fleet/docs/Deploy/cloudgov.md
Eric 1b25187453
Docs: add syntax highlighting keywords to code blocks (#13963)
Closes: #13691

Changes: 
- Added keywords for syntax highlighting to code blocks in documentation
Markdown files.

---------

Co-authored-by: Mike Thomas <78363703+mike-j-thomas@users.noreply.github.com>
2023-09-22 16:57:40 -05:00

3.9 KiB

Deploy Fleet on Cloud.gov (Cloud Foundry)

Cloud.gov is a FEDRAMP moderate Platform-as-a-Service (PaaS). This repository includes a sample manifest.yml.example file ready to be pushed and run the latest version of fleetdm as a container. Make a copy of the example file and update the key values as appropriate.

  1. cp manifest.yml.cloudgov.example manifest.yml

  2. Setup a cloud.gov account - https://cloud.gov/docs/getting-started/accounts/

  3. Install the cf-cli - https://cloud.gov/docs/getting-started/setup/

  4. From your local fleetdm source directory.

git clone https://github.com/fleetdm/fleet
cd fleet
cf login -a api.fr.cloud.gov  --sso

# Follow the link to copy the Temporary Authentication Code when prompted
  1. Setup a demo application space
cf target -o sandbox-gsa create-space fleetdm-rename
  1. Create database(s)
# Update manifest.yml file to rename application and database key names to match commands below.

cf marketplace
cf create-service aws-rds medium-mysql fleetdm-mysql
cf create-service aws-elasticache-redis redis-dev fleetdm-redis
cf create-service-key fleetdm-db-rename fleetdm-db-test-key
cf push

You will be returned the URL for your new test instance to navigate to.

Note: This is only for demonstration purposes, in order to run a production level federal/FISMA system. You will need to contact the cloud.gov program and consult your organization's security team (for risk assessment and an Authority to Operate).

Using jq to map service credentials

Cloud foundry injects an environmental variable $VCAP_SERVICES which is available within the container. fleetdm uses jq to map service injected credentials to the standard fleetdm environment variables.

{
    "aws-rds": [
        {
            "label": "aws-rds",
            "provider": null,
            "plan": "medium-mysql",
            "name": "fleetdm-db",
            "tags": [
                "database",
                "RDS"
            ],
            "instance_guid": "guid",
            "instance_name": "fleetdm-db",
            "binding_guid": "guid",
            "binding_name": null,
            "credentials": {
                "db_name": "db_name",
                "host": "host",
                "name": "name",
                "password": "password",
                "port": "3306",
                "uri": "mysql://username:password@hostname:port/db_name",
                "username": "username"
            },
            "syslog_drain_url": null,
            "volume_mounts": []
        }
    ],
    "aws-elasticache-redis": [
        {
            "label": "aws-elasticache-redis",
            "provider": null,
            "plan": "redis-dev",
            "name": "fleetdm-redis",
            "tags": [
                "redis",
                "Elasticache",
                "AWS"
            ],
            "instance_guid": "guid",
            "instance_name": "fleetdm-redis",
            "binding_guid": "guid",
            "binding_name": null,
            "credentials": {
                "current_redis_engine_version": "version",
                "host": "host",
                "hostname": "hostname",
                "password": "password",
                "port": "port",
                "uri": "redis://:address:port"
            },
            "syslog_drain_url": null,
            "volume_mounts": []
        }
    ]
}