Perimeter project for landing-zone-v2 #258

davelanglois-ssc · 2023-01-11T21:23:39Z

as a platform admin, I need a perimeter project that will follow the hub and spoke network design and provide the hub functionality.

so that all ingress and egress network traffic when communicating with networks outside of the landing zone is controlled, but also that traffic between spokes is controlled.

Intrusion protection service and web filtering are the features required for the MVP.

Cloud Armor and Global load balancers are also included in the network design.

Fortinet Fortigate appliances with an active-active cluster configuration is preferable

An internal load balancer is included in the network design for egress traffic coming from spokes.

A management VM should also be provisioned to allow management of the Fortigates.

fmichaelobrien · 2023-01-12T00:53:11Z

Dave L's Notes

https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/feat/258/solutions/perimeter/ha-active-passive-lb-sandwich/Dave%20POC%20notes.md

Related
#158 (comment)
#166

Documentation
https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/dev/solutions/landing-zone/architecture.md#di-24-validate-vdom---virtual-domain-fortigate-zone-isolation

Currently in use
https://github.com/fortinet/fortigate-tutorial-gcp

Links

Deployment

use the deployment script off the dev branch
clone the feat/258 branch
use the following to export to krm or terraform
https://cloud.google.com/sdk/gcloud/reference/beta/resource-config/bulk-export
https://cloud.google.com/sdk/gcloud/reference/beta/resource-config/terraform/generate-import

clone repo into separate remote branch - switch to feat/258, copy out the perimeter solution

admin_@cloudshell:~/pdt-arg/deploy/feat258 (pdt-arg)$ cp -r ../../remote/feat258/pubsec-declarative-toolkit/solutions/perimeter/ .

20230124: review new documentation in https://github.com/ssc-spc-ccoe-cei/gcp-documentation

fmichaelobrien · 2023-01-17T19:02:53Z

merge main in prep (10 behind)

