kite 0.2.0 → 1.0.0

data/tpl/aws/terraform/kite_bucket.tf

@@ -1,8 +0,0 @@
-resource "aws_s3_bucket" "kite_bucket" {
-  bucket = "${var.bucket_name}"
-
-  tags {
-    Name = "${var.bucket_name}"
-    Component = "kite-platform"
-  }
-}

data/tpl/aws/terraform/main.tf.tt

@@ -1,36 +0,0 @@
-# Specify the provider and access details
-provider "aws" {
-  region = "${var.region}"
-  access_key = "${var.access_key}"
-  secret_key = "${var.secret_key}"
-}
-
-resource "aws_key_pair" "platform_key" {
-  key_name   = "${var.keypair_name}"
-  public_key = "${file("${var.public_key}")}"
-}
-
-resource "aws_instance" "bastion" {
-  ami = "${lookup(var.aws_amis, var.region)}"
-  instance_type = "t2.small"
-  key_name = "${var.keypair_name}"
-
-  vpc_security_group_ids = ["${aws_security_group.bastion_sg.id}"]
-  subnet_id = <%= "\"#{conditional_subnet_id(@values)}\"" %>
-  associate_public_ip_address = true
-
-  tags {
-    Name = "bastion"
-  }
-
-  connection {
-    user = "ubuntu"
-    private_key = "${file(var.private_key)}"
-  }
-
-  provisioner "remote-exec" {
-    inline = [
-      "curl -fsSL get.docker.com | sh"
-    ]
-  }
-}

