A repository that includes YAML manifests. Manifests can define GCP resources in config connector format or the Kubernetes components and resources. Refer to this repo for additional information. TODO: add link
-
The
/*/configcontrollerfolder is where GCP resources are defined using theirconfig connectorschema. -
The
/*/kubernetes/_X-FLEET-ID/**/_NAMESPACEfolder is where resources that have to be provisioned in a kubernetesnamespaceare defined. The_X-FLEET-IDis the GCP project-id where the kubernetes clusters are deployed with character "x" as the environment code because this folder will contain the configuration for all environments.The GKE clusters are joined to an Anthos Fleet. This enables Anthos policy controller, Anthos config management and Anthos service mesh(future).
The /csync contains the configuration for what the ConfigSync operator should be observing. For example, It is within this configuration that you specify the repo url, the folder, the branch and the tag.
- Any modification should be implemented within the
source-customizationfolder.
- A pull request affecting
/csync/**/source-customization/dev/*/setters-version.yamlwill include the Application Developer as required reviewers. - A pull request affecting
/csync/**/source-customization/preprod/*/setters-version.yamlwill include the Application Operator as required reviewers. - A pull request affecting
/csync/**/source-customization/prod/*/setters-version.yamlwill include the Application Operator as required reviewers. - A pull request affecting any other file under
/csyncwill include the Security Admin and the Platform admin as required reviewers.
The /tier3 folder is where security and networking resources that enables the applications are defined.
- Any modification should be implemented within the
source-customizationfolder.
- A pull request affecting this folder will include the Security Admin and the Platform admin as required reviewers.
- The
/tier4/architecturefolder is where you can store design documents describing your application. These will be reviewed by the security admins and the platform admins when you will submit a pull request affectingtier3. - The
/tier4/configcontrollerfolder is where application resources that have to be provisioned in the GCP project are defined. - The
/tier4/kubernetes/_X-FLEET-ID/**/_NAMESPACEfolder is where resources that have to be provisioned in a kubernetes namespace are defined.
Replace
_X-FLEET-IDwith fleet-id and character "x" as the environment code because this folder will contain the configuration for all environments.
-
The
/tier4/**/deploy/<env>folders are the only required folders. These are observed by the configsync operator. Besides those folders, contributors can decide on the folder structure and content underneath that folder. -
Developers may want to consider using customization tools to modify the infrastructure for each environment. To achieve that, the
/csyncand the/tier3folders are using a combination ofKPTpackages and the script/tools/scripts/kpt/hydrate.sh. That same solution can be re-used under the/tier4folder if KPT packages is chosen to be the customization solution.Other options to consider are Helm Charts and Kustomize.
- A pull request affecting
/tier4/**/deploy/devwill include the Application Developer as required reviewers. - A pull request affecting
/tier4/**/deploy/preprodwill include the Application Operator as required reviewers. - A pull request affecting
/tier4/**/deploy/prodwill include the Application Operator as required reviewers. - A pull request affecting any other file under
/tier4will include the Application Developer as required reviewers.
The main branch of this repository is protected meaning that pushing a new commit to it will be denied. To implement changes, A Pull Request has to be completed.
Every other branches configured to be observed by ConfigSync will also have a branch protection rule defined. TODO: add more details