fmichaelobrien-macbookpro:feat258 fmichaelobrien$ cd pubsec-declarative-toolkit/
fmichaelobrien-macbookpro:pubsec-declarative-toolkit fmichaelobrien$ git pull
Already up to date.
fmichaelobrien-macbookpro:pubsec-declarative-toolkit fmichaelobrien$ git checkout feat/258
branch 'feat/258' set up to track 'origin/feat/258'.
Switched to a new branch 'feat/258'
fmichaelobrien-macbookpro:pubsec-declarative-toolkit fmichaelobrien$ git merge main
Merge made by the 'ort' strategy.
 .github/workflows/scorecards.yml                                                                   |  72 ++++++++++
 solutions/gatekeeper-policies/Kptfile                                                              |   8 ++
 solutions/gatekeeper-policies/README.md                                                            |   3 +
 solutions/gatekeeper-policies/guardrails/.krmignore                                                |   1 +
 solutions/gatekeeper-policies/guardrails/05-data-location/constraint.yaml                          |  30 ++++
 solutions/gatekeeper-policies/guardrails/05-data-location/suite.yaml                               |  29 ++++
 solutions/gatekeeper-policies/guardrails/05-data-location/template.yaml                            |  59 ++++++++
 solutions/gatekeeper-policies/guardrails/09-network-security-services/constraint.yaml              |  23 +++
 solutions/gatekeeper-policies/guardrails/09-network-security-services/suite.yaml                   |  41 ++++++
 solutions/gatekeeper-policies/guardrails/09-network-security-services/template.yaml                |  86 +++++++++++
 solutions/gatekeeper-policies/guardrails/09-network-security-services/tests/cloudsql-test.yaml     |  29 ++++
 solutions/gatekeeper-policies/guardrails/09-network-security-services/tests/cloudstorage-test.yaml |  30 ++++
 solutions/gatekeeper-policies/guardrails/09-network-security-services/tests/gke-test.yaml          |  54 +++++++
 solutions/gatekeeper-policies/guardrails/09-network-security-services/tests/network-test.yaml      |  23 +++
 solutions/gatekeeper-policies/guardrails/12-cloud-market-place/constraint.yaml                     |  23 +++
 solutions/gatekeeper-policies/guardrails/12-cloud-market-place/suite.yaml                          |  37 +++++
 solutions/gatekeeper-policies/guardrails/12-cloud-market-place/template.yaml                       |  47 ++++++
 solutions/gatekeeper-policies/guardrails/12-cloud-market-place/tests/iam.yaml                      |  27 ++++
 solutions/gatekeeper-policies/guardrails/12-cloud-market-place/tests/iam_bad.yaml                  |  27 ++++
 solutions/gatekeeper-policies/guardrails/12-cloud-market-place/tests/iam_partial_policy.yaml       |  29 ++++
 solutions/gatekeeper-policies/guardrails/Kptfile                                                   |   8 ++
 solutions/gatekeeper-policies/guardrails/README.md                                                 |   1 +
 solutions/gatekeeper-policies/naming-rules/README.md                                               |   3 +
 solutions/gatekeeper-policies/naming-rules/project/.krmignore                                      |   1 +
 solutions/gatekeeper-policies/naming-rules/project/Kptfile                                         |  12 ++
 solutions/gatekeeper-policies/naming-rules/project/README.md                                       |  96 +++++++++++++
 solutions/gatekeeper-policies/naming-rules/project/constraint.yaml                                 |  31 ++++
 solutions/gatekeeper-policies/naming-rules/project/setters.yaml                                    |  29 ++++
 solutions/gatekeeper-policies/naming-rules/project/suite.yaml                                      |  35 +++++
 solutions/gatekeeper-policies/naming-rules/project/template.yaml                                   | 112 +++++++++++++++
 solutions/gatekeeper-policies/naming-rules/project/tests/project_allowed.yaml                      |  23 +++
 solutions/gatekeeper-policies/naming-rules/project/tests/project_not_allowed.yaml                  |  23 +++
 solutions/hierarchy/admin-sandbox/Kptfile                                                          |  12 ++
 solutions/hierarchy/admin-sandbox/README.md                                                        |   9 ++
 solutions/hierarchy/admin-sandbox/folder-iam.yaml                                                  |   1 +
 solutions/hierarchy/admin-sandbox/folder.yaml                                                      |  23 +++
 solutions/hierarchy/admin-sandbox/setters.yaml                                                     |  23 +++
