: default
-    stemcell: default
-    networks:
-      - name: platform_net
-        static_ips: [<%= @private_subnet[18] %>]
-    jobs:
-      - name: nginx
-        release: prometheus
-        properties:
-          nginx:
-            alertmanager:
-              auth_username: admin
-              auth_password: ((alertmanager_password))
-            prometheus:
-              auth_username: admin
-              auth_password: ((prometheus_password))
-
-variables:
-  - name: alertmanager_password
-    type: password
-  - name: alertmanager_mesh_password
-    type: password
-  - name: prometheus_password
-    type: password
-  - name: postgres_grafana_password
-    type: password
-  - name: grafana_password
-    type: password
-  - name: grafana_secret_key
-    type: password
-
-update:
-  canaries: 1
-  max_in_flight: 32
-  canary_watch_time: 1000-100000
-  update_watch_time: 1000-100000
-  serial: false
-
-stemcells:
-  - alias: default
-    os: ubuntu-trusty
-    version: latest
-
-releases:
-- name: postgres
-  version: "20"
-  url: https://bosh.io/d/github.com/cloudfoundry/postgres-release?v=20
-  sha1: 3f378bcab294e20316171d4e656636df88763664
-- name: prometheus
-  version: 18.6.2
-  url: https://github.com/cloudfoundry-community/prometheus-boshrelease/releases/download/v18.6.2/prometheus-18.6.2.tgz
-  sha1: f6b7ed381a28ce8fef99017a89e1122b718d5556

data/tpl/aws/deployments/vault/vault.yml.erb

@@ -1,38 +0,0 @@
----
-name: vault
-
-releases:
-- name: vault
-  version: latest
-
-instance_groups:
-- name: vault
-  instances: 1
-  vm_type: default
-  azs: [z1]
-  stemcell: trusty
-  networks:
-  - name: platform_net
-    static_ips: [<%= @private_subnet[11] %>]
-
-  jobs:
-  - name: vault
-    release: vault
-    properties:
-      vault:
-        ha:
-          redirect: ~
-        storage:
-          use_file: true
-
-update:
-  canaries: 1
-  max_in_flight: 1
-  serial: false
-  canary_watch_time: 1000-60000
-  update_watch_time: 1000-60000
-
-stemcells:
-- alias: trusty
-  name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
-  version: latest

data/tpl/aws/docs/bosh.md

@@ -1,31 +0,0 @@
-#### [Back](../README.md)
-
-## BOSH
-
-### Prerequisites
-
-- Terraform IaC applied
-- [BOSH CLI v2](https://bosh.io/docs/cli-v2.html#install) installed
-
-### Setup
-
-Render bosh deployment
-```
-kite render manifest bosh --cloud=aws
-```
-
-Setup tunnel
-```
-. bin/setup-tunnel.sh
-```
-
-Install BOSH
-```
-./bin/bosh-install.sh
-```
-
-Connect to the Director
-```
-. bin/set-env.sh
-
-```

data/tpl/aws/docs/concourse.md

@@ -1,41 +0,0 @@
-#### [Back](../README.md)
-
-## Concourse
-
-### Prerequisites
-
-- Vault [deployed and initialized](vault.md)
-
-### Setup
-
-Fill out the "token" field in `deployments/concourse/concourse.yml` with root token received from `vault init`.
-
-Deploy Concourse by running the script with the Vault token as argument(strong passwords for Concourse auth and db will be generated automatically)
-```
-./bin/concourse-deploy.sh *vault_token*
-```
-
-### Connect GitHub oAuth
-
-To configure GitHub oAuth, you'll first need to [create](https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/registering-oauth-apps) a GitHub oAuth app.
-
-```
-fly set-team -n concourse \
-    --github-auth-client-id D \
-    --github-auth-client-secret $CLIENT_SECRET \
-    --github-auth-team concourse/Pivotal
-```
-
-### Test
-
-To run a test Concourse job:
-
-- Go to test folder: `cd deployments/concourse/test`
-- Fill out `test-credentials.yml`
-- Add necessary secrets to your Vault(see [docs/vault.md](docs/vault.md))
-- Download the `fly` client from Concourse web panel and add it to your PATH: `mv *path_to_fly* /usr/local/bin`
-- Login to Concourse using the `fly` client: `fly -t ci --concourse-url *concourse-url*`
-- Create a test pipeline with `fly set-pipeline -t ci -c test-pipeline.yml -p test --load-vars-from test-credentials.yml -n`
-- Unpause pipeline: `fly unpause-pipeline -t ci -p test`
-- Trigger and unpause the test job: `fly trigger-job -t ci -j test/test-publish`
-- See the results on Concourse web panel or use: `fly watch -p test -j test/test-publish`

data/tpl/aws/docs/ingress.md

@@ -1,14 +0,0 @@
-#### [Back](../README.md)
-
-## Ingress
-
-### Prerequisites
-
-- BOSH environment [ready](bosh.md)
-- All hostnames resolve to the VIP configured in cloud.yml (this is mandatory to issue SSL certificates)
-
-### Deployment
-
-To deploy Ingress, use `./bin/ingress-deploy.sh`
-
-After each new component deployed, run `./bin/ingress-update`