data/tpl/aws/terraform/network.tf.tt

@@ -1,252 +0,0 @@
-<% if @values['aws']['vpc_id'].empty? %>
-# Create a VPC to launch our instances into
-resource "aws_vpc" "platform" {
-  cidr_block = "${var.vpc_cidr_block}"
-
-  tags {
-    Name = "${var.vpc_name}"
-    Component = "kite-platform"
-  }
-}
-
-# DMZ subnet
-resource "aws_subnet" "platform_dmz" {
-  vpc_id = "${aws_vpc.platform.id}"
-  availability_zone = "${var.availability_zone}"
-  cidr_block = "${var.public_subnet_cidr}"
-  map_public_ip_on_launch = false
-  tags {
-    Name = "${var.public_subnet_name}"
-    Component = "kite-platform"
-  }
-}
-
-# Create an internet gateway to give our subnet access to the outside world
-resource "aws_internet_gateway" "platform" {
-  vpc_id = "${aws_vpc.platform.id}"
-  tags {
-    Name = "platform-gateway"
-    Component = "kite-platform"
-  }
-}
-
-# Grant the VPC internet access on its main route table
-resource "aws_route" "internet_access" {
-  route_table_id = "${aws_vpc.platform.main_route_table_id}"
-  destination_cidr_block = "0.0.0.0/0"
-  gateway_id = "${aws_internet_gateway.platform.id}"
-}
-
-<% end %>
-
-<% if !@values['aws']['vpc_id'].empty? && @values['aws']['public_subnet']['id'].empty? %>
-# DMZ subnet
-resource "aws_subnet" "platform_dmz" {
-  vpc_id = "${var.vpc_id}"
-  availability_zone = "${var.availability_zone}"
-  cidr_block = "${var.public_subnet_cidr}"
-  map_public_ip_on_launch = false
-  tags {
-    Name = "${var.public_subnet_name}"
-    Component = "kite-platform"
-  }
-}
-<% end %>
-
-# Private subnet
-resource "aws_subnet" "platform_net" {
-  vpc_id = <%= "\"#{conditional_vpc_id(@values)}\"" %>
-  availability_zone = "${var.availability_zone}"
-  cidr_block = "${var.private_subnet_cidr}"
-  map_public_ip_on_launch = false
-  tags {
-    Name = "${var.private_subnet_name}"
-    Component = "kite-platform"
-  }
-}
-
-# Create a custom route table for the private subnet
-resource "aws_route_table" "private_route" {
-  vpc_id = <%= "\"#{conditional_vpc_id(@values)}\"" %>
-
-  route {
-    cidr_block = "0.0.0.0/0"
-    nat_gateway_id = "${aws_nat_gateway.nat_gateway.id}"
-  }
-
-  tags {
-    Name = "platform-route"
-    Component = "kite-platform"
-  }
-}
-
-# Allocate an Elastic IP for NAT gateway
-resource "aws_eip" "nat_ip" {
-}
-
-# Create a NAT gateway to forward the traffic for BOSH
-resource "aws_nat_gateway" "nat_gateway" {
-  allocation_id = "${aws_eip.nat_ip.id}"
-  subnet_id = <%= "\"#{conditional_subnet_id(@values)}\"" %>
-}
-
-# Associate custom route table with private subnet
-resource "aws_route_table_association" "private_route" {
-  subnet_id      = "${aws_subnet.platform_net.id}"
-  route_table_id = "${aws_route_table.private_route.id}"
-}
-
-# The default security group
-resource "aws_security_group" "bastion_sg" {
-  name = "bastion_sg"
-  description = "Bastion security group"
-  vpc_id = <%= "\"#{conditional_vpc_id(@values)}\"" %>
-  tags {
-    Name = "bastion-sg"
-    Component = "bosh-director"
-  }
-
-  ingress {
-    from_port = 22
-    to_port = 22
-    protocol = "tcp"
-    cidr_blocks = [
-      "0.0.0.0/0"]
-  }
-
-  egress {
-    from_port = 0
-    to_port = 0
-    protocol = "-1"
-    cidr_blocks = [
-      "0.0.0.0/0"]
-  }
-}
-
-# The default security group
-resource "aws_security_group" "bosh_sg" {
-  name = "bosh_sg"
-  description = "Default BOSH security group"
-  vpc_id = <%= "\"#{conditional_vpc_id(@values)}\"" %>
-  tags {
-    Name = "bosh-sg"
-    Component = "bosh-director"
-  }
-
-  # inbound access rules
-  ingress {
-    from_port = 6868
-    to_port = 6868
-    protocol = "tcp"
-    cidr_blocks = [
-      "0.0.0.0/0"]
-  }
-
-  ingress {
-    from_port = 25555
-    to_port = 25555
-    protocol = "tcp"
-    cidr_blocks = [
-      "0.0.0.0/0"]
-  }
-
-  ingress {
-    from_port = 22
-    to_port = 22
-    protocol = "tcp"
-    cidr_blocks = [
-      "0.0.0.0/0"]
-  }
-
-  ingress {
-    from_port = 0
-    to_port = 65535
-    protocol = "tcp"
-    self = true
-  }
-
-  ingress {
-    from_port = 0
-    to_port = 65535
-    protocol = "udp"
-    self = true
-  }
-
-  # outbound internet access
-  egress {
-    from_port = 0
-    to_port = 0
-    protocol = "-1"
-    cidr_blocks = [
-      "0.0.0.0/0"]
-  }
-}
-
-# Create an Ingress security group
-resource "aws_security_group" "ingress_sg" {
-  name        = "ingress-sg"
-  description = "Ingress security group"
-  vpc_id = <%= "\"#{conditional_vpc_id(@values)}\"" %>
-  tags {
-    Name = "ingress-sg"
-    Component = "ingress"
-  }
-
-  # outbound internet access
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  # inbound HTTP access
-  ingress {
-    from_port = 80
-    to_port = 80
-    protocol = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}
-
-# Create a Concourse security group
-resource "aws_security_group" "concourse_sg" {
-  name        = "concourse-sg"
-  description = "Concourse security group"
-  vpc_id = <%= "\"#{conditional_vpc_id(@values)}\"" %>
-  tags {
-    Name = "concourse-sg"
-    Component = "concourse"
-  }
-
-  # outbound internet access
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  # inbound connections from ELB
-  ingress {
-    from_port   = 8080
-    to_port     = 8080
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress {
-    from_port = 8080
-    to_port = 8080
-    protocol = "tcp"
-    cidr_blocks = [
-      "0.0.0.0/0"]
-  }
-
-  ingress {
-    from_port   = 2222
-    to_port     = 2222
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}

data/tpl/aws/terraform/outputs.tf

@@ -1,19 +0,0 @@
-output "security_group_id" {
-    value = "${aws_security_group.bosh_sg.id}"
-}
-
-output "platform_subnet_id" {
-    value = "${aws_subnet.platform_net.id}"
-}
-
-output "dmz_subnet_id" {
-    value = "${aws_subnet.platform_dmz.id}"
-}
-
-output "bastion_ip" {
-    value = "${aws_instance.bastion.public_ip}"
-}
-
-output "gateway_ip" {
-    value = "${aws_nat_gateway.nat_gateway.private_ip}"
-}

