This repo holds the deployment templates used to deploy the Concourse instance and supporting infra structure used by the community maintained BOSH stemcell.
- gcloud => 337.0.0
- helm => 3.5.4
- vendir => 0.18
- ytt
- kapp
- jq
- kubectl
Configure the correct project and default region (will be loaded from project settings) by running:
gcloud init
Configure access to the gke cluster by executing the following command:
PROJECT_ID=$(gcloud config get-value core/project 2>/dev/null) \
gcloud container clusters get-credentials concourse --zone europe-west4-a --project ${PROJECT_ID}
Then you are able to use kubectl against the gke cluster for further work.
Use the script bin/init to create a new concourse cluster from scratch. Note you need to be logged in to gcp and set the correct project id.
this is neccary of you want to be able to login with your github credentials please note that this should be a github org auth app
ghID=paste your github oauth id from your org
ghSecret=paste your github oauth secret from your org
kubectl -n concourse create secret generic github --from-literal=id=${ghID} --from-literal=secret=${ghSecret}
./bin/sync
./bin/build
./bin/deploy
To spin up a pod and start a credhub-cli session run:
./start-credhub-cli.sh
Once deployed, we have to save credhub encryption key to Google Secrets in case of a disaster situation. This is to be done only on first deployment, see docs/disaster_recovery for recovery details.
gcloud secrets create credhub-encryption-key
kubectl get secret credhub-encryption-key -n concourse -o json | jq -r .data.password | base64 --decode | gcloud secrets versions add credhub-encryption-key --data-file=-
PROJECT_ID=$(gcloud config get-value core/project 2>/dev/null) \
gsutil hmac create -p $PROJECT_ID concourse@$PROJECT_ID.iam.gserviceaccount.com