This is a brief documentation of what each of our workspaces contains.
Dispatcher:
The purpose of dispatcher workspaces is documented in this wiki article Terraform Dispatchers . But in brief dispatchers exist to create project, workspaces and users/user bindings.
Resources:
This workspace contains resources necessary for creation of TFC Workspaces and GCP Projects and setting the access permissions for them. Most specifically it uses two modules.
The first module it uses is the tfc workspace module which can be found here. This module is used to provision our workspaces.
The second module it uses is the gfc project module which can be found here. This module is used to provision all of our GCP Projects.
CICD:
The CICD workspace contains configuration of resources needed for our CICD processes.
Resources:
GKE
ArgoCD
Chartmuseum
Sonarcube
Okta (CICD Vault and ArgoCD)
Cloudflare Tunnel
DNS:
The DNS contains configuration for our safibank.online domain, which is used to expose our services and resources on the internet. And which is also used to provision our TLS Certificates.
Resources:
DNS for our projects
Workspace Identity for TLS Certificates
Environments:
All workspaces that contain env contains infrastrucutre and resources specific to environments for example, vpn, applications, monitoring etc.
I will use the folder names instead of the workspace names.
tf-environments
Contains the general configuration, for the environment. Most importantly it containst the configuration for shared_vpc which establishes all network connection in the environment.
It also provisions the terraform agents and our VPN towards Euronet.
tf-env-applications-config
Contains configuration for applications project.
Resources:
Okta (Bofe,Genesys, IAM)
tf-env-applications-infra
Provisions all infrastructure necessary to run our applications (microservices).
Resources:Postgress DB
GKE
Databases
Buckets
Firebase
Ably
tf-env-cloud_composer-infra
applications project.Provisions the necessary infrastructure to run google cloud composer.
Resources:
Cloud Composer
tf-env-cloudflare-config
Contains configuration for Cloudflare.
Resources:
API Key generation
WAF Rules
tf-env-data-config
Not used at this time. Can be used to configure necessary data resources.
tf-env-data-infra
Provisions infrastructure necessary for the data project.
Resources:
Big Query
PubSub
Cloud Functions
tf-env-hcv_secrets-config
Used to provision places for some manual secrets, should be removed in the future.
tf-env-hcvault-config
Contains configuration for hcvault project.
Resources:
Okta
Vault policies
Kubernetes auth
tf-env-hcvault-infra
Provisions infrastructure necessary to run the environment specific Hashicorp Vault.
Resources:
GKE
tf-env-meiro-infra
Provisions the infrastructure needed by Meiro, to configure their SAAS for us. Contains some VMs and access rules. Has more specific documentation here Meiro Architecture .
Resources:
VMs
Network
tf-env-monitor-config
Contains configuration for monitoring project.
Resources:
Okta
GCP Alert Rules
tf-env-monitor-infra
Provisions necessary infrastructure for running our monitoring.
Resources:
GKE
Buckets
tf-env-tms-config
Contains configuration for tms project.
tf-env-tms-infra
Provisions infrastructure for Thought Machine
Resources:
GKE
Database
tf-env-tyka-config
Contains configuration for tyka project.
tf-env-tyka-infra
Provisions the necessary infrastructure for TYK(GKE Cluster, Cloudflare tunnes, etc.)
Resources:
GKE
Database
Cloudflare HTTPS Redirect
Cloudflare TLS Settings
Cloudflare Tunnels
tf-env-vpn-config
Contains configuration for vpn project.
Resouces:
Okta
tf-env-vpn-infra
Provisions necessary infrastructure for our VPN project.
Resouces:
GKE
Cloudflare tunnels
Repos:
Contains necessary infrastructure for our repositories.
Resouces:
Artifact Repository