Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: Update lzv2 README #498

Merged
merged 8 commits into from
Sep 15, 2023
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 30 additions & 8 deletions docs/landing-zone-v2/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@
- [Single GCP organization](#single-gcp-organization)
- [Multiple GCP organizations](#multiple-gcp-organizations)
- [Folder Structure Per Environment (Dev, Preprod, Prod)](#folder-structure-per-environment-dev-preprod-prod)
- [Core Landing Zone Folders](#core-landing-zone-folders)
- [Client Landing Zone Folders](#client-landing-zone-folders)
- [Core Landing Zone](#core-landing-zone)
- [Client Landing Zone](#client-landing-zone)
- [Setup](#setup)
- [1. Complete the bootstrap procedure](#1-complete-the-bootstrap-procedure)
- [Requirements](#requirements)
Expand All @@ -28,7 +28,7 @@
- [Fetch the packages](#fetch-the-packages)
- [2b. Deploy the infrastructure using KPT](#2b-deploy-the-infrastructure-using-kpt)
- [gatekeeper-policies](#gatekeeper-policies)
- [core-landing-zone](#core-landing-zone)
- [core-landing-zone](#core-landing-zone-1)
- [3. Deploy the infrastructure using GitOps](#3-deploy-the-infrastructure-using-gitops)
- [Create a new repository in your Repo Hosting Solution (Github, Gitlab or Azure Devops)](#create-a-new-repository-in-your-repo-hosting-solution-github-gitlab-or-azure-devops)
- [ConfigSync](#configsync)
Expand All @@ -51,6 +51,7 @@ This Landing Zone v2 differentiates from the `solutions/landing-zone` mostly bec

## <a name='Implementation'></a>Implementation


You may want to look at the [documentation](https://github.com/ssc-spc-ccoe-cei/gcp-documentation) published by **Shared Services Canada**, providing a good level of details on how they have implemented this landing zone solution to host workloads from any of the 43 departments of the Government of Canada.

## <a name='Organization'></a>Organization
Expand All @@ -59,17 +60,32 @@ This Landing Zone v2 assumes that the different required environments known as E

## <a name='SingleGCPorganization'></a>Single GCP organization

This pattern will be ideal for most use-cases and isolation between enviornments is achieved through folder structures.
cartyc marked this conversation as resolved.
Show resolved Hide resolved

In this example a Landing Zone is deployed per environment.

![img](img/single-org.png)

## <a name='MultipleGCPorganizations'></a>Multiple GCP organizations

This pattern is ideal for Departments who need a higher degree of isolation between environments by using Google Cloud Organizations as the environment boundary vs using folders.

Additional details about using multiple organizations can be found [here](https://cloud.google.com/resource-manager/docs/managing-multiple-orgs).

![img](img/multi-org.png)

## <a name="folderStructure"></a>Folder Structure Per Environment (Dev, Preprod, Prod)

A deployed Landing Zone contains two sections the Core Landing Zone and the Client Landing Zone. Together they will deploy a structure that matches the diagram below.


![img](img/folder-structure.png)

### Core Landing Zone Folders
### Core Landing Zone

This is made up of two pacakges `core-landing-zone` and `gatekeeper-policies`. This section provides the core of the landing zone functionality with Logging, Org Policies, and Shared Infrastructure like DNS and a Shared VPC (coming soon) as well as compliance enforcement in Config Controller.
cartyc marked this conversation as resolved.
Show resolved Hide resolved

This can be deployed once or multiple times per organization as highlighted in the diagrams below.

| Folder | Usage |
| --- | --- |
Expand All @@ -78,7 +94,13 @@ This Landing Zone v2 assumes that the different required environments known as E
| services | Contains service projects for applications that are offered as a services (AD, Backup, Trusted Images, Artifact registry, Certificate Authority, etc.) to all clients |
| services-infrastructure | Contains the shared hub networking project, the core dns project as well as the host project for additional services |

### Client Landing Zone Folders
### Client Landing Zone

This section is made up of two packages `client-setup` and `client-landing-zone`. The client setup package prepares the Config Controller instances for the new client and creates the required service accounts and namespaces for the client to use.

