-
Notifications
You must be signed in to change notification settings - Fork 4
Google GCP
We're now configuring the environment for Google GCP.
File: vars/environment_gcp_vars.yml.sample
Next, we create our vars file for Google GCP.
$ cp vars/environment_gcp_vars.yml.sample \
vars/environment_gcp_vars.ymlFile: vars/environment_gcp_vars.yml
Choose the components to be deployed
# #####################################################################
# Site Deploy Components
# #####################################################################
site_deploy_kubernetes: yes
site_deploy_deepsecurity: yes
site_deploy_smartcheck: yes
site_deploy_jenkins: yes
site_deploy_gitlab: no
site_deploy_endpoints: no
site_deploy_linkerd: yes
site_deploy_registry: yes
The settings of your GCP project to use
# #####################################################################
# Google Cloud Settings
# #####################################################################
gcp_project_id: <project id> e.g. moadsd-ng-209408
gcp_auth_kind: serviceaccount
gcp_region: <region> e.g. europe-west3
gcp_zone: <zone> e.g. europe-west3-c
Decide how many and which container runtime to use on the Kubernetes workers
# #####################################################################
# Kubernetes Settings
# #####################################################################
# crio or docker
kubernetes_container_runtime: docker
kubernetes_worker_count: 3
Note: Please choose an odd number for the kubernetes_worker_count.
Decide which kind of pod network you are willing to use
# Cluster Networking Configration:
# pod_network_cidr: "10.244.0.0/16" cluster_networking: flannel_flannel
# pod_network_cidr: "10.244.0.0/16" cluster_networking: calico_flannel
# pod_network_cidr: "10.244.0.0/16" cluster_networking: calico_calico
pod_network_cidr: "10.244.0.0/16"
cluster_networking: calico_calico
Specify the Deep Security version to use
# #####################################################################
# Deep Security Settings
# #####################################################################
deepsecurity_download_url: 'https://files.trendmicro.com/products/deepsecurity/en/12.5/'
deepsecurity_installer: 'Manager-Linux-12.5.349.x64.sh'
Specify the count and type of endpoints you are willing to deploy
# #####################################################################
# Linux Endpoint Settings
# #####################################################################
linuxep_instance_name: linuxep
linuxep_instance_count: 1
linuxep_source_image: projects/rhel-cloud/global/images/family/rhel-7
# #####################################################################
# Windows Endpoint Settings
# #####################################################################
windowsep_instance_name: windowsep
windowsep_instance_count: 1
windowsep_source_image: projects/windows-cloud/global/images/family/windows-2012-r2
File: vars/environment_gcp_secrets.yml.sample
Next, we create our secrets file for Google GCP and encrypt it with our password file.
$ cp vars/environment_gcp_secrets.yml.sample \
vars/environment_gcp_secrets.yml
$ ansible-vault encrypt --vault-password-file \
../.vault-pass.txt vars/environment_gcp_secrets.ymlFile: vars/environment_gcp_secrets.yml
Open the secrets in edit mode with
$ ansible-vault edit --vault-password-file \
../.vault-pass.txt vars/environment_gcp_secrets.ymlSpecify the file of your GCP service account file (/home/ansible/ansible.json) to use
---
gcp_service_account_file: <full path to service account json>
File: gcp_inventory.gcp.yml.sample
Next, we create our dynamic inventory for Google GCP.
$ cp gcp_inventory.gcp.yml.sample gcp_inventory.gcp.ymlFile: gcp_inventory.gcp.yml
The best way to interact with your hosts is to use the gcp_compute inventory plugin, which dynamically queries GCE and tells Ansible what nodes can be managed. You need to adapt the values in <> to your specific environment.
plugin: gcp_compute
zones:
- <zone>
projects:
- <project id>
keyed_groups:
- prefix: tag
separator: '_'
key: tags['items']
hostnames:
- public_ip
- private_ip
- name
groups:
filters:
scopes:
- https://www.googleapis.com/auth/compute
auth_kind: serviceaccount
service_account_file: /home/ansible/ansible.json
Executing
$ ansible-inventory --list -i gcp_inventory.gcp.ymlwill create a list of GCP instances that are ready to be configured using Ansible.
{
"_meta": {
"hostvars": {}
},
"all": {
"children": [
"ungrouped"
]
}
}
Wiki
About MOADSD-NG
Getting Started
MOADSD-NG Containerized
MOADSD-NG Manual Setup
- Configure your Server
- Preparing to work with Google GCP
- Preparing to work with Amazon AWS
- Preparing to work with VMware ESXi
Adapt MOADSD-NG to Your Needs
The MOADSD-NG Life-Cycle
- Setup the Environment
- Deploy the Software Stack
- Deploy the Endpoints
- Pause the Environment
- Resume the Environment
- Terminate the Environment
- Update the Environment
Software Components
- [Deep Security]
- [Deep Security Smart Check]
- Container Orchestration
- Container Registry
- Cluster Storage
- Jenkins
- GitLab
- Linkerd
- [Prometheus]
- [Grafana]
Tipps
Final Words
Deprecated Chapters