This repository provides a step by step tutorial to create the infrastructure foundations for a GCP organization. The intended use case is an enterprise customer deploying workloads into GCP.
Enterprises typically have centralized infrastructure, for example one prod and one nonprod environment each with a Shared VPC network, Hybrid Connectivity, Firewall Rules, Organization Policies, IAM policies, and Logging configuration.
Application teams develop changes in their own service projects using the nonprod infrastructure. Changes are ultimately deployed into the production environment.
The infrastructure controller provides a smooth on-ramp to manage the prod and nonprod centralized infrastructure using CI/CD and Terraform Infrastructure as Code techniques.
- One environment,
nonprod, with: - An infra-controller Service Account to manage the shared infrastructure for the environment.
- A GCS Bucket to hold Terraform state for the environment.
- A GitLab Runner to execute Terraform in a CI/CD pipeline.
Additional environments, e.g. prod, may be created by repeating this process.
Note: The runner is intended solely to control the infrastructure, it should not be shared with development teams because the runner has access to a service account with elevated access across the GCP organization.
- A newly created GCP project. For example,
infra-controller-nonprodwith a project id ofinfra-controller-nonprod-123456. - Owner of the project.
- A GitLab Runner registration token
Execute these tutorials in order to get started.
| Step | Description | Run |
|---|---|---|
| State Bucket | Create a state bucket |  |
| Service Account | Create a service account for Terraform | TODO |
| GitLab Runner | Create GitLab runners to execute Terraform | TODO |