GDCT

Governance

  • Introduction
    • GitHub Enterprise Team Structure
    • Attestation Process
    • Conclusion

Standards

  • Cloud
    • Azure Application (API) Gateway Management
    • Environments
    • Deployment to the APIM’s
    • Products
    • Subscriptions
    • Developer Portal
    • Signing up for an account
    • Accessing the API’s
    • Monitoring and Metrics
    • Contacting the Cloud Ops Team
    • How GDCT Manages and Provisions Subscriptions
      • Sandbox
      • Retention
      • Your Team Wants to Create Resources from Experimentation
      • TODO, complete this
    • Naming Conventions
      • Legacy Workloads and Naming
      • Repository Names
      • Subscription Example
      • Resource Group Standards
      • Resource Naming
      • What needs to change
    • Secrets Management
      • Usage Guidance
      • GitHub Secrets
      • Terraform Secrets
      • Key Vault Secrets
      • App Configuration
      • Glossary
  • Code
    • Introduction
      • What is a Self-Hosted Runner
      • Differences between GitHub-hosted and self-hosted runners
      • Seagen Self-Hosted Runner Standards
      • Other Standards
  • IaC
    • Standard Module Structure
    • Azure Storage Account Terraform Module
      • Resources
      • Example Usage
      • Storage Account
      • Containers
      • SMB File Shares
      • Inputs
      • Outputs
  • Pipelines
    • Promoting Code through the Seagen Change Control Process
  • Tooling
    • Introduction
      • Microsoft Certified Extensions
      • Hashicorp
      • Git
      • Behavior Driven Development
      • Optional Extensions
      • Added Tools

