cloud.gov deployment (#7611)

* cloud.gov deployment

Adds example manifest.yml file and docs covering steps to deploy fleetdm to cloud.gov

* rename manifest

rename manifest and small edits

docs/Deploying/cloudgov.md

@@ -0,0 +1,108 @@
+# Deploying to Cloud.gov (Cloud Foundry)
+
+Cloud.gov is a [FEDRAMP moderate Platform-as-a-Service
+(PaaS)](https://marketplace.fedramp.gov/#!/product/18f-cloudgov?sort=productName). This repository
+includes a sample [manifest.yml.example](https://github.com/fleetdm/fleet/blob/main/manifest.yml.cloudgov.example) file ready to be pushed and run the
+latest version of fleetdm as a container. Make a copy of the example file and update the key
+values as appropriate.
+
+1. `cp manifest.yml.cloudgov.example manifest.yml`
+
+2. Setup a cloud.gov account - https://cloud.gov/docs/getting-started/accounts/ 
+
+3. Install the cf-cli - https://cloud.gov/docs/getting-started/setup/
+
+4. From your local fleetdm source directory.
+```
+git clone https://github.com/fleetdm/fleet
+cd fleet
+cf login -a api.fr.cloud.gov  --sso
+
+# Follow the link to copy the Temporary Authentication Code when prompted
+```
+5. Setup a demo application space
+```
+cf target -o sandbox-gsa create-space fleetdm-rename
+```
+
+6. Create database(s)
+```
+# Update manifest.yml file to rename application and database key names to match commands below.
+
+cf marketplace
+cf create-service aws-rds medium-mysql fleetdm-mysql
+cf create-service aws-elasticache-redis redis-dev fleetdm-redis
+cf create-service-key fleetdm-db-rename fleetdm-db-test-key
+cf push
+```
+
+**You will be returned the URL for your new test instance to navigate to.**
+
+> Note: This is only for demonstration purposes, in order to run a production level federal/FISMA system. You will need to contact the [cloud.gov program](https://cloud.gov) and consult your organization's security team (for risk assessment and an Authority to Operate).
+
+## Using jq to map service credentials
+
+Cloud foundry injects an environmental variable [`$VCAP_SERVICES`](https://docs.cloudfoundry.org/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES) which is available within the
+container. fleetdm uses jq to map service injected credentials to the [standard fleetdm environment
+variables](https://fleetdm.com/docs/deploying/configuration#using-only-environment-variables). 
+
+```json
+{
+    "aws-rds": [
+        {
+            "label": "aws-rds",
+            "provider": null,
+            "plan": "medium-mysql",
+            "name": "fleetdm-db",
+            "tags": [
+                "database",
+                "RDS"
+            ],
+            "instance_guid": "guid",
+            "instance_name": "fleetdm-db",
+            "binding_guid": "guid",
+            "binding_name": null,
+            "credentials": {
+                "db_name": "db_name",
+                "host": "host",
+                "name": "name",
+                "password": "password",
+                "port": "3306",
+                "uri": "mysql://username:password@hostname:port/db_name",
+                "username": "username"
+            },
+            "syslog_drain_url": null,
+            "volume_mounts": []
+        }
+    ],
+    "aws-elasticache-redis": [
+        {
+            "label": "aws-elasticache-redis",
+            "provider": null,
+            "plan": "redis-dev",
+            "name": "fleetdm-redis",
+            "tags": [
+                "redis",
+                "Elasticache",
+                "AWS"
+            ],
+            "instance_guid": "guid",
+            "instance_name": "fleetdm-redis",
+            "binding_guid": "guid",
+            "binding_name": null,
+            "credentials": {
+                "current_redis_engine_version": "version",
+                "host": "host",
+                "hostname": "hostname",
+                "password": "password",
+                "port": "port",
+                "uri": "redis://:address:port"
+            },
+            "syslog_drain_url": null,
+            "volume_mounts": []
+        }
+    ]
+}
+```
+
+<meta name="pageOrderInSection" value="700">

manifest.yml.cloudgov.example

@@ -0,0 +1,39 @@
+applications:
+- name: fleetdm
+  memory: 512m
+  disk_quota: 2g
+  instances: 1
+  timeout: 120
+  health-check-type: process
+  command: |
+    export FLEET_MYSQL_USERNAME=$( echo $VCAP_SERVICES | jq -r '.["aws-rds"][].credentials.username')  && \
+    export FLEET_MYSQL_ADDRESS=$( echo $VCAP_SERVICES | jq -r '.["aws-rds"][].credentials.host') && \
+    export FLEET_MYSQL_DATABASE=$( echo $VCAP_SERVICES | jq -r '.["aws-rds"][].credentials.db_name') && \
+    export FLEET_MYSQL_PASSWORD=$( echo $VCAP_SERVICES | jq -r '.["aws-rds"][].credentials.password') && \
+    export FLEET_REDIS_ADDRESS=$( echo $VCAP_SERVICES | jq -r '.["aws-elasticache-redis"][].credentials.host + ":" + .["aws-elasticache-redis"][].credentials.port') && \
+    export FLEET_REDIS_PASSWORD$( echo $VCAP_SERVICES | jq -r '.["aws-elasticache-redis"][].credentials.password') && \
+    fleet prepare --no-prompt=true db && \
+    fleet serve
+  docker:
+    image: fleetdm/fleet:latest
+  services:
+    - fleetdm-mysql
+    - fleetdm-redis
+  env:
+    FLEET_LOGGING_JSON: true
+    FLEET_LOGGING_DEBUG: true
+    FLEET_REDIS_USE_TLS: true
+    FLEET_SERVER_TLS: false
+    FLEET_REDIS_CONNECT_RETRY_ATTEMPTS: 3
+    # FLEET_FIREHOSE_STATUS_STREAM: FALSE
+    # FLEET_FIREHOSE_RESULT_STREAM: 
+    # FLEET_FIREHOSE_REGION:
+    # FLEET_OSQUERY_STATUS_LOG_PLUGIN"
+    # FLEET_OSQUERY_RESULT_LOG_PLUGIN"
+    # FLEET_VULNERABILITIES_DATABASES_PATH: 
+    # FLEET_OSQUERY_ENABLE_ASYNC_HOST_PROCESSING: 
+    # FLEET_S3_BUCKET: 
+    # FLEET_S3_PREFIX:
+    # FLEET_LICENSE_KEY:
+
+# Add the following to the command if needed     # printenv && \