 solutions/hierarchy/core-env/Audit/folder.yaml                                                     |  23 +++
 solutions/hierarchy/core-env/Automation/folder.yaml                                                |  23 +++
 solutions/hierarchy/core-env/Automation/setters.yaml                                               |  23 +++
 solutions/hierarchy/core-env/Common-Services/folder.yaml                                           |  23 +++
 solutions/hierarchy/core-env/Kptfile                                                               |  18 +++
 solutions/hierarchy/core-env/Networking/Common-Services-Infrastructure/folder.yaml                 |  23 +++
 solutions/hierarchy/core-env/Networking/Perimeter/folder.yaml                                      |  23 +++
 solutions/hierarchy/core-env/Networking/Workloads-Infrastructure/folder.yaml                       |  23 +++
 solutions/hierarchy/core-env/Networking/Workloads-Infrastructure/setters.yaml                      |  23 +++
 solutions/hierarchy/core-env/Networking/folder.yaml                                                |  23 +++
 solutions/hierarchy/core-env/README.md                                                             |   9 ++
 solutions/hierarchy/core-env/Workloads/folder.yaml                                                 |  23 +++
 solutions/hierarchy/core-env/Workloads/setters.yaml                                                |  23 +++
 solutions/hierarchy/core-env/setters.yaml                                                          |  22 +++
 solutions/hierarchy/core-sandbox/Audit/folder.yaml                                                 |  23 +++
 solutions/hierarchy/core-sandbox/Kptfile                                                           |  16 +++
 solutions/hierarchy/core-sandbox/README.md                                                         |   9 ++
 solutions/hierarchy/core-sandbox/Testing/Unittest/folder.yaml                                      |  23 +++
 solutions/hierarchy/core-sandbox/Testing/folder.yaml                                               |  23 +++
 solutions/hierarchy/core-sandbox/Testing/setters.yaml                                              |  23 +++
 solutions/hierarchy/core-sandbox/Workloads/folder.yaml                                             |  23 +++
 solutions/hierarchy/core-sandbox/Workloads/setters.yaml                                            |  23 +++
 solutions/hierarchy/core-sandbox/setters.yaml                                                      |  22 +++
 solutions/hierarchy/tenant-env/Kptfile                                                             |  12 ++
 solutions/hierarchy/tenant-env/PBMM/folder.yaml                                                    |  23 +++
 solutions/hierarchy/tenant-env/README.md                                                           |   9 ++
 solutions/hierarchy/tenant-env/Unclass/folder.yaml                                                 |  23 +++
 solutions/hierarchy/tenant-env/folder-iam.yaml                                                     |   1 +
 solutions/hierarchy/tenant-env/folder.yaml                                                         |  23 +++
 solutions/hierarchy/tenant-env/setters.yaml                                                        |  23 +++
 solutions/hierarchy/tenant-sandbox/Kptfile                                                         |  12 ++
 solutions/hierarchy/tenant-sandbox/README.md                                                       |   9 ++
 solutions/hierarchy/tenant-sandbox/folder-iam.yaml                                                 |   1 +
 solutions/hierarchy/tenant-sandbox/folder.yaml                                                     |  23 +++
 solutions/hierarchy/tenant-sandbox/setters.yaml                                                    |  23 +++
 solutions/landing-zone-namespaced/landing-zone/hierarchy.yaml                                      |  47 ------
 solutions/landing-zone-namespaced/landing-zone/logging/.gitkeep                                    |   0
 solutions/landing-zone-namespaced/landing-zone/networking/.gitkeep                                 |   0
 solutions/landing-zone-namespaced/landing-zone/projects/.gitkeep                                   |   0
 solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/Kptfile                        |   7 +-
 solutions/landing-zone-v2/README.md                                                                | 588 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 solutions/landing-zone-v2/img/ACM.png                                                              | Bin 0 -> 92731 bytes