Strategies

  • Cloud Subscriptions
    • Introduction
      • Sandboxes
      • Dev/Test
      • Standardization
      • Resource Groups within Subscriptions
  • Cloud Technologies
    • Name of Resource
      • Use Cases
      • Process for Use
      • Standards and Practices
      • 2023 Plan
      • 2024 Plan
      • Release Notes
    • Azure
      • Application Insights
      • Azure Service Bus Namespace - Authorization Rule
      • Azure API Management in each of the 3 subscriptions for ETS.
      • Azure Active Directory B2C
      • Azure Active Directory Domain Services
      • Azure Active Directory (Free and Premium P1 + P2)
      • Azure SQL Server (IaaS)
      • Azure SQL Edge
      • Azure VM Image Builder
      • Azure VMware Solution
      • Azure VPN Gateway
      • Azure Advanced Threat Protection
      • Azure Advisor
      • API Management
      • Implementing Azure API Management for Cross-Functional Collaboration
      • Integrating Azure API Management into DevOps for Enhanced Support and Collaboration
      • Application Change Analysis
      • Azure App Configuration
      • Application Gateway
      • Azure Applied AI Services
      • Application Service: API Apps
      • Application Service: Mobile Apps
      • Application Service: Static Web Apps
      • Application Service: Web Apps
      • Appsource
      • Azure Arc-enabled Kubernetes
      • Azure Arc-enabled Servers
      • Azure Archive Storage
      • Azure Attestation
      • Automation
      • Azure Bastion
      • Azure Batch
      • Azure Blockchain
      • Azure Blueprints
      • Azure Bot Service
      • Azure Cache for Redis
      • Azure Cloud for Sustainability
      • Azure Cloud Shell
      • Azure Cloud Services
      • Azure Cognitive Search
      • Azure Cognitive Services REST APIs
      • Azure Cognitive Services: QnA Maker
      • Azure Cognitive Services: Anomaly Detector
      • Azure Cognitive Services: Computer Vision
      • Azure Cognitive Services: Content Moderator
      • Azure Cognitive Services: Custom Vision
      • Azure Cognitive Services: Face
      • Azure Cognitive Services: Form Recognizer
      • Azure Cognitive Services: Immersive Reader
      • Azure Cognitive Services: Language Understanding
      • Azure Cognitive Services: Personalizer
      • Azure Cognitive Services: Speech Services
      • Azure Cognitive Services: Text Analytics
      • Azure Cognitive Services: Translator
      • Azure Communication Services
      • Azure Container Instances
      • Azure Container Registry
      • Azure Container Service
      • Azure Content Delivery Network
      • Azure Cosmos DB
      • Azure Cost Management and Billing
      • Azure Data Catalog
      • Azure Data Explorer
      • Azure Data Factory
      • Azure Data Lake Analytics
      • Azure Data Share
      • Azure Database for PostgreSQL
      • Azure Database Migration Service
      • Azure DDoS Protection
      • Azure Defender for IoT
      • Azure DevOps (formerly VSTS)
      • Azure DevTest Labs
      • Azure Digital Twins
      • Azure DNS
      • Azure Event Grid
      • Azure Event Hub
      • Azure Express Route
      • Azure File Sync
      • Azure Firewall
      • Azure Firewall Manager
      • Azure Front Door
      • Azure Functions
      • Azure Healthcare API (previously API for FHIR)
      • Azure Information Protection
      • Azure Intelligent Recommendations
      • Azure IoT Hub
      • Azure Key Vault
      • Azure Kubernetes Configuration Management
      • Azure Kubernetes Service (AKS)
      • Azure Lab Services
      • Azure Load Balancer
      • Azure Logic Apps
      • Azure Machine Learning
      • Azure Managed Application
      • Azure Maps
      • Azure Media Services
      • Azure Migrate
      • Azure Monitor
      • Azure Multi-Factor Authorization
      • Azure Netapp Files 3
      • Azure Network Watcher
      • Azure Notification Hubs
      • Azure Peering Service
      • Azure Policy
      • Azure Portal
      • Azure Power BI Embedded
      • Azure Private Link
      • Azure Public IP
      • Azure Purview
      • Azure Red Hat OpenShift
      • Azure Resource Graph
      • Azure Resource Manager
      • Azure Resource Mover
      • Azure Route Server
      • Azure Scheduler
      • Azure Security Center
      • Azure SignalIR Service
      • Azure Signup Portal
      • Azure Site Recovery
      • Azure Snowflake
      • Azure Sphere
      • Azure Storage: Blob
      • Azure Storage: Disks
      • Azure Storage: Files
      • Azure Storage: Queues
      • Azure Storage: Tables
      • Leveraging Azure API Management for Organizational Growth
      • Azure Service Fabric
      • Azure Service Health
      • Azure Synapse Analytics
      • Azure Time Series Insights
      • Azure Traffic Manager
      • Azure Virtual WAN
      • Azure Virtual Desktop
      • Azure Virtual Machine (incl. Reserved Instances)
      • Azure Virtual Machine Scale Sets
      • Azure Virtual Network
      • Azure Virtual Network Address Translation (NAT)
      • Azure Web App Firewall
      • Azure Web PubSub
      • Azure SQL and MSSQL Server Secure Access Restrictions and Requirements
      • Azure SQL PaaS Database
      • Databricks Workspace Computing
      • Microsoft Genomics
      • Microsoft Power Automate
      • Name of Cloud Technology
    • Google (GCP)
      • Google IAM and Admin
      • Google Anthos
      • Google API and Services
