0d60e39aee
resource_labels added to the node_config nodepool ( #2317 )
...
* resource_labels added to the node_config nodepool
* labels added to the gke standard module
* labels set to mandatory
* Updating variables names
* Fix nodepool label variables defaults
* Fix tests
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2024-05-29 14:56:15 +02:00
11050c46cf
FAST MT: Readme updates and more prefix validation ( #2305 )
...
This change documents the process of deploying FAST on a tenant-factory bootstrapped tenant.
It also fixes changes the validation logic for prefix as follows:
- 0-bootstrap: 9 chars or less
- 1-resman/1-tenant-factory: 9 chars or less if ran at org-level, else 11
- else 11
It also uniforms across all stages the variables.tf and variables-fast.tf breakdown.
2024-05-24 12:01:55 +02:00
220ab76e40
enable shielded nodes by default on GKE mt blueprint and FAST stage ( #2105 )
2024-02-22 07:35:27 +00:00
71a64487d5
Extend FAST to support different principal types ( #2064 )
...
* add doc draft
* typos
* typo
* typo
* typos
* rewording
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* move iam variables to a separate file
* move billing-account module to iam_principals
* move data-catalog-policy-tag module to iam_principals
* move dataplex-datascan module to iam_principals
* move dataproc module to iam_principals
* move folder module to iam_principals
* copyright
* move organization module to iam_principals
* move project module to iam_principals
* move source-repository module to iam_principals
* update blueprints for iam_principals interface
* FAST bootstrap
* module READMEs fixes
* FAST bootstrap
* FAST networking stages
* FAST security stage
* FAST gke stage
* FAST multitenant bootstrap stage
* FAST multitenant resman stage
* tfdoc
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* fix module test
* Update 0-domainless-iam.md
* Update 0-domainless-iam.md
* Rename iam_principals to iam_by_principals
* Update IAM template to include iam_by_principals
* Update Resman README
* Fix ADR link format
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2024-02-12 14:35:30 +01:00
d127c25ad0
Shielded nodes and custom service account in FAST GKE stage and blueprint (CSPR-related) ( #2036 )
...
* default to shielded nodes in FAST gke stage
* use custom service account in GKE multitenant blueprint
2024-02-01 15:16:00 +00:00
11d7edac64
Add example to FAST GKE stage, streamline GKE Hub module variables and usage ( #1977 )
...
* implement optionals in gke-hub module
* simplify gke hub module call in mc mesh blueprint
* simplify gke hub module call and variables in multitenant blueprint
* gke hub inventory
* provide cluster and fleet examples in stage
2024-01-20 10:06:38 +00:00
6d89b88149
versions.tf maintenance + copyright notice bump ( #1782 )
...
* Bump copyright notice to 2023
* Delete versions.tf on blueprints
* Pin provider to major version 5
* Remove comment
* Fix lint
* fix bq-ml blueprint readme
---------
Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
Co-authored-by: Julio Castillo <jccb@google.com>
2023-10-20 18:17:47 +02:00
789328ff5a
Bump provider versions to v5.0.0 ( #1724 )
...
* bump provider versions to 5.0.0
* fix cloud run, logging and vpc-sc
* Fix secret manager
* fix gke nodepool
* fix gke multitenant stage and blueprint
* Moving alloydb module to experimental.
* Add project to bare resources in examples
* tfdoc
* fix svpc blueprint test
* Revert "fix svpc blueprint test"
This reverts commit 14f02659098070136e64ead600580dd52c23c339.
* Fix GKE peering project
* Disable tests in alloydb module
* Bring back secret ids in secret manager tests
* Remove duplicate key
* last push
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2023-10-03 12:15:36 +00:00
82fcd5a7d3
rename FAST globals output file ( #1695 )
2023-09-20 10:36:06 +02:00
6eb862a775
GKE cluster modules: add optional kube state metrics ( #1682 )
...
* `gke-cluster-standard`: add optional kube state metrics
* `gke-cluster-autopilot`: add optional kube state metrics
* FAST: add kube state metrics support for GKE
* blueprints/gke: add kube state metrics support
* Bump up the provider version to `v4.82.0`
2023-09-15 12:18:45 +01:00
b3dc91b5cd
Upgrades to `monitoring_config` in `gke-cluster-*`, docs update, and cosmetics fixes to GKE cluster modules ( #1680 )
...
* gke-cluster-standard: upgrade `monitoring_config` to use object style. Add tests.
* gke-cluster-standard: update docs
* gke-cluster-autopilot: move gateway_api_config block (cosmetic change)
* gke-cluster-autopilot: update docs and fix typos
* Update blueprints due to `monitoring_config` changes in `gke-cluster-standard`.
* Update FAST due to `monitoring_config` changes in `gke-cluster-standard`.
