Install Portefaix

Instructions for deploying Portefaix infrastructure on GCP

Setup

Authenticate on the Google Cloud Platform:

❯ gcloud auth application-default login

Enable APIs:

❯ make -f hack/build/gcp.mk gcp-enable-apis ENV=prod

Create a bucket for the Terraform tfstates:

❯ make -f hack/build/gcp.mk gcp-bucket ENV=prod

Configure Portefaix environment file ${HOME}/.config/portefaix/portefaix.sh:

And load environment :

❯ . ./portefaix.sh gcp

Terraform

VPC

❯ make terraform-apply SERVICE=iac/gcp/vpc ENV=prod

Cloud DNS

❯ make terraform-apply SERVICE=iac/gcp/dns ENV=prod

Cloud NAT

❯ make terraform-apply SERVICE=iac/gcp/external-ips/cloud-nat ENV=prod

❯ make terraform-apply SERVICE=iac/gcp/cloud-nat ENV=prod

GKE

❯ make terraform-apply SERVICE=iac/gcp/gke ENV=prod

Encryption

Creates the Age key:

❯ make sops-age-key CLOUD=gcp ENV=prod

Create the sops-secret secret:

❯ make sops-age-secret CLOUD=gcp ENV=prod

Kubernetes components

Sops

❯ make terraform-apply SERVICE=iac/gcp/sops ENV=prod

Outputs:

email = xxxxxxxxxxxx-sops@xxxxxxxxxxxx.iam.gserviceaccount.com
key = projects/xxxxxxxxxxxx/locations/europe-west1/keyRings/xxxxxxxxxxxx-sops/cryptoKeys/xxxxxxxxxxxx-sops

Observability

❯ make terraform-apply SERVICE=iac/gcp/observability ENV=prod

Outputs:

loki_service_account = xxxxxxxxxx-loki@xxxxxxxxxx.iam.gserviceaccount.com
prometheus_service_account = xxxxxxxxxx-loki@xxxxxxxxxx.iam.gserviceaccount.com
tempo_service_account = xxxxxxxxxx-tempo@xxxxxxxxxx.iam.gserviceaccount.com
thanos_service_account = xxxxxxxxxx-thanos@xxxxxxxxxx.iam.gserviceaccount.com

Cert Manager

❯ make terraform-apply SERVICE=iac/gcp/cert-manager ENV=prod

Outputs:

cert_manager_service_account = xxxxxxxxxxx-cert-manager@xxxxxxxxxxx.iam.gserviceaccount.com

External DNS

❯ make terraform-apply SERVICE=iac/gcp/external-dns ENV=prod

Outputs:

external_dns_service_account = xxxxxxxxxxx-external-dns@xxxxxxxxxxx.iam.gserviceaccount.com

Velero

❯ make terraform-apply SERVICE=iac/gcp/velero ENV=prod

Outputs:

velero_service_account = xxxxxxxxxxx-velero@xxxxxxxxxxx.iam.gserviceaccount.com

Vector

❯ make terraform-apply SERVICE=iac/gcp/vector ENV=prod

Outputs:

vector_service_account = xxxxxxxxxxx-vector@xxxxxxxxxxx.iam.gserviceaccount.com

Last modified 07.10.2021: Fix: makefiles path (031a3b9)