This phase deploys the per-environment multitenant resources deployed via the multitenant infrastructure pipeline.
An overview of the multitenant infrastructure pipeline is shown below.
The following resources are created:
- GCP Project (cluster project)
- GKE cluster(s)
- Cloud Armor
- App IP addresses (see below for details)
- Provision of the per-environment folder, network project, network, and subnetwork(s).
- 1-bootstrap phase executed successfully.
The steps below assume that you are checkout out on the same level as terraform-google-enterprise-application
and terraform-example-foundation
directories.
.
├── terraform-example-foundation
├── terraform-google-enterprise-application
└── .
-
Retrieve Multi-tenant administration project variable value from 1-bootstrap:
export multitenant_admin_project=$(terraform -chdir=./terraform-google-enterprise-application/1-bootstrap output -raw project_id) echo multitenant_admin_project=$multitenant_admin_project
-
(CSR) Clone the infrastructure pipeline repository:
gcloud source repos clone eab-multitenant --project=$multitenant_admin_project
-
Initialize the git repository, copy
2-multitenant
code into the repository, cloudbuild yaml files and terraform wrapper script:cd eab-multitenant git checkout -b plan cp -r ../terraform-google-enterprise-application/2-multitenant/* . cp ../terraform-example-foundation/build/cloudbuild-tf-* . cp ../terraform-example-foundation/build/tf-wrapper.sh . chmod 755 ./tf-wrapper.sh cp -RT ../terraform-example-foundation/policy-library/ ./policy-library sed -i 's/CLOUDSOURCE/FILESYSTEM/g' cloudbuild-tf-*
-
Disable all policies validation:
rm -rf policy-library/policies/constraints/*
-
Rename
terraform.example.tfvars
toterraform.tfvars
.mv terraform.example.tfvars terraform.tfvars
-
Update the file with values for your environment. See any of the envs folder README.md files for additional information on the values in the
terraform.tfvars
file. In addition toenvs
from prerequisites, each App must have it's own entry underapps
with a list of any dedicated IP address to be provisioned.apps = { "my-app" : { "ip_address_names" : [ "my-app-ip", ] "certificates" : { "my-app-cert" : ["my-domain-name"] } } }
-
Commit and push changes. Because the plan branch is not a named environment branch, pushing your plan branch triggers terraform plan but not terraform apply. Review the plan output in your Cloud Build project. https://console.cloud.google.com/cloud-build/builds;region=DEFAULT_REGION?project=YOUR_CLOUD_BUILD_PROJECT_ID
git add . git commit -m 'Initialize multitenant repo' git push --set-upstream origin plan
-
Merge changes to development. Because this is a named environment branch, pushing to this branch triggers both terraform plan and terraform apply. Review the apply output in your Cloud Build project https://console.cloud.google.com/cloud-build/builds;region=DEFAULT_REGION?project=YOUR_CLOUD_BUILD_PROJECT_ID
git checkout -b development git push origin development
-
Merge changes to nonproduction. Because this is a named environment branch, pushing to this branch triggers both terraform plan and terraform apply. Review the apply output in your Cloud Build project https://console.cloud.google.com/cloud-build/builds;region=DEFAULT_REGION?project=YOUR_CLOUD_BUILD_PROJECT_ID
git checkout -b nonproduction git push origin nonproduction
-
Merge changes to production. Because this is a named environment branch, pushing to this branch triggers both terraform plan and terraform apply. Review the apply output in your Cloud Build project https://console.cloud.google.com/cloud-build/builds;region=DEFAULT_REGION?project=YOUR_CLOUD_BUILD_PROJECT_ID
git checkout -b production git push origin production
-
The next instructions assume that you are in the
terraform-google-enterprise-application/2-multitenant
folder.cd ../2-multitenant
-
Rename
terraform.example.tfvars
toterraform.tfvars
.mv terraform.example.tfvars terraform.tfvars
-
Update the file with values for your environment. See any of the envs folder README.md files for additional information on the values in the
terraform.tfvars
file. In addition toenvs
from prerequisites, each App must have it's own entry underapps
with a list of any dedicated IP address to be provisioned.
apps = {
"my-app" : {
"ip_address_names" : [
"my-app-ip",
]
"certificates" : {
"my-app-cert" : ["my-domain"]
}
}
}
You can now deploy each of your environments (e.g. production).
-
Run
init
andplan
and review the output.terraform -chdir=./envs/production init terraform -chdir=./envs/production plan
-
Run
apply production
.terraform -chdir=./envs/production apply
If you receive any errors or made any changes to the Terraform config or terraform.tfvars
, re-run terraform -chdir=./envs/production plan
before you run terraform -chdir=./envs/production apply
.
-
Repeat the same series of terraform commands but replace
-chdir=./envs/production
with-chdir=./envs/nonproduction
to deploy the nonproduction environment. -
Repeat the same series of terraform commands but replace
-chdir=./envs/production
with-chdir=./envs/development
to deploy the development environment.