 solutions/landing-zone-v2/img/folders-env.png                                                      | Bin 0 -> 41592 bytes
 solutions/landing-zone-v2/img/folders-sandbox.png                                                  | Bin 0 -> 22254 bytes
 solutions/landing-zone-v2/img/multi-org.png                                                        | Bin 0 -> 28064 bytes
 solutions/landing-zone-v2/img/single-org.png                                                       | Bin 0 -> 16164 bytes
 solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/namespaces/hierarchy.yaml      |  22 ++-
 solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/namespaces/logging.yaml        |  22 +--
 solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/namespaces/networking.yaml     |  27 +---
 solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/namespaces/policies.yaml       |   3 +
 solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/namespaces/projects.yaml       |  56 +++++++-
 solutions/landing-zone-v2/namespaces/securitycontrols.md                                           |  22 +++
 solutions/landing-zone-v2/onboarding-admin.md                                                      |  19 +++
 solutions/landing-zone-v2/onboarding-tenant.md                                                     |  39 +++++
 solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/services.yaml                  |   1 +
 solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/setters.yaml                   |   7 +-
 solutions/org-policies/Kptfile                                                                     |  12 ++
 solutions/org-policies/README.md                                                                   |  17 +++
 solutions/org-policies/exceptions/compute-require-shielded-vm-except-mgt-project.yaml              |  43 ++++++
 solutions/org-policies/organization/compute-disable-guest-attribute-access.yaml                    |  41 ++++++
 solutions/org-policies/organization/compute-disable-nested-virtualization.yaml                     |  41 ++++++
 solutions/org-policies/organization/compute-disable-serial-port-access.yaml                        |  42 ++++++
 solutions/org-policies/organization/compute-disable-vpc-external-ipv6.yaml                         |  41 ++++++
 solutions/org-policies/organization/compute-require-os-login.yaml                                  |  43 ++++++
 solutions/org-policies/organization/compute-require-shielded-vm.yaml                               |  41 ++++++
 solutions/org-policies/organization/compute-restrict-load-balancer-creation-for-types.yaml         |  48 +++++++
 solutions/org-policies/organization/compute-restrict-shared-vpc-lien-removal.yaml                  |  41 ++++++
 solutions/org-policies/organization/compute-restrict-vpc-peering.yaml                              |  46 ++++++
 solutions/org-policies/organization/compute-skip-default-network-creation.yaml                     |  42 ++++++
 solutions/org-policies/organization/compute-trusted-image-projects.yaml                            |  43 ++++++
 solutions/org-policies/organization/compute-vm-can-ip-forward.yaml                                 |  45 ++++++
 solutions/org-policies/organization/compute-vm-external-ip-access.yaml                             |  43 ++++++
 solutions/org-policies/organization/essentialcontacts-allowed-contact-domains.yaml                 |  47 ++++++
 solutions/org-policies/organization/gcp-resource-locations.yaml                                    |  43 ++++++
 solutions/org-policies/organization/iam-allowed-policy-member-domains.yaml                         |  53 +++++++
 solutions/org-policies/organization/iam-disable-service-account-key-creation.yaml                  |  40 ++++++
 solutions/org-policies/organization/sql-restrict-public-ip.yaml                                    |  40 ++++++
 solutions/org-policies/organization/storage-public-access-prevention.yaml                          |  45 ++++++
 solutions/org-policies/organization/storage-uniform-bucket-level-access.yaml                       |  43 ++++++
 solutions/org-policies/setters.yaml                                                                |  57 ++++++++
 117 files changed, 3551 insertions(+), 95 deletions(-)
 create mode 100644 .github/workflows/scorecards.yml
 create mode 100644 solutions/gatekeeper-policies/Kptfile
 create mode 100644 solutions/gatekeeper-policies/README.md