      • Google App Engine
      • Google Application Integration
      • Google Artifact Registry
      • Google Batch
      • Google BigQuery
      • Google BigTable
      • Google Billing
      • Google Bucket
      • Google Cloud Build
      • Google Cloud Run
      • Google Cloud Scheduler
      • Google Cloud Storage
      • Google Cloud Tasks
      • Google Compliance
      • Google Compute Engine
      • Google Container Registry
      • Google Data Transfer
      • Google Databricks
      • Google Dataflow
      • Google Dataprep
      • Google Dataproc
      • Google Debugger
      • Google Deployment Manager
      • Google Document DB
      • Google Elastic Cloud
      • Google Error Reporting
      • Google Filestore
      • Google Functions
      • Google Healthcare
      • Google Hybrid Connectivity
      • Google Identity Platform
      • Google Kubernetes Engine
      • Google Life Sciences
      • Google Logging
      • Google Maps Platform
      • Google Memorystore
      • Google Monitoring
      • Google Network Intelligence
      • Google Network Security
      • Google Network Services
      • Google Network Service Tiers
      • Google Profiler
      • Google Pub/Sub
      • Google Security
      • Google Service Catalog
      • Google Spanner
      • Google SQL Server (IaaS)
      • Google Support
      • Google Trace
      • Google Vertex AI
      • Google Vertex AI Vision
      • Google VPC Network
      • Google Workflows
      • Introduction
    • Oracle
      • Introduction
    • Salesforce
      • Introduction
  • Mono Repos
    • Introduction
      • When can it be used
      • What are some challenges with monorepos
      • Who are using monorepos today
      • What to consider when creating and using a monorepo
      • Next steps
      • References
  • Infrastructure
    • Introduction
      • Assumptions
      • Site Provisioning
      • Onboarding a Repo
    • Using the 3-digit Server VM Code
      • Domain
      • Who owns the process
      • What happens when there is not a 3 letter code
      • Decision from GDCT
      • Issues
  • Monitoring
    • Monitoring Strategy for Global Digital Cloud Transformation
      • Technical Implementation of Services
  • Network
    • Strategy: Azure Region Peering
      • Planning for the Global Azure Infrastructure
      • Differences Between Peering and VPN
      • Peered Azure Region
      • VPN Connection
      • Advantages to Peering
      • Azure Peering Security Considerations
      • Security Benefits
      • Security Concerns
      • Zero Trust Architecture Implications
      • Conclusion
    • Managing IP Addresses with Azure Region Peering
      • Plan your IP address space
      • Subnet allocation
      • Reserve IP ranges for future use
      • Consistent naming and tagging
      • Use IP address management (IPAM) tools like Efficient IP
      • Automate IP allocation
      • Monitor and audit IP address usage
      • Update and maintain IP address documentation
      • Conclusion
  • Testing
    • Test Automation Framework
      • Tooling
    • Introduction
      • Scope of Change
      • Engineering
      • Applications and Solutions
      • Authentication and Authorization
      • Data and Information Quality Management
      • Baseline Testing
      • Infrastructure and Hardware Testing
  • Training
    • Cloud Training
      • Outline
    • Training Paths
      • Introduction to Global Digital Cloud Transformation
      • Continuous Integration/Continuous Delivery (CI/CD)
      • Developer Training
      • Analyst/Tester Training
      • References
      • CI/CD
      • Cloud
      • Analyst/Tester
    • GitHub
      • GDCT Request Automation
      • GitHub Introduction
      • Shift Quality to the Left
      • What is GitHub and GitHub Actions
  • Vision
    • Configuration as Code
      • CaC Solves Real Problems
      • Manage any Configuration
      • Manage On-Premises - OS - Lab Distributions and Configuration
      • Vision
      • References
    • Infrastructure as Code
      • IaC solves real problems
      • Manage any Infrastructure
      • Module Support
      • Terraform Resources
      • Resources That are Not Allowed
      • Standardize your deployment workflow
      • IaC delivers real benefits
      • Prefer declarative definitions
      • Using IaC on Azure
      • Vision
      • Out of Scope
      • References
    • M1 Scope for GDCT
      • Criteria for Success
      • Onboarding Changes
      • Azure Resource Deployment
      • Google Resource Deployment
      • Oracle Resource Deployment
      • Salesforce Veeva Deployment
      • Terraform Cloud
      • Octoperf Test Automation
      • Overall Process
  • VSM Imaging
    • Introduction
      • Roadmap
      • Timeline
      • Ingestion Process
      • Scale
      • Number of Concurrent Users
  • Zero Trust Architecture
    • Zero Trust Architecture
      • How is ZTA Measured?
      • What is the Value of ZTA
      • What IT Teams are Involved in ZTA?
      • What are the Risks of not Implementing Zero Trust Architecture?
      • References
    • Introduction
      • How can ZTA be Applied to an Application Running in Azure?
      • How can ZTA be Applied to a Data Architecture and our Data Ecosystem?
      • How can ZTA be Applied to the Implementation of a Manufacturing Process Automation System?
    • Introduction
      • Problems
      • Scenarios
      • Deliverables by EOY

