GoogleCloudPlatform / Pci Gke Blueprint
Licence: apache-2.0
PCI on GKE Blueprint: PCI Deployable Architecture on Google Cloud and GKE
Stars: ✭ 91
Projects that are alternatives of or similar to Pci Gke Blueprint
Docs Examples
Open in Cloud Shell Examples for the Google provider docs
Stars: ✭ 50 (-45.05%)
Mutual labels: gcp, terraform, hcl
Hybrid multicloud overlay
MutiCloud_Overlay demonstrates a use case of overlay over one or more clouds such as AWS, Azure, GCP, OCI, Alibaba and a vSphere private infrastructure in Hub and spoke topology, point to point topology and in a Single cloud. Overlay protocols IPv6 and IPv4 are independent of underlying infrastructure. This solution can be integrated with encryption and additional security features.
Stars: ✭ 127 (+39.56%)
Mutual labels: gcp, terraform, hcl
Terraform Kubestack
Terraform GitOps Framework — Everything you need to build reliable automation for AKS, EKS and GKE Kubernetes clusters in one free and open-source framework.
Stars: ✭ 300 (+229.67%)
Mutual labels: gcp, terraform, hcl
Terraformer
CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
Stars: ✭ 6,316 (+6840.66%)
Mutual labels: gcp, terraform, hcl
Terratag
Terratag is a CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources
Stars: ✭ 385 (+323.08%)
Mutual labels: gcp, terraform, hcl
Cloudblock
Cloudblock automates deployment of secure ad-blocking for all of your devices - even when mobile. Step-by-step text and video guides included! Compatible clouds include AWS, Azure, Google Cloud, and Oracle Cloud. Cloudblock deploys Wireguard VPN, Pi-Hole DNS Ad-blocking, and DNS over HTTPS in a cloud provider - or locally - using Terraform and Ansible.
Stars: ✭ 257 (+182.42%)
Mutual labels: gcp, terraform, hcl
Cloudguardiaas
Check Point CloudGuard Network Security repository containing solution templates, Terraform templates, tools and scripts for deploying and configuring CloudGuard Network Security products.
Stars: ✭ 27 (-70.33%)
Mutual labels: gcp, terraform, hcl
Airflow Toolkit
Any Airflow project day 1, you can spin up a local desktop Kubernetes Airflow environment AND one in Google Cloud Composer with tested data pipelines(DAGs) 🖥 >> [ 🚀, 🚢 ]
Stars: ✭ 51 (-43.96%)
Mutual labels: gcp, terraform, hcl
Ecs Pipeline
☁️ 🐳 ⚡️ 🚀 Create environment and deployment pipelines to ECS Fargate with CodePipeline, CodeBuild and Github using Terraform
Stars: ✭ 85 (-6.59%)
Mutual labels: terraform, hcl
Terraform Aws Airflow
Terraform module to deploy an Apache Airflow cluster on AWS, backed by RDS PostgreSQL for metadata, S3 for logs and SQS as message broker with CeleryExecutor
Stars: ✭ 69 (-24.18%)
Mutual labels: terraform, hcl
Terraform Aws Vpc Peering
Terraform module to create a peering connection between two VPCs in the same AWS account.
