Skip to content

Latest commit

 

History

History
 
 

gcp

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 

galoy-infra gcp examples

This example shows how inputs to the individual modules could look like to bring up a production ready infrastructure.

It is not intended to be used as is but does document the sequence in which an initial rollout (+ teardown) should take place. Every change to one of the (modules)[../../modules] in this repository is tested in our CI pipeline via the code in this example. On a successfull run the examples are updated to point to the latest known good version of the modules. This means that when cloning the repository the example should work as is without modification.

Setup

To execute this example end-to-end first you must clone the repository and cd into this folder:

$ git clone https://github.com/GaloyMoney/galoy-infra.git
$ cd galoy-infra/examples/gcp

Bootstrap phase

The bootstrap phase is intended to be executed against a blank GCP project. It will create the inception service account + GCS bucket to store the terraform state files for the other phases.

Some variables must be set first:

$ cat <<EOF > bootstrap/terraform.tfvars
name_prefix                   = "<short-name-prefix>"
gcp_project                   = "<your-gcp-project>"
EOF
$ cat <<EOF > inception/users.auto.tfvars
users = [
  {
    id        = "user:<your-user-email"
    inception = true
    platform  = true
    logs      = true
  }
]
EOF
$ make bootstrap

Executing make bootstrap will execute terraform apply in the bootstrap folder and also import the relevant resources into the inception phase - which will subsequently own the lifecycle of those resources.

Inception phase

Once bootstrap has been executed the inception phase can provision the VPC network, bastion, roles and service accounts needed to install the complete galoy stack. Execute it via:

$ make inception

Once complete you should see outputs that includes the bastion_ip

bastion_ip = "<ip-address>"

Platform phase

The platform phase in this example will bring up the actual kubernetes platform. Once inception is complete you can execute:

bin/prep-platform.sh
make platform

The result should be (among other things) a k8s cluster running in your gcp project.

Test bastion login

Since the next phase must be executed from the bastion let's first make sure you are able to ssh there. Access to the bastion is enabled via OsLogin with 2-factor-authentication activated. That means in order to ssh to the bastion you must first upload your public key via the gcloud cli:

gcloud compute os-login ssh-keys add --key-file=~/.ssh/id_rsa.pub

and activate a 2FA method in your google account.

Your bastion username is your email address with _ underscores instead of . and @:

export BASTION_USER="$(echo <your-email> | sed 's/[.@]/_/g')"

See if you can ssh via:

$ ssh ${BASTION_USER}@${bastion_ip}
<select 2fa method>
$ <bastion-user>@<bastion-name>

Services phase

The services phase will bring up a few global dependencies that are pre-requisits for the galoy helm charts to function. To bring them up you must first sync the local code to the bastion via:

bin/prep-services.sh

Once the code has been uploaded you should ssh onto the bastion and login to gcloud from there:

$ ssh ${BASTION_USER}@${bastion_ip}
$ gcloud auth login
(...)
$ kauth
$ gcloud auth application-default login

Once you have completed the authentication you should be able to talk to k8s and execute the rollout of the services phase:

$ k get ns
$ cd repo/examples/gcp
$ make initial-services
$ make services