 create mode 100644 solutions/gatekeeper-policies/guardrails/.krmignore
 create mode 100644 solutions/gatekeeper-policies/guardrails/05-data-location/constraint.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/05-data-location/suite.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/05-data-location/template.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/09-network-security-services/constraint.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/09-network-security-services/suite.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/09-network-security-services/template.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/09-network-security-services/tests/cloudsql-test.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/09-network-security-services/tests/cloudstorage-test.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/09-network-security-services/tests/gke-test.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/09-network-security-services/tests/network-test.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/12-cloud-market-place/constraint.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/12-cloud-market-place/suite.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/12-cloud-market-place/template.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/12-cloud-market-place/tests/iam.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/12-cloud-market-place/tests/iam_bad.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/12-cloud-market-place/tests/iam_partial_policy.yaml
 create mode 100644 solutions/gatekeeper-policies/guardrails/Kptfile
 create mode 100644 solutions/gatekeeper-policies/guardrails/README.md
 create mode 100644 solutions/gatekeeper-policies/naming-rules/README.md
 create mode 100644 solutions/gatekeeper-policies/naming-rules/project/.krmignore
 create mode 100644 solutions/gatekeeper-policies/naming-rules/project/Kptfile
 create mode 100644 solutions/gatekeeper-policies/naming-rules/project/README.md
 create mode 100644 solutions/gatekeeper-policies/naming-rules/project/constraint.yaml
 create mode 100644 solutions/gatekeeper-policies/naming-rules/project/setters.yaml
 create mode 100644 solutions/gatekeeper-policies/naming-rules/project/suite.yaml
 create mode 100755 solutions/gatekeeper-policies/naming-rules/project/template.yaml
 create mode 100644 solutions/gatekeeper-policies/naming-rules/project/tests/project_allowed.yaml
 create mode 100644 solutions/gatekeeper-policies/naming-rules/project/tests/project_not_allowed.yaml
 create mode 100644 solutions/hierarchy/admin-sandbox/Kptfile
 create mode 100644 solutions/hierarchy/admin-sandbox/README.md
 create mode 100644 solutions/hierarchy/admin-sandbox/folder-iam.yaml
 create mode 100644 solutions/hierarchy/admin-sandbox/folder.yaml
 create mode 100644 solutions/hierarchy/admin-sandbox/setters.yaml
 create mode 100644 solutions/hierarchy/core-env/Audit/folder.yaml
 create mode 100644 solutions/hierarchy/core-env/Automation/folder.yaml
 create mode 100644 solutions/hierarchy/core-env/Automation/setters.yaml
 create mode 100644 solutions/hierarchy/core-env/Common-Services/folder.yaml
 create mode 100644 solutions/hierarchy/core-env/Kptfile
 create mode 100644 solutions/hierarchy/core-env/Networking/Common-Services-Infrastructure/folder.yaml
 create mode 100644 solutions/hierarchy/core-env/Networking/Perimeter/folder.yaml
 create mode 100644 solutions/hierarchy/core-env/Networking/Workloads-Infrastructure/folder.yaml
 create mode 100644 solutions/hierarchy/core-env/Networking/Workloads-Infrastructure/setters.yaml
 create mode 100644 solutions/hierarchy/core-env/Networking/folder.yaml
 create mode 100644 solutions/hierarchy/core-env/README.md
 create mode 100644 solutions/hierarchy/core-env/Workloads/folder.yaml
 create mode 100644 solutions/hierarchy/core-env/Workloads/setters.yaml
 create mode 100644 solutions/hierarchy/core-env/setters.yaml
 create mode 100644 solutions/hierarchy/core-sandbox/Audit/folder.yaml
 create mode 100644 solutions/hierarchy/core-sandbox/Kptfile
 create mode 100644 solutions/hierarchy/core-sandbox/README.md
 create mode 100644 solutions/hierarchy/core-sandbox/Testing/Unittest/folder.yaml
 create mode 100644 solutions/hierarchy/core-sandbox/Testing/folder.yaml
 create mode 100644 solutions/hierarchy/core-sandbox/Testing/setters.yaml
 create mode 100644 solutions/hierarchy/core-sandbox/Workloads/folder.yaml
 create mode 100644 solutions/hierarchy/core-sandbox/Workloads/setters.yaml
 create mode 100644 solutions/hierarchy/core-sandbox/setters.yaml
 create mode 100644 solutions/hierarchy/tenant-env/Kptfile