How-Tos

  • Getting Started with GitHub and Terraform
    • Project Request Process
  • Azure Arc
    • How to deploy and link arc related resources
      • Files - they should be used in this order for optimal results
      • General Information Before You Start
      • Azure Arc Location
    • How to setup AKS cluster and hook it up to Azure Arc
      • Create a new cluster and connect to it
      • Once you have a cluster running
      • Once the cluster is conected, you can move on to install the data controller and app services extensions with a new location
    • This holds instructions on how to setup a GKE cluster and link it to to Azure Arc
      • Create a new cluster and connect to it
      • Install gcloud locally or use a cloud shell in the UI to run the following commands
      • Hook it up to ARC, this will be run locally or on the Azure side:
      • Once the cluster is conected, you can move on to install the data controller and app services extensions with a new location
    • This describes the process to install the following extensions on the Arc resource for the Kubenetes clusters created
      • All the above services can be added through the UI by navigating to the Extensions page for the Arc resource for the clusters
      • It is recommended to use a Log Analytics Workspace
      • Once these are installed you can now deploy apps, functions, and managed SQL to the new custom location
    • This holds instructions on how to setup a VM or SQL VM in Arc
      • Detailed instructions on how to setup a VM or SQL VM
      • If you are unable to login to AZ then you will have to do the following while setting up a VM
    • This page outlines ways to troubleshoot your Arc deployments
      • How to verify the pods are running the workload
      • Please add more troubleshooting instructions here as they arrise
  • Automated Testing
    • Introduction to Octoperf
      • Logging In
      • Navigation
      • Design the Tests
      • Run the Tests
      • Analysis
      • Limits
      • Recommendations
      • Conclusion
  • LeanIX VSM Integration with GitHub Actions
  • Introduction
    • Local Setup
    • Configuration
    • Building/Testing Locally
    • Publishing Documentation
    • References
  • Start Developing: Introduction
    • How to Get Started
  • How-to: Enter Something Here
    • Background
    • Details
    • Expectations
    • Assumptions
    • Outcomes
    • References

Architectures

  • Lambda Architecture
    • Batch Layer
    • Serving Layer
    • Speed Layer (Stream Layer)
    • Benefits of lambda architectures
    • Challenges with lambda architectures
    • Seagen Demand
    • References
  • Rx Logix Documentation

Registry

  • Blueprint: CosmosDB and Global Replication
    • Overall Plan
    • Core Cloud Components
    • Base Configuration
    • Testing - Monitoring - Support
    • Training - Delivery
  • Blueprint: CKan Knowledge Platform
    • Overall Plan
    • Core Cloud Components
    • Base Configuration
    • Testing - Monitoring - Support
    • Training - Delivery
  • Blueprint: CosmosDB and Global Replication
    • Overall Plan
    • Core Cloud Components
    • Base Configuration
    • Development and Staging Subscriptions
    • Development and Staging Defaults
    • Performance and Production Defaults
    • Testing - Monitoring - Support
    • Training - Delivery
    • References
  • Blueprint: Azure SQL with Networked Global Delivery
    • Overall Plan
    • Core Cloud Components
    • Base Configuration
    • Development and Staging Subscriptions
    • User Defined Settings
    • Defaulted Module Settings Network
    • Testing - Monitoring - Support
    • Training - Delivery