* Update docs for affected blueprints and FAST stages
2023-09-14 23:25:57 +01:00
8d7772761c
Fix FAST readmes
2023-09-14 13:10:16 +02:00
c1be435b09
Fix range names definition of GKE clusters
...
Fixes #1677
2023-09-14 12:51:43 +02:00
988fd2ee05
gke-cluster-standard: change logging configuration ( #1638 )
...
* Update logging configuration of this module to use object interface in harmony with `gke-cluster-autopilot` module.
* Update blueprints that use this module.
* Add "WORKLOADS" log source to logging configuration of the blueprints where the README files say so.
* Update FAST stage 3 because it uses this module.
2023-08-31 12:49:15 +01:00
87cd83f5c0
Several updates
...
Several updates
2023-05-13 23:51:46 -04:00
491b52f023
update variables files for gke nodepool taints ( #1358 )
...
* update variables files for gke node config taints to allow passing of node objects
* forgot to run terraform fmt..
* update module docs
2023-05-05 19:42:00 +02:00
75cc2f3d7a
FAST: shorten stage 3 prefixes, enforce prefix length in stage 3s ( #1346 )
...
* shorten stage 3 prefixes, enforce prefix length in stage 3s
* tfdoc
* tfdoc
2023-05-03 07:39:41 +02:00
36a7347744
FAST stage docs cleanup ( #1145 )
...
* top-level and stage 0
* stage 1
* net peering
* networking
* networking
* security
* gke, dp
* checks
2023-02-15 05:42:14 +00:00
5453c585e0
FAST multitenant bootstrap and resource management, rename org-level FAST stages ( #1052 )
...
* rename stages
* remove support for external org billing, rename output files
* resman: make groups optional, align on new billing account variable
* bootstrap: multitenant outputs
* tenant bootstrap stage, untested
* fix folder name
* fix stage 0 output names
* optional creation for tag keys in organization module
* single tenant bootstrap minus tag
* rename output files, add tenant tag key
* fix organization module tag values output
* test skipping creation for tags in organization module
* single tenant bootstrap plan working
* multitenant bootstrap
* tfdoc
* fix check links error messages
* fix links
* tfdoc
* fix links
* rename fast tests, fix bootstrap tests
* multitenant stages have their own folder, simplify stage numbering
* stage renumbering
* wip
* rename tests
* exclude fast providers in fixture
* stage 0 tests
* stage 1 tests
* network stages tests
* stage tests
* tfdoc
* fix links
* tfdoc
* multitenant tests
* remove local files
* stage links command
* fix links script, TODO
* wip
* wip single tenant bootstrap
* working tenant bootstrap
* update gitignore
* remove local files
* tfdoc
* remove local files
* allow tests for tenant bootstrap stage
* tenant bootstrap proxies stage 1 tfvars
* stage 2 and 3 service accounts and IAM in tenant bootstrap
* wip
* wip
* wip
* drop multitenant bootstrap
* tfdoc
* add missing stage 2 SAs, fix org-level IAM condition
* wip
* wip
* optional tag value creation in organization module
* stage 1 working
* linting
* linting
* READMEs
* wip
* Make stage-links script work in old macos bash
* stage links command help
* fix output file names
* diagrams
* fix svg
* stage 0 skeleton and diagram
* test svg
* test svg
* test diagram
* diagram
* readme
* fix stage links script
* stage 0 readme
* README changes
* stage readmes
* fix outputs order
* fix link
* fix tests
* stage 1 test
* skip stage example
* boilerplate
* fix tftest skip
* default bootstrap stage log sinks to log buckets
* add logging to tenant bootstrap
* move iam variables out of tenant config
* fix cicd, reintroduce missing variable
* use optional in stage 1 cicd variable
* rename extras stage
* rename and move identity providers local, use optional for cicd variable
* tfdoc
* add support for wif pool and providers, ci/cd
* tfdoc
* fix links
* better handling of modules repository
* add missing role on logging project
* fix cicd pools in locals, test cicd
* fix workflow extension
* fix module source replacement
* allow tenant bootstrap cicd sa to impersonate resman sa
* tenant workflow templates fix for no providers file
* fix output files, push github workflow template to new repository
* remove try from outpout files
* align stage 1 cicd internals to stage 0
* tfdoc
* tests
* fix tests
* tests
* improve variable descriptions
* use optional in fast features
* actually create tenant log sinks, and allow the resman sa to do it
* test
* tests
* aaaand tests again
* fast features tenant override
* fast features tenant override
* fix wording
* add missing comment
* configure pf service accounts
* add missing comment
* tfdoc
* tests
* IAM docs
* update copyright
---------
Co-authored-by: Julio Castillo <jccb@google.com>
2023-02-04 15:00:45 +01:00
fulyagonultas
Simone Ruffilli
Ludovico Magnocavallo
Oliver Frolovs
Julio Castillo
Alejandro Leal
Jack P