This phase deploys the per-environment multitenant resources deployed via the multitenant infrastructure pipeline.
An overview of the multitenant infrastructure pipeline is shown below.
The following resources are created:
- GCP Project (cluster project)
- GKE cluster(s)
- Cloud Armor
- App IP addresses (see below for details)
- Provision of the per-environment folder, network project, network, and subnetwork(s).
- 1-bootstrap phase executed successfully.
The steps below assume that you are checked out on the same level as terraform-google-enterprise-application and terraform-example-foundation directories.
.
├── terraform-example-foundation
├── terraform-google-enterprise-application
└── .NOTE: If you don't have the foundation codebase, you can clone it by running the following command:
git clone --branch v4.1.0 https://github.com/terraform-google-modules/terraform-example-foundation.git
Please note that some steps in this documentation are specific to the selected Git provider. These steps are clearly marked at the beginning of each instruction. For example, if a step applies only to GitHub users, it will be labeled with "(GitHub only)."
-
Retrieve Multi-tenant administration project variable value from 1-bootstrap:
export multitenant_admin_project=$(terraform -chdir=./terraform-google-enterprise-application/1-bootstrap output -raw project_id) echo multitenant_admin_project=$multitenant_admin_project
-
(CSR Only) Clone the infrastructure pipeline repository:
gcloud source repos clone eab-multitenant --project=$multitenant_admin_project
-
(Github Only) When using Github with Cloud Build, clone the repository with the following command.
git clone [email protected]:<GITHUB-OWNER or ORGANIZATION>/eab-multitenant.git
-
(Gitlab Only) When using Gitlab with Cloud Build, clone the repository with the following command.
git clone [email protected]:<GITLAB-GROUP or ACCOUNT>/eab-multitenant.git
-
Initialize the git repository, copy
2-multitenantcode into the repository, Cloud Build yaml files and terraform wrapper script:cd eab-multitenant git checkout -b plan cp -r ../terraform-google-enterprise-application/2-multitenant/* . cp ../terraform-example-foundation/build/cloudbuild-tf-* . cp ../terraform-example-foundation/build/tf-wrapper.sh . chmod 755 ./tf-wrapper.sh cp -RT ../terraform-example-foundation/policy-library/ ./policy-library sed -i 's/CLOUDSOURCE/FILESYSTEM/g' cloudbuild-tf-*
-
Disable all policies validation:
rm -rf policy-library/policies/constraints/* -
Rename
terraform.example.tfvarstoterraform.tfvars.mv terraform.example.tfvars terraform.tfvars
-
Update the file with values for your environment. See any of the envs folder README.md files for additional information on the values in the
terraform.tfvarsfile. In addition toenvsfrom prerequisites, each App must have it's own entry underappswith a list of any dedicated IP address to be provisioned. For the default hello world example, use the following valuesapps = { "default-example" : { "acronym" = "de", } }
-
Commit and push changes. Because the plan branch is not a named environment branch, pushing your plan branch triggers terraform plan but not terraform apply. Review the plan output in your Cloud Build project. https://console.cloud.google.com/cloud-build/builds;region=DEFAULT_REGION?project=YOUR_CLOUD_BUILD_PROJECT_ID
git add . git commit -m 'Initialize multitenant repo' git push --set-upstream origin plan
-
Merge changes to development. Because this is a named environment branch, pushing to this branch triggers both terraform plan and terraform apply. Review the apply output in your Cloud Build project https://console.cloud.google.com/cloud-build/builds;region=DEFAULT_REGION?project=YOUR_CLOUD_BUILD_PROJECT_ID
git checkout -b development git push origin development
-
Merge changes to nonproduction. Because this is a named environment branch, pushing to this branch triggers both terraform plan and terraform apply. Review the apply output in your Cloud Build project https://console.cloud.google.com/cloud-build/builds;region=DEFAULT_REGION?project=YOUR_CLOUD_BUILD_PROJECT_ID
git checkout -b nonproduction git push origin nonproduction
-
Merge changes to production. Because this is a named environment branch, pushing to this branch triggers both terraform plan and terraform apply. Review the apply output in your Cloud Build project https://console.cloud.google.com/cloud-build/builds;region=DEFAULT_REGION?project=YOUR_CLOUD_BUILD_PROJECT_ID
git checkout -b production git push origin production
-
The next instructions assume that you are in the
terraform-google-enterprise-application/2-multitenantfolder.cd ../2-multitenant -
Rename
terraform.example.tfvarstoterraform.tfvars.mv terraform.example.tfvars terraform.tfvars
-
Update the file with values for your environment. See any of the envs folder README.md files for additional information on the values in the
terraform.tfvarsfile. In addition toenvsfrom prerequisites, each App must have it's own entry underappswith a list of any dedicated IP address to be provisioned.
apps = {
"my-app" : {
"ip_address_names" : [
"my-app-ip",
]
"certificates" : {
"my-app-cert" : ["my-domain"]
}
}
}You can now deploy each of your environments (e.g. production).
-
Run
initandplanand review the output.terraform -chdir=./envs/production init terraform -chdir=./envs/production plan
-
Run
apply production.terraform -chdir=./envs/production apply
If you receive any errors or made any changes to the Terraform config or terraform.tfvars, re-run terraform -chdir=./envs/production plan before you run terraform -chdir=./envs/production apply.
-
Repeat the same series of terraform commands but replace
-chdir=./envs/productionwith-chdir=./envs/nonproductionto deploy the nonproduction environment. -
Repeat the same series of terraform commands but replace
-chdir=./envs/productionwith-chdir=./envs/developmentto deploy the development environment.