Move gke multi cluster mesh example to gke folder

2022-09-12 10:26:33 +02:00 · 2022-09-12 10:26:33 +02:00 · 96edc4b58f
parent 96257871a2
commit 96edc4b58f
18 changed files with 7 additions and 2 deletions
--- a/blueprints/README.md
+++ b/blueprints/README.md
@ -7,7 +7,7 @@ Currently available blueprints:
 - **cloud operations** - [Resource tracking and remediation via Cloud Asset feeds](./cloud-operations/asset-inventory-feed-remediation), [Granular Cloud DNS IAM via Service Directory](./cloud-operations/dns-fine-grained-iam), [Granular Cloud DNS IAM for Shared VPC](./cloud-operations/dns-shared-vpc), [Compute Engine quota monitoring](./cloud-operations/quota-monitoring), [Scheduled Cloud Asset Inventory Export to Bigquery](./cloud-operations/scheduled-asset-inventory-export-bq), [Packer image builder](./cloud-operations/packer-image-builder), [On-prem SA key management](./cloud-operations/onprem-sa-key-management), [TCP healthcheck for unmanaged GCE instances](./cloud-operations/unmanaged-instances-healthcheck), [HTTP Load Balancer with Cloud Armor](./cloud-operations/glb_and_armor)
 - **data solutions** - [GCE/GCS CMEK via centralized Cloud KMS](./data-solutions/gcs-to-bq-with-least-privileges/), [Cloud Storage to Bigquery with Cloud Dataflow with least privileges](./data-solutions/gcs-to-bq-with-least-privileges/), [Data Platform Foundations](./data-solutions/data-platform-foundations/), [SQL Server AlwaysOn availability groups blueprint](./data-solutions/sqlserver-alwayson), [Cloud SQL instance with multi-region read replicas](./data-solutions/cloudsql-multiregion/)
 - **factories** - [The why and the how of resource factories](./factories/README.md)
- **GKE** - [GKE multitenant fleet](./gke/multitenant-fleet/), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [Binary Authorization Pipeline](./gke/binauthz/)
+- **GKE** - [GKE multitenant fleet](./gke/multitenant-fleet/), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [Binary Authorization Pipeline](./gke/binauthz/), [Multi-cluster mesh on GKE (fleet API)](./gke/multi-cluster-mesh-gke-fleet-api/)
 - **networking** - [hub and spoke via peering](./networking/hub-and-spoke-peering/), [hub and spoke via VPN](./networking/hub-and-spoke-vpn/), [DNS and Google Private Access for on-premises](./networking/onprem-google-access-dns/), [Shared VPC with GKE support](./networking/shared-vpc-gke/), [ILB as next hop](./networking/ilb-next-hop), [PSC for on-premises Cloud Function invocation](./networking/private-cloud-function-from-onprem/), [decentralized firewall](./networking/decentralized-firewall)
 - **serverless** - [Multi-region deployments for API Gateway](./serverless/api-gateway/)
 - **third party solutions** - [OpenShift cluster on Shared VPC](./third-party-solutions/openshift)
--- a/blueprints/gke/README.md
+++ b/blueprints/gke/README.md
@ -22,3 +22,8 @@ It is meant to be used as a starting point for most Shared VPC configurations, a

 <a href="../gke/binauthz/" title="Binary Authorization Pipeline"><img src="../gke/binauthz/diagram.png" align="left" width="280px"></a> This [blueprint](../gke/binauthz/) shows how to create a CI and a CD pipeline in Cloud Build for the deployment of an application to a private GKE cluster with unrestricted access to a public endpoint. The blueprint enables a Binary Authorization policy in the project so only images that have been attested can be deployed to the cluster. The attestations are created using a cryptographic key pair that has been provisioned in KMS.
 <br clear="left">
+
+### Multi-cluster mesh on GKE (fleet API)
+
+<a href="../gke/multi-cluster-mesh-gke-fleet-api/" title="Binary Authorization Pipeline"><img src="../gke/multi-cluster-mesh-gke-fleet-api/diagram.png" align="left" width="280px"></a> This [blueprint](../gke/multi-cluster-mesh-gke-fleet-api/) shows how to create a multi-cluster mesh for two private clusters on GKE. Anthos Service Mesh with automatic control plane management is set up for clusters using the Fleet API. This can only be done if the clusters are in a single project and in the same VPC. In this particular case both clusters having being deployed to different subnets in a shared VPC.
+<br clear="left">
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/.gitignore
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/.gitignore
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/README.md
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/README.md
@ -4,7 +4,7 @@ The following blueprint shows how to create a multi-cluster mesh for two private

 The diagram below depicts the architecture of the blueprint.

-![Architecture](architecture.png)
+![Architecture diagram](diagram.png)

 Terraform is used to provision the required infrastructure, create the IAM binding and register the clusters to the fleet.

--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/ansible.cfg
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/ansible.cfg
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/inventory/hosts.ini
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/inventory/hosts.ini
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/playbook.yaml
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/playbook.yaml
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/endpoint-discovery-config.yaml
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/endpoint-discovery-config.yaml
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/install.yaml
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/install.yaml
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/main.yaml
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/roles/install/tasks/main.yaml
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/roles/prerequisites/tasks/main.yaml
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/roles/prerequisites/tasks/main.yaml
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/roles/test/tasks/main.yaml
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/roles/test/tasks/main.yaml
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/roles/test/tasks/test.yaml
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/ansible/roles/test/tasks/test.yaml
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/architecture.png
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/architecture.png
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/main.tf
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/main.tf
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/templates/gssh.sh.tpl
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/templates/gssh.sh.tpl
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/templates/vars.yaml.tpl
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/templates/vars.yaml.tpl
--- a/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/variables.tf
+++ b/blueprints/cloud-operations/multi-cluster-mesh-gke-fleet-api/variables.tf