 create mode 100644 solutions/hierarchy/tenant-env/PBMM/folder.yaml
 create mode 100644 solutions/hierarchy/tenant-env/README.md
 create mode 100644 solutions/hierarchy/tenant-env/Unclass/folder.yaml
 create mode 100644 solutions/hierarchy/tenant-env/folder-iam.yaml
 create mode 100644 solutions/hierarchy/tenant-env/folder.yaml
 create mode 100644 solutions/hierarchy/tenant-env/setters.yaml
 create mode 100644 solutions/hierarchy/tenant-sandbox/Kptfile
 create mode 100644 solutions/hierarchy/tenant-sandbox/README.md
 create mode 100644 solutions/hierarchy/tenant-sandbox/folder-iam.yaml
 create mode 100644 solutions/hierarchy/tenant-sandbox/folder.yaml
 create mode 100644 solutions/hierarchy/tenant-sandbox/setters.yaml
 delete mode 100644 solutions/landing-zone-namespaced/landing-zone/hierarchy.yaml
 delete mode 100644 solutions/landing-zone-namespaced/landing-zone/logging/.gitkeep
 delete mode 100644 solutions/landing-zone-namespaced/landing-zone/networking/.gitkeep
 delete mode 100644 solutions/landing-zone-namespaced/landing-zone/projects/.gitkeep
 rename solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/Kptfile (79%)
 create mode 100644 solutions/landing-zone-v2/README.md
 create mode 100755 solutions/landing-zone-v2/img/ACM.png
 create mode 100755 solutions/landing-zone-v2/img/folders-env.png
 create mode 100755 solutions/landing-zone-v2/img/folders-sandbox.png
 create mode 100755 solutions/landing-zone-v2/img/multi-org.png
 create mode 100755 solutions/landing-zone-v2/img/single-org.png
 rename solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/namespaces/hierarchy.yaml (83%)
 rename solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/namespaces/logging.yaml (88%)
 rename solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/namespaces/networking.yaml (91%)
 rename solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/namespaces/policies.yaml (94%)
 rename solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/namespaces/projects.yaml (81%)
 create mode 100644 solutions/landing-zone-v2/namespaces/securitycontrols.md
 create mode 100644 solutions/landing-zone-v2/onboarding-admin.md
 create mode 100644 solutions/landing-zone-v2/onboarding-tenant.md
 rename solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/services.yaml (99%)
 rename solutions/{landing-zone-namespaced/landing-zone => landing-zone-v2}/setters.yaml (92%)
 create mode 100644 solutions/org-policies/Kptfile
 create mode 100644 solutions/org-policies/README.md
 create mode 100644 solutions/org-policies/exceptions/compute-require-shielded-vm-except-mgt-project.yaml
 create mode 100644 solutions/org-policies/organization/compute-disable-guest-attribute-access.yaml
 create mode 100644 solutions/org-policies/organization/compute-disable-nested-virtualization.yaml
 create mode 100644 solutions/org-policies/organization/compute-disable-serial-port-access.yaml
 create mode 100644 solutions/org-policies/organization/compute-disable-vpc-external-ipv6.yaml
 create mode 100644 solutions/org-policies/organization/compute-require-os-login.yaml
 create mode 100644 solutions/org-policies/organization/compute-require-shielded-vm.yaml
 create mode 100644 solutions/org-policies/organization/compute-restrict-load-balancer-creation-for-types.yaml
 create mode 100644 solutions/org-policies/organization/compute-restrict-shared-vpc-lien-removal.yaml
 create mode 100644 solutions/org-policies/organization/compute-restrict-vpc-peering.yaml
 create mode 100644 solutions/org-policies/organization/compute-skip-default-network-creation.yaml
 create mode 100644 solutions/org-policies/organization/compute-trusted-image-projects.yaml
 create mode 100644 solutions/org-policies/organization/compute-vm-can-ip-forward.yaml
 create mode 100644 solutions/org-policies/organization/compute-vm-external-ip-access.yaml
 create mode 100644 solutions/org-policies/organization/essentialcontacts-allowed-contact-domains.yaml
 create mode 100644 solutions/org-policies/organization/gcp-resource-locations.yaml
 create mode 100644 solutions/org-policies/organization/iam-allowed-policy-member-domains.yaml
 create mode 100644 solutions/org-policies/organization/iam-disable-service-account-key-creation.yaml
 create mode 100644 solutions/org-policies/organization/sql-restrict-public-ip.yaml
 create mode 100644 solutions/org-policies/organization/storage-public-access-prevention.yaml
 create mode 100644 solutions/org-policies/organization/storage-uniform-bucket-level-access.yaml
 create mode 100644 solutions/org-policies/setters.yaml