data/tpl/aws/terraform/terraform.tfvars.tt

@@ -1,21 +0,0 @@
-# Credentials
-access_key = "<%= @values['aws']['access_key'] %>"
-secret_key = "<%= @values['aws']['secret_key'] %>"
-region = "<%= @values['aws']['region'] %>"
-availability_zone = "<%= @values['aws']['zone'] %>"
-
-# Network Config
-vpc_cidr_block = "<%= @values['aws']['vpc_cidr_block'] %>"
-vpc_name = "<%= @values['aws']['vpc_name'] %>"
-vpc_id = "<%= @values['aws']['vpc_id'] %>"
-public_subnet_name = "<%= @values['aws']['public_subnet']['name'] %>"
-public_subnet_cidr = "<%= @values['aws']['public_subnet']['network'] %>"
-public_subnet_id = "<%= @values['aws']['public_subnet']['id'] %>"
-private_subnet_name = "<%= @values['aws']['private_subnet']['name'] %>"
-private_subnet_cidr = "<%= @values['aws']['private_subnet']['network'] %>"
-
-# Kite config
-keypair_name = "<%= @values['kite']['keypair_name'] %>"
-bucket_name = "<%= @values['kite']['bucket_name'] %>"
-public_key = "<%= @values['kite']['public_key_path'] %>"
-private_key = "<%= @values['kite']['private_key_path'] %>"

data/tpl/aws/terraform/variables.tf

@@ -1,73 +0,0 @@
-variable "access_key" {
-  type = "string"
-}
-
-variable "secret_key" {
-  type = "string"
-}
-
-variable "public_key" {
-  type = "string"
-}
-
-variable "private_key" {
-  type = "string"
-}
-
-variable "keypair_name" {
-  type = "string"
-}
-
-variable "bucket_name" {
-  type = "string"
-}
-
-variable "region" {
-  type = "string"
-  default =  "eu-central-1"
-}
-
-variable "availability_zone" {
-  type = "string"
-  default =  "eu-central-1a"
-}
-
-variable "vpc_cidr_block" {
-  type = "string"
-}
-
-variable "vpc_name" {
-  type = "string"
-}
-
-variable "vpc_id" {
-  type = "string"
-}
-
-variable "public_subnet_cidr" {
-  type = "string"
-}
-
-variable "public_subnet_id" {
-  type = "string"
-}
-
-variable "public_subnet_name" {
-  type = "string"
-}
-
-variable "private_subnet_cidr" {
-  type = "string"
-}
-
-variable "private_subnet_name" {
-  type = "string"
-}
-
-variable "aws_amis" {
-  default = {
-    us-east-1 = "ami-1d4e7a66"
-    eu-central-1 = "ami-958128fa"
-    eu-west-1 = "ami-785db401"
-  }
-}

data/tpl/gcp/README.md

@@ -1,54 +0,0 @@
-# GCP Cloud
-
-## Setup
-
-### Prerequisites
-Set path to your service account credentials:
-```
-export GOOGLE_CREDENTIALS=*~/credentials/service-account.json*
-```
-
-### Setup the basic infrastructure and bastion
-Apply terraform code
-```
-pushd terraform && terraform init && terraform apply && popd
-```
-
-[Note]
-To destroy Bastion later, use `terraform destroy -target google_compute_instance.bastion`
-
-### Setup BOSH
-Render BOSH manifest and related files
-```
-kite render manifest bosh --cloud gcp
-```
-
-Prepare BOSH environment using instructions from [docs/bosh.md](docs/bosh.md)
-
-### Setup INGRESS
-Render Ingress manifest and related files
-```
-kite render manifest ingress --cloud gcp
-```
-
-Follow instructions from [docs/ingress.md](docs/ingress.md) to deploy Ingress
-
-
-### Setup VAULT
-Render Vault deployment
-```
-kite render manifest vault --cloud gcp
-```
-
-Follow instructions from [docs/vault.md](docs/vault.md) to deploy Vault
-
-### Setup CONCOURSE
-[Note]
-To expose concourse publicly, you must create first (manually) a virtual IP in GCP and create a DNS A entry for the hostname for this IP. Set the IP into config/cloud.yml (concourse.vip).
-
-Render Concourse manifest
-```
-kite render manifest concourse --cloud gcp
-```
-
-Follow instructions from [docs/concourse.md](docs/concourse.md) to deploy Concourse