Automate tenant resource provisioning

GoogleCloudPlatform · Jun 23, 2023 · 6958eb5 · 6958eb5
1 parent d546549
commit 6958eb5
Show file tree

Hide file tree

Showing 6 changed files with 44 additions and 72 deletions.
diff --git a/README.md b/README.md
@@ -121,49 +121,39 @@ The blueprint configures a dedicated namespace for tenant apps and resources:
 
 ## Deploy the blueprint
 
-- Open [Cloud Shell](https://cloud.google.com/shell)
-- Clone this repository
-- Change into the directory that contains the Terraform code:
+1. Open [Cloud Shell](https://cloud.google.com/shell)
+1. Clone this repository
+1. Change into the directory that contains the Terraform code:
 
   ```sh
   cd [REPO]/terraform
   ```
 
   Where `[REPO]` is the path to the directory where you cloned this repository.
 
-- Set a Terraform environment variable for your project ID in the `terraform.tfvars` file by setting the value of the `project_id` variable.
-- Initialize Terraform:
+1. Set a Terraform environment variable for your project ID in the `terraform.tfvars` file by setting the value of the `project_id` variable.
+1. Initialize Terraform:
 
   ```sh
   terraform init
   ```
 
-- Create the plan and review it:
+1. Review the proposed changes, and apply them:
 
   ```sh
-  terraform plan -out terraform.out
+  terraform apply
   ```
 
-- Apply the plan to create the cluster:
+  This may take about 15 minutes to complete
 
-  ```sh
-  terraform apply terraform.out
-  ```
+### Add another tenant
 
-  Note: this may take ~15 minutes to complete
+This blueprint dynamically provisions a runtime environment for each tenant you configure.
+
+To add another tenant, add its name to the list of tenants to configure using
+the `tenant_names` variable.
 
 ## Test
 
 For more details about manual tests you can perform to validate this setup,
 refer to the [testing directory](testing).
-
-## Add another tenant
-
-This blueprint provisions a runtime environment for a single tenant.
-
-To add another tenant, you:
-
-1. Create the project-level infrastructure and resources for the new tenant by updating the Terraform descriptors.
-1. Configure cluster-level resources for the new tenant by instantiating and configuring a new version of the `tenant` kpt package.
-
-For an example of this process, refer to the [testing directory](testing).
diff --git a/configsync/tenants/fltenant1/Kptfile b/configsync/tenants/fltenant1/Kptfile
@@ -1,11 +1,25 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: kpt.dev/v1
 kind: Kptfile
 metadata:
   name: fedlearn
 upstream:
   type: git
   git:
-    repo: https://github.com/GoogleCloudPlatform/gke-third-party-apps-blueprint
+    repo: https://github.com/GoogleCloudPlatform/gke-securing-third-party-apps-blueprint
     directory: /tenant-config-pkg
     ref: tidyup
   updateStrategy: resource-merge

diff --git a/configsync/tenants/fltenant1/README.md b/configsync/tenants/fltenant1/README.md
diff --git a/tenant-config-pkg/Kptfile b/tenant-config-pkg/Kptfile
@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 apiVersion: kpt.dev/v1
 kind: Kptfile
 metadata:

diff --git a/tenant-config-pkg/README.md b/tenant-config-pkg/README.md
@@ -34,7 +34,7 @@ Used to bind to a ClusterRole with limited permissions.
   kpt pkg get $PKG-REPO.git/tenant-config-pkg tenant2
   ```
 
-1. Confgure the package, updating default values with tenant-specific values. This updates the namespace to be 'tenant2' etc.
+1. Configure the package, updating default values with tenant-specific values. This updates the namespace to be 'tenant2' etc.
 
   ```sh
   kpt fn eval --image gcr.io/kpt-fn/apply-setters:v0.2 -- \

diff --git a/terraform/acm.tf b/terraform/acm.tf
@@ -54,7 +54,7 @@ resource "google_gke_hub_feature_membership" "feature_member" {
       }
       source_format = "unstructured"
     }
-    # Note that we enable PolicyController mutations separately below
+
     policy_controller {
       enabled                    = true
       mutation_enabled           = true