fmichaelobrien · 2023-01-24T13:26:51Z

Dave, I have not been able to spend the proper amount of time on this issue yet - as I am currently busy getting 2 other projects up that will require this perimeter work. I have been working at getting the patch up through merges to the branch - but I don't want to slow down progress. All 3 projects so far require this #258 issue and I will try to find more time over this week to complete it.

fmichaelobrien · 2023-01-25T18:34:11Z

reviewing and I need to deploy to test latest Reviewing/deploying latest a4a1cab
via #267

davelanglois-ssc assigned fmichaelobrien Jan 11, 2023

fmichaelobrien added Networking Landing Zone labels Jan 12, 2023

fmichaelobrien mentioned this issue Jan 13, 2023

Design Issue: VPC Sharing and/or Hub-spoke/Peering: VPC Shared for Host VPC PaaS sharing with services project - VPC peering for client project separation GoogleCloudPlatform/pbmm-on-gcp-onboarding#146

Closed

fmichaelobrien added a commit that referenced this issue Jan 18, 2023

#258 - adjust HA sandwich image path

a2a9372

fmichaelobrien added a commit that referenced this issue Jan 18, 2023

#258 - adjust sh for json key creation

2b0d938

fmichaelobrien added a commit that referenced this issue Jan 18, 2023

#258 - service account email

1e56bef

fmichaelobrien assigned davelanglois-ssc Jan 25, 2023

fmichaelobrien removed their assignment Feb 1, 2023

davelanglois-ssc mentioned this issue Feb 20, 2023

feat: hub project #283

Merged

davelanglois-ssc closed this as completed in #283 Mar 14, 2023

fmichaelobrien mentioned this issue Apr 28, 2023

Integration and CCCS Security Asessement Procedure: 3rd party vendors that provide value added services for the landing zone #348

Open

fmichaelobrien mentioned this issue Jun 26, 2023

Fortigate configuration spec triage for GC-CAP and GC-TIP GoogleCloudPlatform/pbmm-on-gcp-onboarding#45

Closed

fmichaelobrien mentioned this issue Aug 8, 2023

Example 258 fortigate perimeter package deploy procedure/verify for core lz unmanaged client #446

Open

fmichaelobrien added the fortinet label Oct 23, 2023

fmichaelobrien mentioned this issue Oct 24, 2023

Update to Fortinet Hub ENV Package #609

Merged

obriensystems mentioned this issue Oct 24, 2023

Demo: Automated minimal landing zone with a (hub-env and core-landing-zone) KPT based deployment on a clean GCP organization - walkthrough #611

Open

obriensystems mentioned this issue Nov 2, 2023

Docs: Add to fortigate LB NGFW documentation - 258 #635

Open

fmichaelobrien mentioned this issue Nov 8, 2023

Add single Fortigate VM partner-ready minimal extract for dev - separate from production level hub-env/fortigate package and without need for core-landing-zone #654

Open

fmichaelobrien mentioned this issue Dec 15, 2023

Demo: Script: Automated minimal landing zone with a (hub-env and core-landing-zone, client-setup, client-landing-zone, client-project-setup) GitOps/OCI based deployment on a clean GCP organization - walkthrough #766

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Perimeter project for landing-zone-v2 #258

Perimeter project for landing-zone-v2 #258

davelanglois-ssc commented Jan 11, 2023 •

edited

Loading

fmichaelobrien commented Jan 12, 2023 •

edited

Loading

fmichaelobrien commented Jan 17, 2023

fmichaelobrien commented Jan 24, 2023

fmichaelobrien commented Jan 25, 2023

Perimeter project for landing-zone-v2 #258

Perimeter project for landing-zone-v2 #258

Comments

davelanglois-ssc commented Jan 11, 2023 • edited Loading

fmichaelobrien commented Jan 12, 2023 • edited Loading

fmichaelobrien commented Jan 17, 2023

fmichaelobrien commented Jan 24, 2023

fmichaelobrien commented Jan 25, 2023

davelanglois-ssc commented Jan 11, 2023 •

edited

Loading

fmichaelobrien commented Jan 12, 2023 •

edited

Loading