zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/blueprints/gke
History
Ludovico Magnocavallo 6941313c7d
Factories refactor (#1843) 
* factories refactor doc

* Adds file schema and filesystem organization

* Update 20231106-factories.md

* move factories out of blueprints and create new factories  README

* align factory in billing-account module

* align factory in dataplex-datascan module

* align factory in billing-account module

* align factory in net-firewall-policy module

* align factory in dns-response-policy module

* align factory in net-vpc-firewall module

* align factory in net-vpc module

* align factory variable names in FAST

* remove decentralized firewall blueprint

* bump terraform version

* bump module versions

* update top-level READMEs

* move project factory to modules

* fix variable names and tests

* tfdoc

* remove changelog link

* add project factory to top-level README

* fix cludrun eventarc diff

* fix README

* fix cludrun eventarc diff

---------

Co-authored-by: Simone Ruffilli <sruffilli@google.com>
 		2024-02-26 10:16:52 +00:00
..
autopilot Format python files in blueprints (#2079) 2024-02-15 09:37:49 +01:00
binauthz Added workstation-cluster module 2023-11-30 07:02:28 +01:00
multi-cluster-mesh-gke-fleet-api Add example to FAST GKE stage, streamline GKE Hub module variables and usage (#1977) 2024-01-20 10:06:38 +00:00
multitenant-fleet enable shielded nodes by default on GKE mt blueprint and FAST stage (#2105) 2024-02-22 07:35:27 +00:00
patterns Factories refactor (#1843) 2024-02-26 10:16:52 +00:00
README.md Added autopilot blueprint 2023-03-07 15:37:20 +01:00
shared-vpc-gke Link shared vpc gke blueprint in gke folder 2022-09-12 10:00:38 +02:00

README.md

GKE blueprints

The blueprints in this folder show implement end-to-end scenarios for GKE topologies that show how to automate common configurations or leverage specific products.

They are meant to be used as minimal but complete starting points to create actual infrastructure, and as playgrounds to experiment with Google Cloud features.

Blueprints

Binary Authorization Pipeline

This blueprint shows how to create a CI and a CD pipeline in Cloud Build for the deployment of an application to a private GKE cluster with unrestricted access to a public endpoint. The blueprint enables a Binary Authorization policy in the project so only images that have been attested can be deployed to the cluster. The attestations are created using a cryptographic key pair that has been provisioned in KMS.


Multi-cluster mesh on GKE (fleet API)

This blueprint shows how to create a multi-cluster mesh for two private clusters on GKE. Anthos Service Mesh with automatic control plane management is set up for clusters using the Fleet API. This can only be done if the clusters are in a single project and in the same VPC. In this particular case both clusters having being deployed to different subnets in a shared VPC.


Multitenant GKE fleet

This blueprint allows simple centralized management of similar sets of GKE clusters and their nodepools in a single project, and optional fleet management via GKE Hub templated configurations.


Shared VPC with GKE and per-subnet support

This blueprint shows how to configure a Shared VPC, including the specific IAM configurations needed for GKE, and to give different level of access to the VPC subnets to different identities.

It is meant to be used as a starting point for most Shared VPC configurations, and to be integrated to the above blueprints where Shared VPC is needed in more complex network topologies.


Autopilot

This blueprint creates an Autopilot cluster with Google-managed Prometheus enabled and installs an application that scales as the traffic that is hitting the load balancer exposing it grows.