first commit

.gitignore

@@ -0,0 +1 @@
+*.dec

Makefile

@@ -0,0 +1,25 @@
+CHART_REPO := http://chartmuseum.thunder.thunder.fabric8.io
+CHART := jenkins-x-platform
+CHART_VERSION := 0.0.1
+OS := $(shell uname)
+HELM := $(shell command -v helm 2> /dev/null)
+RELEASE := jenkins-x
+
+setup:
+	minikube addons enable ingress
+ifndef HELM
+ifeq ($(OS),Darwin)
+	brew install kubernetes-helm
+else
+	echo "Please install helm first https://github.com/kubernetes/helm/blob/master/docs/install.md"
+endif
+endif
+	helm init
+	helm repo add jenkins-x $(CHART_REPO)
+
+delete:
+	helm delete --purge $(RELEASE)
+	kubectl delete cm --all
+
+clean:
+	rm -rf secrets.yaml.dec

README.md

@@ -0,0 +1,84 @@
+# projectX cloud environments
+
+This repository contains a number of Jenkins-X environments including cloud specific configuration and encrypted production secrets that can be applied to any kubernetes cluster via a Makefile or Jenkins Pipelines.
+
+# Prerequisits
+
+Access to a kubernetes cluster and connected kubectl context so you can run `kubectl get pods` for example.  If you don't have access to a remote kubernetes cluster you can use minikube to run locally.
+
+If you don't need minikube skip to the [helm](#helm) Prerequisits
+
+## Minikube
+First install minikube using these steps (tip if running on OSX use xhyve hypervisor) https://kubernetes.io/docs/tasks/tools/install-minikube/
+```
+minikube start --vm-driver hyperkit --cpus 4 --memory 4096
+```
+
+## Helm
+We use [helm](https://github.com/kubernetes/helm) as the package manager and for it's install / upgrade features.  So first get the helm binary 
+
+If you are on OSX simply run:
+```
+brew install kubernetes-helm
+```
+If not visit https://github.com/kubernetes/helm/blob/master/docs/install.md
+
+
+Now if you are running against __minikube__ and this is the first time then run:
+```
+make setup
+```
+If you are running against a remote kubernetes cluster then you will need to first install the helm server side service [Tiller](https://github.com/kubernetes/helm#helm-in-a-handbasket), this can be done by running:
+```
+helm init
+```
+
+# Install
+
+Fork and clone this repo and choose the the environment you wish to install into from the list below.  Then change directory into the matching environment and run `make install`.
+
+List of environments:
+- __minikube__ - this is the most popular way to kick the tires locally
+- __GKE__ - this is on the Googles Container Engine public cloud
+- __Thunder__ - this is projectX's own production CD infrastructure
+
+## Examples:
+Change directory into desired environment:
+```
+cd env-$CHOSEN_ENV
+```
+Now install:
+```
+make install
+```
+To upgrade:
+```
+make upgrade
+```
+To delete the projectX release from your target environment:
+```
+make delete
+```
+Now to access services running in minikube get the URLs by running:
+```
+kubectl get ingress
+```
+
+# Secrets
+
+You may notice that the thunder/secrets.yaml is encrypted.  This means we can commit and push to github our production secrets so when we reprovision the environment we simply clone, helm decode and install / upgrade from a CI/CD pipeline.  More details on how to setup the helm wrapper and gpg keys so you can do this yourself on your own fork.
+
+This means our entire cloud environments are competely recreatable and both configureation and secrets have a tracability and an adit trail.
+
+## Credentials
+
+The default credentials for test purposes are below, please either change the raw secrets.yaml files or follow the secrets section above to encrypt your own sensitive data.
+
+| Application | Username | Password |
+| ----------- |:--------:| --------:|
+| Jenkins     | admin    | admin    |
+| Nexus       | admin    | admin123 |
+
+# Local developement
+
+This repo is for installing a released platform version.  If you want to develop and contribute please head over to the https://github.com/jenkins-x/jenkins-x-platform repo.

env-minikube/Makefile

@@ -0,0 +1,13 @@
+include ../Makefile
+
+build: clean
+	helm repo add jenkins-x $(CHART_REPO)
+	helm repo update
+
+install: clean build
+	helm install jenkins-x/$(CHART) --name $(RELEASE) -f ./myvalues.yaml -f ./secrets.yaml --version $(CHART_VERSION)
+	watch kubectl get pods
+
+upgrade: clean build
+	helm upgrade $(RELEASE) jenkins-x/$(CHART) -f myvalues.yaml -f secrets.yaml --version $(CHART_VERSION)
+	watch kubectl get pods

env-minikube/myvalues.yaml

@@ -0,0 +1,5 @@
+# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/values.yaml
+exposecontroller:
+  exposecontroller:
+    HTTP: "true"
+    TLSACME: "false"

