search

GoogleCloudPlatform / pastures-poc-toolkit

Apache License 2.0
2 stars 2 forks source link

readme

Pastures PoC Toolkit

release license

The Pastures Proof of Concept (PoC) utility is used to bootstrap greenfield, production-ready landing zones for use case experimentation on Google Cloud.

demo-gif

Open in Cloud Shell

Prerequisites

  1. Google Cloud Organization
  2. Google Cloud Billing Account
  3. Cloud Identity Group
  4. The following IAM permissions:
    • Billing Account Administrator (roles/billing.admin) either on the organization or the billing account (see the following section for details)
    • Logging Admin (roles/logging.admin)
    • Organization Role Administrator (roles/iam.organizationRoleAdmin)
    • Organization Administrator (roles/resourcemanager.organizationAdmin)
    • Project Creator (roles/resourcemanager.projectCreator)
    • Tag Admin (roles/resourcemanager.tagAdmin)
    • Owner (roles/owner)

The following bash script can be used to quickly assign these permissions to your account:

# set variable for current logged in user
export PASTURE_USER=$(gcloud config list --format 'value(core.account)')

# find and set your org id
gcloud organizations list
export ORG_ID=123456

# set needed roles
export PASTURE_ROLES="roles/billing.admin roles/logging.admin \
  roles/iam.organizationRoleAdmin roles/resourcemanager.projectCreator \
  roles/resourcemanager.organizationAdmin roles/resourcemanager.tagAdmin \
  roles/owner"

for role in $PASTURE_ROLES; do
  gcloud organizations add-iam-policy-binding $ORG_ID \
    --member user:$PASTURE_USER --role $role --condition None
done

We recommend running pasture from a Cloud Shell environment. If you choose to run from your local machine, the following packages are also required:

  1. Terraform
  2. gcloud SDK

Install

Install the binary to your $PATH of choice. amd64 is currently the only supported build architecture.

sudo wget https://github.com/GoogleCloudPlatform/pastures-poc-toolkit/releases/download/v1.0.0/pastures_amd64.tar.gz -O - \
| sudo tar -zxf - -C /usr/local/bin

sudo chmod +x /usr/local/bin/pasture

Quickstart

Note: We recommend running this quickstart from a Cloud Shell environment

  1. Configure your local Pastures environment by:
    • Defining a prefix for resource naming
    • Specifying which Cloud Identity group e.g. pasture-group will own the PoC
    • Specifying your GCP Organization domain
    • Specifying your GCP Billing Account

[!IMPORTANT] Ensure that the user running the CLI is a member of your Cloud Identity group e.g. pasture-group.

pasture plow --prefix example1 --group-owner pasture-group --domain example.com --billing-account ABCDEF-GHIJKL-MNOPQ
  1. Create a pasture by indicating which seed template you'd like to deploy:

Note: This could take up to 15 minutes to deploy

pasture plant data-cloud --region us-central1 --pasture-size small

Cleanup

Destruction of a planted pasture is scoped to the seed template. All resources deployed by pasture or out of band will be deleted. Currently, pasture burn requires the same paramters inputs that were used with the corresponding pasture plant:

pasture burn data-cloud --region us-central1 --pasture-size small

State

Pastures will make every effort to persist environmental state and variable values to a GCS bucket. This supports the ability to run pasture from multiple locations, but demands a rehydration step in order to position the dependencies. Rehydration simply requires authorization with Google and the prefix originally chosen:

pasture plow --rehydrate --prefix example1

Afterwards, you can continue running pasture as your normally would.

Pasture Templates

Name Description Docs Est. Price Calculator
data-cloud Landing zone for data, analytics and generative AI cmd Small
Big

Blueprints

Name Seed Docs
Data Platform data-cloud Docs

Learn More