Stars: ✭ 70 (-23.08%)
Mutual labels: terraform, hcl
Terraform Aws S3 Website
Terraform Module for Creating S3 backed Websites and Route53 DNS
Stars: ✭ 85 (-6.59%)
Mutual labels: terraform, hcl
Elastic Beanstalk Terraform Setup
🎬 Playbook for setting up & deploying AWS Beanstalk Applications on Docker with 1 command
Stars: ✭ 69 (-24.18%)
Mutual labels: terraform, hcl
Terraform Aws Ecs Codepipeline
Terraform Module for CI/CD with AWS Code Pipeline and Code Build for ECS https://cloudposse.com/
Stars: ✭ 85 (-6.59%)
Mutual labels: terraform, hcl
Terraform Aws S3 Log Storage
This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail
Stars: ✭ 65 (-28.57%)
Mutual labels: terraform, hcl
Gitops Terraform Jenkins
GitOps Workflow with Jenkins and Terraform
Stars: ✭ 73 (-19.78%)
Mutual labels: terraform, hcl
Terraform Aws Wireguard
Terraform module to deploy WireGuard on AWS
Stars: ✭ 72 (-20.88%)
Mutual labels: terraform, hcl
PCI on GKE Blueprint
This is the companion repository to the PCI on GKE Security Blueprint for the Google Cloud Platform. It contains a set of Terraform configurations and scripts to help demonstrate how to bootstrap a PCI environment in GCP. When appropriate, we also showcase GCP services, tools, or projects we think might be useful to start your own GCP PCI environment or as samples for any other purposes.
Here are the projects/services we make use of in this Blueprint:
- Terraform
- Helm
- Google Kubernetes Engine (GKE)
- Istio
- Cloud Armor
- Google-managed SSL Certificates
- GoogleCloudPlatform/microservices-demo
Documentation
- Quickstart
- Prerequisites
- Workstation Configuration
- Building the Infrastructure
- Deploying the Application
- Diagrams
- Kubernetes RBAC via Google Groups membership demonstration
- Development
- Continuous Integration with Cloud Build
- Known Issues and Limitations
- Helpful Links
Quickstart
We recommend you read through the documentation in Building the Infrastructure and Deploying the Application but if you just want to get started:
- Follow the steps in Prerequisites
- Set-up the workstation.env file Workstation Configuration
- Run
./_helpers/build-infra.sh - Run
./_helpers/deploy-app.sh
Prerequisites
Before starting, we need to make sure that our local environment is configured correctly. We need to make sure we have the correct tools and a GCP account with the correct permissions.
Installation Dependencies
GCP IAM Requirements
In order to execute this module you will need access to a Google Cloud Organization, with Organization Admin and Folder Admin permissions.
Authenticate to gcloud
- Once the gcloud SDK is installed, run gcloud auth login to authenticate with your Google Account.
Workstation Configuration
This project comes with a workstation.env.example file that is intended to be copied and customized for your environment.
cp workstation.env.example workstation.env
You can find the values for YOUR_ORG_ID and YOUR_BILLING_ACCOUNT_ID using the following commands:
gcloud organizations list
gcloud beta billing accounts list
To create a folder follow these instructions.
Most variables can be left as-is, this is a list of the ones that are required to be set, see the comments in-line for details:
TF_VAR_org_idTF_VAR_gsuite_idTF_VAR_billing_accountTF_VAR_folder_idTF_ADMIN_BUCKETTF_VAR_frontend_zone_dns_nameGOOGLE_GROUPS_DOMAINSRC_PATHREPOSITORY_NAME
You'll need to source your workstaion.env file before executing any of the steps in this Blueprint:
source workstation.env
- At this point, your workstation is ready. Continue from here by either running
./_helpers/build-infra.sh, or following the stepwise instructions for that script in Building the Infrastructure.
Known Issues and Limitations
- If your GCP Organization is shared between other users or teams, consult your Organization Admins before building the Blueprint.
- This Blueprint does not implement a multi-environment setup. There is no "pre-prod", "staging", or "production" differentiation. However, there is no reason that this Blueprint couldn't be expanded to accommodate such a setup if you so choose.
- This Blueprint is meant to showcase various GCP features and act as a starting point to build a security-focused environment focused on PCI compliance. This Blueprint has been reviewed by Coalfire but deploying an application into this environment does not qualify as being PCI-DSS compliant.
- As currently designed,
http://requests are redirected tohttps://via HTTP header inspection by the frontend microservice. More details in HTTP to HTTPS redirection
Helpful Links
- Significant portions of this project are based on "Building a multi-cluster service mesh on GKE using replicated control-plane architecture"
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].