data/tpl/aws/docs/kops.md

@@ -1,35 +0,0 @@
-#### KOPS
-
-### Prerequisites
-
-- [kubectl](https://github.com/kubernetes/kops/blob/master/docs/install.md#kubectl) installed
-- [kops](https://github.com/kubernetes/kops/blob/master/docs/install.md) client installed
-- SSH key generated(needed for accessing cluster's master)
-- Amazon S3 bucket for storing cluster's state created
-- Route 53 domain for cluster access
-- IAM user with correct policies:
-     - AmazonEC2FullAccess
-     - AmazonRoute53FullAccess
-     - AmazonS3FullAccess
-     - IAMFullAccess
-     - AmazonVPCFullAccess
-
-### Setup
-
-Export AWS access keys and ID if you didn't before
-```
-export AWS_ACCESS_KEY_ID=<access key>
-export AWS_SECRET_ACCESS_KEY=<secret key>
-```
-
-Deploy the `kops` cluster
-```
-./bin/kops-deploy.sh
-```
-
-### Teardown
-
-To tear down the kops cluster you've created, just run
-```
-./bin/kops-delete.sh
-```

data/tpl/aws/docs/oauth.md

@@ -1,24 +0,0 @@
-#### [Back](../README.md)
-
-## OAuth (UAA)
-
-### Configuration
-
-If you want to add initial groups and users, change oauth look,
-configure mail, etc. - you should edit `config/oauth.yml`.
-
-Here are links to uaa config documentation:
-
-* __users:__ [uaa.scim.users](https://bosh.io/jobs/uaa?source=github.com/cloudfoundry/uaa-release&version=52#p=uaa.scim.users)
-* __groups:__ [uaa.scim.groups](https://bosh.io/jobs/uaa?source=github.com/cloudfoundry/uaa-release&version=52#p=uaa.scim.groups)
-* __oauth clients:__ [uaa.clients](https://bosh.io/jobs/uaa?source=github.com/cloudfoundry/uaa-release&version=52#p=uaa.clients)
-* __theming:__ [login.branding](https://bosh.io/jobs/uaa?source=github.com/cloudfoundry/uaa-release&version=52#p=login.branding)
-* __email notifications:__ [login.smtp](https://bosh.io/jobs/uaa?source=github.com/cloudfoundry/uaa-release&version=52#p=login.smtp)
-
-### Deployment
-
-After editing config, run `./bin/oauth-deploy.sh`
-
-### Usage
-
-To check if OAuth works, visit [<%= @values['oauth']['hostname'] %>](<%= @values['oauth']['url'] %>).

data/tpl/aws/docs/prometheus.md

@@ -1,31 +0,0 @@
-#### [Back](../README.md)
-
-## Prometheus
-
-### Prerequisites
-
-- BOSH environment [ready](bosh.md)
-- Kops cluster [deployed](kops.md)
-
-### Setup
-
-Enter path to your Kubernetes config in `config/cloud.yml` and add the Kubernetes API server address to `config/bosh_vars.yml`.
-
-Afterwards, deploy Prometheus
-```
-./bin/prometheus-deploy.sh
-```
-
-### Access
-
-After the deployment process is done, you can reach each Prometheus' component's web UI at:
-
-If you have [Ingress](ingress.md) deployed and DNS record created, each Prometheus stack component should be accessible by its respective address.
-
-Without Ingress:
-
-- AlertManager: http://10.0.0.18:9093
-- Grafana:      http://10.0.0.18:3000
-- Prometheus:   http://10.0.0.18:9090
-
-You can find related credentials in `config/creds.yml`

data/tpl/aws/docs/vault.md

@@ -1,35 +0,0 @@
-#### [Back](../README.md)
-
-## Vault
-
-### Prerequisites
-
-Before using Vault, you should have the client installed:
-
-- Download the binary for your OS
-- Unzip it and run `chmod +x vault && sudo mv vault /usr/local/bin/vault`
-- Check if the Vault is installed by running `vault -v`
-
-### Deployment
-
-To deploy Vault, use `./bin/vault-deploy.sh`
-
-### Connection
-
-- Export your Vault's IP using `export VAULT_ADDR=http://*vault_ip*:8200`
-- Run `vault init` to initialize the vault
-- Store the keys displayed after init
-- Unseal the vault by running `vault unseal` three times using three keys from the previous step
-- Authenticate to the vault with `vault auth` using the root token you got from `vault init`
-
-[Optional]
-- Try to store a dummy secret: `vault write secret/handshake knock=knock`
-- Read it: `vault read secret/handshake`
-
-### Usage with Concourse
-
-Before using Vault with Concourse you should mount a secrets backend with `vault mount -path=concourse kv`
-
-To add new secrets accessible for Concourse use `vault write concourse/main/*secret_name* value="*secret_value*"`
-
-#### It's recommended to create a separate token for Concourse by using `vault token-create`