You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+11-8Lines changed: 11 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -11,13 +11,15 @@ This repository is intended as an example to be forked, tweaked, and maintained
11
11
Though this blueprint can help accelerate your foundation design and build, we assume that you have the engineering skills and teams to deploy and customize your own foundation based on your own requirements.
12
12
13
13
We will support:
14
-
- Code is semantically valid, pinned to known good versions, and passes terraform validate and lint checks
15
-
- All PR to this repo must pass integration tests to deploy all resources into a test environment before being merged
16
-
- Feature requests about ease of use of the code, or feature requests that generally apply to all users, are welcome
14
+
15
+
- Code is semantically valid, pinned to known good versions, and passes terraform validate and lint checks
16
+
- All PR to this repo must pass integration tests to deploy all resources into a test environment before being merged
17
+
- Feature requests about ease of use of the code, or feature requests that generally apply to all users, are welcome
17
18
18
19
We will not support:
19
-
- In-place upgrades from a foundation deployed with an earlier version to a more recent version, even for minor version changes, might not be feasible. Repository maintainers do not have visibility to what resources a user deploys on top of their foundation or how the foundation was customized in deployment, so we make no guarantee about avoiding breaking changes.
20
-
- Feature requests that are specific to a single user's requirement and not representative of general best practices
20
+
21
+
- In-place upgrades from a foundation deployed with an earlier version to a more recent version, even for minor version changes, might not be feasible. Repository maintainers do not have visibility to what resources a user deploys on top of their foundation or how the foundation was customized in deployment, so we make no guarantee about avoiding breaking changes.
22
+
- Feature requests that are specific to a single user's requirement and not representative of general best practices
21
23
22
24
## Overview
23
25
@@ -47,8 +49,9 @@ The bootstrap step includes:
47
49
- VPN connection with on-prem (or wherever your Jenkins Controller is located)
48
50
49
51
It is a best practice to separate concerns by having two projects here: one for the Terraform state and one for the CI/CD tool.
50
-
- The `prj-b-seed` project stores Terraform state and has the service accounts that can create or modify infrastructure.
51
-
- The `prj-b-cicd` project holds the CI/CD tool (either Cloud Build or Jenkins) that coordinates the infrastructure deployment.
52
+
53
+
- The `prj-b-seed` project stores Terraform state and has the service accounts that can create or modify infrastructure.
54
+
- The `prj-b-cicd` project holds the CI/CD tool (either Cloud Build or Jenkins) that coordinates the infrastructure deployment.
52
55
53
56
To further separate the concerns at the IAM level as well, a distinct service account is created for each stage. The Terraform custom service accounts are granted the IAM permissions required to build the foundation.
54
57
If using Cloud Build as the CI/CD tool, these service accounts are used directly in the pipeline to execute the pipeline steps (`plan` or `apply`).
@@ -73,7 +76,7 @@ Usage instructions are available in the 0-bootstrap [README](./0-bootstrap/READM
73
76
### [1. org](./1-org/)
74
77
75
78
The purpose of this stage is to set up the common folder used to house projects that contain shared resources such as Security Command Center notification, Cloud Key Management Service (KMS), org level secrets, and org level logging.
76
-
This stage also sets up the network folder used to house network related projects such as DNS Hub, Interconnect, network hub, and base and restricted projects for each environment (`development`, `nonproduction` or `production`).
79
+
This stage also sets up the network folder used to house network related projects such as DNS Hub, Interconnect, network hub, and base and restricted projects for each environment (`development`, `nonproduction` or `production`).
77
80
This will create the following folder and project structure:
0 commit comments