GoogleCloudPlatform / pubsec-declarative-toolkit

The GCP PubSec Declarative Toolkit is a collection of declarative solutions to help you on your Journey to Google Cloud. Solutions are designed using Config Connector and deployed using Config Controller.
Apache License 2.0
31 stars 28 forks source link

GCP PubSec Declarative Toolkit

The GCP PubSec Declarative Toolkit is a collection of declarative solutions to help you on your Journey to Google Cloud. Solutions are designed using Config Connector and deployed using Config Controller.

Current Solutions

Name Description Documentation
Guardrails Base Infrastructure for 30 Day Guardrail Deployment link
Organization Policy Bundle Package of Baseline Organization Policies link
Guardrails Policy Bundle Policy Bundle to help analyze compliance for Guardrails link
KCC Namespaces This solution is a simple fork of the KCC Project Namespaces blueprint found here link
Landing Zone v2 (LZv2) (In development) PBMM Landing Zone built in collaboration with Shared Services Canada link
Gatekeeper Policy (LZv2) Policy Bundle link
Core Landing Zone (LZv2) Foundational resources building the landing zone link
Client Setup (LZv2) Package to create the initial client folder and namespaces link
Client Landing Zone (LZv2) Package to create the client folder sub-structure and a standard Shared VPC link
Client Project Setup (LZv2) Package to create a service project and host workloads link
GKE Setup (LZv2) Package to prepare a service project for GKE clusters link
GKE Defaults (LZv2) A package to deploy common GKE resources link
GKE Cluster Autopilot (LZv2) A GKE Autopilot Cluster running in a service project link
Cluster Defaults (LZv2) This package deploys default resources that have to exist on all GKE clusters link
Namespace Defaults (LZv2) This package deploys a workload namespace and it's associated configuration link

When getting a package you can use the @ to indicate what tag or branch you will be getting with the kpt pkg get command for example kpt pkg get https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit.git/solutions/core-landing-zone@main.

You can find the latest release versions in the releases page.

Quickstart

Deploying an example landing zone requires two steps:

In order to deploy the solutions you will need a Kubernetes cluster with Config Connector installed.

We recommend using the Managed Config Controller service which comes bundled with Config Connector and Anthos Config Management, alternatively you can install Config Connector on any CNCF compliant Kubernetes cluster.

See the Google Cloud quickstart guide for getting up and running with Config Controller

A setup script is provided in the repository gcp-tools that will configure the Config Controller cluster. The instructions in the Advanced Install are automated as part of the setup-kcc.sh script.

We have also put together the following guide to deploy a standalone Config Controller instance or see the examples directory for example installation methods.

After the Kubernetes cluster is fully provisioned - proceed to Deploy a landing zone v2 package.

Additional Documentation

You may want to look at the documentation published by Shared Services Canada, providing a good level of details on how they have implemented the Landing Zone v2 solution to host workloads from any of the 43 departments of the Government of Canada.

For further documentation on the project, including the setup pre-requirements and supporting service such as Config Connector and Config Management.

Additional Resources

Disclaimer

This is not an officially supported Google product.