The `client-landing-zone` package deploys the clients Google Cloud resources, including folder structure, firewalls, and Shared Infrastructure (VPC). The deployment of these packages are repeated for each onboarded client. A client in these examples would be an a department or working group that needs isolation from other groups.

It is possible to only have 1 client and service multiple teams and working groups. In this case teams would have folders or projects created under the `applications`, `auto` and/or `applications-infrastructure` folders that are created in the `client-landing-zone` deployment.

| Folder | Usage |
| --- | --- |
Expand Down Expand Up @@ -375,21 +397,21 @@ cd pbmm-landingzone
1. Get the gatekeeper policies package. These are the policies which your Config Controller instance will use to [validate](https://cloud.google.com/anthos-config-management/docs/concepts/policy-controller) compliance of any configuration deployed, this currently checks for guardrails compliance and naming conventions on projects. These policies will also be validated when running the `kpt fn render` command for early feedback.

```shell
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/gatekeeper-policies@<VERSION>
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/gatekeeper-policies@0.2.0
```

1. Get the landing zone package

- Experimentation

```shell
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/experimentation/core-landing-zone@<VERSION>
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/experimentation/core-landing-zone@0.1.0
```

- DEV, PREPROD, PROD

```shell
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/core-landing-zone@<VERSION>
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/core-landing-zone@0.3.2
```

1. Customize Packages
Expand Down
Binary file modified docs/landing-zone-v2/img/folder-structure.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
17 changes: 9 additions & 8 deletions docs/landing-zone-v2/onboarding-client.md
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
# Client Onboarding

<!-- vscode-markdown-toc -->
* [Introduction](#Introduction)
* [Setup](#Setup)
* [Add client-setup package](#Addclient-setuppackage)
* [Add the client-landing-zone package](#Addtheclient-landing-zonepackage)
* [Next Step](#NextStep)
- [Client Onboarding](#client-onboarding)
- [Introduction](#introduction)
- [Setup](#setup)
- [Add client-setup package](#add-client-setup-package)
- [Add the client-landing-zone package](#add-the-client-landing-zone-package)
- [Next Step](#next-step)

<!-- vscode-markdown-toc-config
numbering=false
Expand Down Expand Up @@ -50,7 +51,7 @@ You will execute this procedure to provision the foundational resources in GCP f
- DEV, PREPROD, PROD

```shell
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/client-setup@<VERSION> ./clients/<client name>
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/client-setup@0.4.1 ./clients/<client name>
```

1. Customize the `clients/<client name>/client-setup/setters.yaml` file
Expand All @@ -75,13 +76,13 @@ You will execute this procedure to provision the foundational resources in GCP f
- Experimentation

```shell
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/experimentation/client-landing-zone@<VERSION> ./clients/<client name>
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/experimentation/client-landing-zone@0.1.0 ./clients/<client name>
```

- DEV, PREPROD, PROD

```shell
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/client-landing-zone@<VERSION> ./clients/<client name>
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/client-landing-zone@0.4.3 ./clients/<client name>
```

1. Customize the `clients/<client name>/client-landing-zone/setters.yaml` file
Expand Down
11 changes: 6 additions & 5 deletions docs/landing-zone-v2/onboarding-project.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
# Project Onboarding

<!-- vscode-markdown-toc -->
* [Introduction](#Introduction)
* [Setup](#Setup)
* [Add client project package](#Addclientprojectpackage)
- [Project Onboarding](#project-onboarding)
- [Introduction](#introduction)
- [Setup](#setup)
- [Add client project package](#add-client-project-package)

<!-- vscode-markdown-toc-config
numbering=false
Expand Down Expand Up @@ -48,13 +49,13 @@ You will execute this procedure to provision the service project in GCP for appl
- Experimentation

```shell
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/experimentation/client-project@<VERSION> ./projects/<project-id>
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/experimentation/client-project@0.1.0 ./projects/<project-id>
```

- DEV, PREPROD, PROD

```shell
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/client-project-setup@<VERSION> ./projects/<project-id>
kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/client-project-setup@0.4.3 ./projects/<project-id>
```

1. Customize the `setters.yaml` file
Expand Down