You will execute this procedure to provision the foundational resources in GCP for each client. These resources are required before you can create application project.
-
Move to the folder where the
gatekeeper-policiesandcore-landing-zonepackages are locatedcd <FOLDER>
-
Create the following folder structure for clients
├── clients │ ├── <client1-name> │ ├── <client2-name> │ ├── ... ├── core-landing-zone ├── gatekeeper-policies
- Get the client-setup package
!!! Update the command below with the proper VERSION, you can locate it in the package's CHANGELOG.md, for example, '0.0.1'. Use 'main' if not available but we strongly recommend using versions over main. Alternatively, each package CHANGELOG.md contains the history if there is a requirement to use an older version.
-
Experimentation
you do not require this package.
-
DEV, PREPROD, PROD
PACKAGE="solutions/client-setup" VERSION=$(curl -s $URL | jq -r ".\"$PACKAGE\"") CLIENT_NAME=initial-client kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/${PACKAGE}@${VERSION} ./clients/${CLIENT_NAME}
- Customize the
clients/<client name>/client-setup/setters.yamlfile
!!! There is a folder in that package called
root-sync-git. This folder can be deleted if your are not using aGitops - Gitdeployment solution. But, if you are, you should now create a new repository for this client and add the client-landing-zone package to that repo
-
Render the Configs
kpt fn render clients/${CLIENT_NAME}/client-setup -
Deploy the infrastructure using either kpt or gitops-git or gitops-oci
- Get the client-landing-zone package
!!! Update the command below with the proper VERSION, you can locate it in the package's CHANGELOG.md, for example, '0.0.1'. Use 'main' if not available but we strongly recommend using versions over main. Alternatively, each package CHANGELOG.md contains the history if there is a requirement to use an older version.
-
Experimentation
PACKAGE="solutions/experimentation/client-landing-zone" VERSION=$(curl -s $URL | jq -r ".\"$PACKAGE\"") CLIENT_NAME=initial-client kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/${PACKAGE}@${VERSION} ./clients/${CLIENT_NAME}
-
DEV, PREPROD, PROD
PACKAGE="solutions/client-landing-zone" VERSION=$(curl -s $URL | jq -r ".\"$PACKAGE\"") CLIENT_NAME=initial-client kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/${PACKAGE}@${VERSION} ./clients/${CLIENT_NAME}
-
Customize the
clients/${CLIENT_NAME}/client-landing-zone/setters.yamlfile -
Render the Configs
kpt fn render clients/${CLIENT_NAME}/client-landing-zone -
Deploy the infrastructure using either kpt or gitops-git or gitops-oci
-
TEMPORARY WORKAROUND because of current location limitations when creating the Private Service Connect resource (PSC). It must be created manually with gcloud, Config Connector will then acquire it.
# these temporary roles will be required to run the gcloud command: # - Compute Network Admin (roles/compute.networkAdmin), # - Service Directory Editor (roles/servicedirectory.editor) # - DNS Administrator (roles/dns.admin) # https://cloud.google.com/vpc/docs/configure-private-service-connect-apis#roles HOST_PROJECT_ID='client-host-project-id' gcloud compute forwarding-rules create standardpscapisfw \ --global \ --network=global-standard-vpc \ --address=standard-psc-apis-ip \ --target-google-apis-bundle=all-apis \ --project=${HOST_PROJECT_ID} \ --service-directory-registration=projects/${HOST_PROJECT_ID}/locations/northamerica-northeast1
Execute the project onboarding procedure.