kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename 02-networking to 02-networking-vpn (#492)

Browse Source
This commit is contained in:
Simone Ruffilli
2022-02-04 11:03:37 +01:00
committed by GitHub
parent 52c4b608c2
commit 0cef15301b
39 changed files with 1077 additions and 1122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
fast/README.md
View File

@@ -32,33 +32,10 @@ A resource factory consumes a simple representation of a resource (e.g., in YAML
FAST uses YAML-based factories to deploy subnets and firewall rules and, as its name suggests, in the [project factory](./stages/03-project-factory/) stage.
## High level design
## Stages and high level design
As mentioned before, fast relies on multiple stages to progressively bring up your GCP organization(s). In this section we briefly describe each stage.
### Organizational level (00-01)
- [Bootstrap](stages/00-bootstrap/README.md)<br/>
Enables critical organization-level functionality that directly depends on Organization Administrator permissions. It has two primary purposes. The first is to bootstrap the resources needed to automate this and the following stages (service accounts, GCS buckets). And secondly, it applies the minimum amount of configuration needed at the organization level to avoid the need to grant organization-level permissions via Organization Administrator later on, and to implement a minimum of security features like sinks and exports from the start.
- [Resource Management](stages/01-resman/README.md)<br/>
Creates the base resource hierarchy (folders) and the automation resources required to delegate each part of the hierarchy to separate stages. This stage also configures organization-level policies and any exceptions needed by different branches of the resource hierarchy.
### Shared resources (02)
- [Security](stages/02-security/README.md)<br/>
Manages centralized security configurations in a separate stage, typically owned by the security team. This stage implements VPC Security Controls via separate perimeters for environments and central services, and creates projects to host centralized KMS keys used by the whole organization. It's intentionally easy to extend to include other security-related resources, like Secret Manager.
- Networking ([VPN](02-networking/README.md)/[NVA](02-networking-nva/README.md))
Manages centralized network resources in a separate stage, and is typically owned by the networking team. This stage implements a hub-and-spoke design, and includes connectivity via VPN to on-premises, and YAML-based factories for firewall rules (hierarchical and VPC-level) and subnets. It's currently available in two versions: [spokes connected via VPN](02-networking/README.md), [and spokes connected via appliances](02-networking-nva/README.md).
### Environment-level resources (03)
- [Project Factory](stages/03-project-factory/prod/README.md)<br/>
YAML-based factory to create and configure application- or team-level projects. Configuration includes VPC-level settings for Shared VPC, service-level configuration for CMEK encryption via centralized keys, and service account creation for workloads and applications. This stage is meant to be used once per environment.
- Data Platform (in development)
- GKE Multitenant (in development)
- GCE Migration (in development)
Please refer to the READMEs of each stage for further details.
As mentioned before, fast relies on multiple stages to progressively bring up your GCP organization(s).
Please refer to the [stages](./stages/) section for further details.
## Implementation