Expert • From 2019 I’ve been designing and building IT system on Google Cloud. • In the previous job we researched automation and autonomization for system operation and I developed and operated private cloud.
system failure. ◦ Fix system failure any time (24/365). ◦ Respond to customer inquiries. • Optimize customer system ◦ Make secure. ◦ Optimize cost effectiveness.
Use Terrafom ◦ create realm,user, group,client ◦ configure client scope • Build Deploy pipeline ◦ Create Dev,Prd environments • Use Continuous Deployment (CD) Tool ◦ For not depending on local environment. • Notify result ◦ When the result is fault CD tool notify with mention.
Codes • Use Terrafom ◦ create realm,user, group,client ◦ configure client scope • Build Deploy pipeline ◦ Create Dev,Prd environments • Use Continuous Deployment (CD) Tool ◦ For not depending on local environment. • Notify result ◦ When the result is fault CD tool notify with mention.
Results • Use Terrafom ◦ create realm,user, group,client ◦ configure client scope • Build Deploy pipeline ◦ Create Dev,Prd environments • Use Continuous Deployment (CD) Tool ◦ For not depending on local environment. • Notify result ◦ When the result is fault CD tool notify with mention.
securely • Access Control From CD agent ◦ If we use SaaS GitHub Actions for CD agent, we can’t fix GitHub Actions’ IP address. • Manage authentication information securely ◦ Terraform provider requires the client’s password. If it is leaked someone will change configurations. Terraform code ( not secure ) Access control from GitHub Actions
What is Cloud Build ◦ Managed serverless CD service ◦ Connect with GitHub,GitLab or Bitbucket ◦ Public / Private build execution environments • How to execute build ◦ Define build steps in yaml file ◦ Execute git operation to repository connected with Cloud Build. • Usecase ◦ Create Docker Image ◦ Deploy Application Job configuration
What is Cloud Build ◦ Managed serverless CD service ◦ Connect with GitHub,GitLab or Bitbucket ◦ Public / Private build execution environments • How to execute build ◦ Define build steps in yaml file ◦ Execute git operation to repository connected with Cloud Build. • Usecase ◦ Create Docker Image ◦ Deploy Application Job result
Build Private Pool 1. Connect Private Pool with VPC Network using Private Service Connect 2. Transfer traffic from private pool to NAT GCE Instance using Cloud Route 3. Transfer traffic from NAT GCE Instance to Internet using Cloud NAT 4. Allow Cloud NAT IP address access using Cloud Armor ( Google Cloud Managed WAF Service )
by VPC SC • Store Password ◦ Use Secret Manager ▪ Store data from Console • Refer to Password ◦ Use terraform data block ▪ google_secret_manager_secret_v ersion: access Secret Manager • Protect Secret Manager ◦ Authenticate: VPC Service Control ◦ Approval: IAM keycloak provider.tf Protect confidential information securely
cunfiguring ◦ Build dev and prd environments ◦ Execute Terraform from CD tool ◦ Notify result to Slack • Problem ◦ Control access from SaaS GitHub Actions ◦ Manage Keycloak agent Password • Solution ◦ Use Cloud Build Private Pool as CD tool ◦ Allow Private Pool access to Keycloak by Cloud Armor ◦ Store Password in Secret Manager ▪ Use Terraform data block to refer to Secret Manager ◦ Use VPC Service Controls and IAM to protect Secret Manager
Notifier on Cloud Run • Notification application notifies results to Slack ◦ Cloud Build Notifier is developed by Google ◦ Run Cloud Build Notifier on Cloud Run • Design system architecture ◦ Create Cloud Run for each notification destination and results(Success/Failure). ◦ Add mention in failure notification ▪ <!channel> is converted @channel in Slack message
cloudace
nonsquared
lauravandoore
inesmontani
livdayseo
rkendrick25
reverentgeek
swwweet
mfonobong
uxyall
lara
kristinabergwall1