env-minikube/secrets.yaml

@@ -0,0 +1,93 @@
+exposecontroller:
+    exposecontroller:
+        APIServer: 
+        Domain: 
+
+monocular:
+    api:
+        auth:
+            github:
+                clientID: 
+                clientSecret: 
+    ingress:
+        hosts:
+        - monocular.thunder.foo.nip.io
+
+jenkins:
+    Master:
+        AdminPassword: admin
+
+PipelineSecrets:
+    DockerConfig: 
+    GithubToken: 
+    NPMToken: 
+    PipelineSecrets:
+        pubring: 
+        secjenkins: 
+        secring: 
+        trustdb: 
+    SSHConfig: |-
+        Host github.com
+            User git
+            IdentityFile /root/.ssh-git/ssh-key
+            StrictHostKeyChecking no
+    MavenSettingsXML: |-
+        <settings>
+        <localRepository>/home/jenkins/.mvnrepository</localRepository>
+        <!--This sends everything else to /public -->
+        <mirrors>
+            <mirror>
+            <id>nexus</id>
+            <mirrorOf>external:*</mirrorOf>
+            <url>http://fabric8-sonatype-nexus.shared/content/groups/public</url>
+            </mirror>
+        </mirrors>
+
+        <!-- lets disable the download progress indicator that fills up logs -->
+        <interactiveMode>false</interactiveMode>
+
+        <servers>
+            <server>
+            <id>local-nexus</id>
+            <username>admin</username>
+            <password>admin123</password>
+            </server>
+            <server>
+            <id>nexus</id>
+            <username>admin</username>
+            <password>admin123</password>
+            </server>
+        </servers>
+
+        <profiles>
+            <profile>
+            <id>nexus</id>
+            <properties>
+                <altDeploymentRepository>local-nexus::default::http://fabric8-sonatype-nexus.shared/content/repositories/staging/</altDeploymentRepository>
+                <altReleaseDeploymentRepository>local-nexus::default::http://fabric8-sonatype-nexus.shared/content/repositories/staging/</altReleaseDeploymentRepository>
+                <altSnapshotDeploymentRepository>local-nexus::default::http://fabric8-sonatype-nexus.shared/content/repositories/staging/</altSnapshotDeploymentRepository>
+            </properties>
+
+            <repositories>
+                <repository>
+                <id>central</id>
+                <url>http://central</url>
+                <releases><enabled>true</enabled></releases>
+                <snapshots><enabled>true</enabled></snapshots>
+                </repository>
+            </repositories>
+            <pluginRepositories>
+                <pluginRepository>
+                <id>central</id>
+                <url>http://central</url>
+                <releases><enabled>true</enabled></releases>
+                <snapshots><enabled>true</enabled></snapshots>
+                </pluginRepository>
+            </pluginRepositories>
+            </profile>
+        </profiles>
+
+        <activeProfiles>
+            <activeProfile>nexus</activeProfile>
+        </activeProfiles>
+        </settings>

env-thunder/.sops.yaml

@@ -0,0 +1,2 @@
+creation_rules:
+    - pgp: "60A7EC7FE15D7141D8E8B274CD0A17A8AE9168E7,75AED3C871F4FCF6F732D8AFE1DB1DEE4B9D2792,013A54369DF417691DC2DFC61A19F92D632E80D4"

env-thunder/Jenkinsfile

@@ -0,0 +1,20 @@
+pipeline {
+  agent {
+    kubernetes {
+      label "projectx-helm"
+      podTemplateName "projectx-helm"
+    }
+  }
+  parameters {
+    string(name: 'CHART', description: 'Chart to deploy')
+    string(name: 'VERSION', description: 'Version of chart to deploy')
+  }
+  stages {
+    stage('Helm Deployment') {
+      steps {
+        sh 'helm secrets dec secrets.yaml'
+        sh "helm install ${CHART} --version ${VERSION} --name thunder -f myvalues.yaml -f secrets.yaml.dec"
+      }
+    }
+  }
+}

env-thunder/Makefile

@@ -0,0 +1,14 @@
+include ../Makefile
+
+build: clean
+	helm repo add jenkins-x $(CHART_REPO)
+	helm repo update
+	helm secrets dec secrets.yaml
+
+install: clean build
+	helm install jenkins-x/$(CHART) --name $(RELEASE) -f ./myvalues.yaml -f ./secrets.yaml.dec --version $(CHART_VERSION)
+	watch kubectl get pods
+
+upgrade: clean build
+	helm upgrade $(RELEASE) jenkins-x/$(CHART) -f myvalues.yaml -f secrets.yaml.dec --version $(CHART_VERSION)
+	watch kubectl get pods

env-thunder/README.md

@@ -0,0 +1,9 @@
+# Thunder is projectX's production cloud environment
+
+To install run:
+
+```
+make install
+```
+
+Or import the Jenkinfile into Jenkins to enable CI/CD

env-thunder/myvalues.yaml

@@ -0,0 +1,5 @@
+# Override configuration from https://github.com/jenkins-x/jenkins-x-platform/blob/master/values.yaml
+exposecontroller:
+  exposecontroller:
+    HTTP: "true"
+    TLSACME: "false"