SLAs

  • September 3, 2021
    • Project Goals
    • SLO and SLAs
    • Metrics

Support

  • Introduction
    • Approach for Cloud Product Management
    • Ongoing Cloud Governance
    • Resources Needed
    • 2023 Roadmap
    • Cloud Engineering and Networking
    • Resources Needed
    • 2023 Roadmap
    • DevOps Automation and Operations
    • Resources Needed
    • 2023 Roadmap
    • Platform Needs
      • GitHub Enterprise
      • Snyk
      • Octoperf
      • Terraform
      • Sentinel
      • Artifactory
      • Ansible Cloud
      • Cloud Account Management
      • Cloud Server Management
      • Cloud Network Management
      • Ephemeral Environments
      • Monitoring
      • Cloud Monitoring
      • Application Support
  • DevOps Community of Practice
    • Scenarios
    • Governance
    • Community Support
    • DRAFT FOLLOW-UPS
  • Git SCM Support
    • Installation
      • Windows
      • MAC
    • Documentation
    • GitHub Support
    • Setting User Name and Email
  • Terraform Module Support
    • Versioning
    • What does support mean
    • What Terraform providers are supported by Global DevSecOps
    • What Terraform Modules are currently supported by Global DevSecOps
      • Azure Kubernetes Services
      • Azure API Management
      • Azure Application Insights
      • Azure Authorization Rules
      • Azure Cognitive Account Services - v.007
      • Azure Cosmos DB - v.0.0.11
      • Azure SQL Database - v 0.0.22
      • Azure Databricks Cluster - v0.0.8
      • Azure Databricks Workspaces - v0.0.1
      • Azure Data Factory - v0.0.12
      • Azure Data Lake Gen 2 - v0.0.6
      • Azure Firewall - v0.0.1
      • Azure Function Apps - v0.0.8
      • Azure Identify Providers - v0.0.9
      • Azure Key Vault - v0.0.4
      • Azure Kubernetes Cluster - v0.0.1
      • Azure Network Watcher - v0.0.9
      • Azure Redis Cache - v0.0.6
      • Azure Service Bus - v0.0.7
      • Azure Signal R - v0.0.18
      • Azure Storage - v0.0.7
      • Azure VNET - v0.0.7
      • Azure Windows Web App - v0.0.5
      • Google App Engine - v0.0.3
      • Google Big Query - v5.2.0
      • Google Cloud Build - v0.1.0
      • Google Cloud Run - v0.0.3
      • Google Cloud Storage - v3.2.0
      • Google Databricks - v0.1.0
      • Google Data Flow - v2.1.0
      • Google Data Processor - v0.0.2
      • Google Event Function - v2.2.0
      • Google Cloud Commands - v3.1.1
      • Google Groups - v0.0.1
      • Google Healthcare - v2.2.0
      • Google Kubernetes - v19.0.0
      • Google Memory Store - v4.1.0
      • Google Network - v5.0.0
      • Google Project Services - v0.0.0
      • Google PubSub - v3.2.0
      • Google Scheduled Function - v2.2.0
      • Google Secret Manager - v0.3.1
      • Google Spanner - v0.2.0
      • Google SQL DB - v8.0.0
GDCT
  • Azure Arc
  • This holds instructions on how to setup a GKE cluster and link it to to Azure Arc
  • View page source

This holds instructions on how to setup a GKE cluster and link it to to Azure Arc

For an overview of setting up a cluster please see the following article
For an overview of how to conect Kubectl to a cluster see the following article

Create a new cluster and connect to it

Start a cluster from the UI in Google cloud, make sure to create a node cluster with the following minimal specs

  • 3 nodes

  • 4 VCPU’s per node

  • 16GB RAM per node

You wil also need the following IAM permissions to be able to execute the commands needed

  • “Kubernetes Engine Admin” = this is set at the seagen-devops account for your user through IAM

  • Kubectl createclusterrolebinding “your-name”-cluster-admin-binding –clusterrole=cluster-admin –user=”your-email-or-user”

Install gcloud locally or use a cloud shell in the UI to run the following commands

To connect to the cluster run the following commands:

  • gcloud components install gke-gcloud-auth-plugin

  • gcloud config set account seagen-devops

  • gcloud auth login

  • gcloud config set project seagen-devops

  • gcloud container clusters get-credentials “cluster-name” –region=”region”

Then we can run kubectl commands on the GKE

  • kubectl get namespaces

Hook it up to ARC, this will be run locally or on the Azure side:

  • Az connectedk8s connect –name “your-arc-gke-name” –resource-group “resource-group”

Once the cluster is conected, you can move on to install the data controller and app services extensions with a new location

See file install-extensions.md

Previous Next

© Copyright 2023, ETS.

Built with Sphinx using a theme provided by Read the Docs.