-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added compliance scanning, updated README (#9)
- Loading branch information
Showing
4 changed files
with
95 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,51 @@ | ||
# gcp-gke-service | ||
# Google Kubernetes Engine Service | ||
|
||
Nullstone module to launch a GKE container on GCP. | ||
This app module is used to create a long-running service such as an API, Web App, or Background Worker. | ||
|
||
## When to use | ||
|
||
GKE Service is a great choice for APIs, Web Apps, or Background Workers and you do not want to manage a Kubernetes cluster. | ||
|
||
## Security & Compliance | ||
|
||
Security scanning is graciously provided by [Bridgecrew](https://bridgecrew.io/). | ||
Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance. | ||
|
||
![Infrastructure Security](https://www.bridgecrew.cloud/badges/github/nullstone-modules/gcp-gke-service/general) | ||
![CIS AWS V1.3](https://www.bridgecrew.cloud/badges/github/nullstone-modules/gcp-gke-service/cis_aws_13) | ||
![PCI-DSS V3.2](https://www.bridgecrew.cloud/badges/github/nullstone-modules/gcp-gke-service/pci) | ||
![NIST-800-53](https://www.bridgecrew.cloud/badges/github/nullstone-modules/gcp-gke-service/nist) | ||
![ISO27001](https://www.bridgecrew.cloud/badges/github/nullstone-modules/gcp-gke-service/iso) | ||
![SOC2](https://www.bridgecrew.cloud/badges/github/nullstone-modules/gcp-gke-service/soc2) | ||
![HIPAA](https://www.bridgecrew.cloud/badges/github/nullstone-modules/gcp-gke-service/hipaa) | ||
|
||
## Platform | ||
|
||
This module uses [GCP GKE](https://cloud.google.com/kubernetes-engine), which is a technology that allows you to run Kubernetes container applications without managing servers. | ||
|
||
## Network Access | ||
|
||
When the service is provisioned, it is placed into private subnets on the connected network. | ||
As a result, the Fargate Service can route to services on the private network *and* is accessible on the private network. | ||
|
||
## Public Access | ||
|
||
To enable public access to the service, add an `Ingress` capability. | ||
|
||
In most cases, a `Load Balancer` capability is the best choice for exposing as it enables rollout deployments with no downtime. | ||
Additionally, a `Load Balancer` allows you to split traffic between more than 1 task based on load. | ||
|
||
## Logs | ||
|
||
Logs are automatically emitted to AWS Cloudwatch Log Group: `/<task-name>`. | ||
To access through the Nullstone CLI, use `nullstone logs` CLI command. (See [`logs`](https://docs.nullstone.io/getting-started/cli/docs.html#logs) for more information) | ||
|
||
## Secrets | ||
|
||
Nullstone automatically injects secrets into your GKE Service through environment variables. | ||
(They are stored in GCP Secrets Manager and injected by Kubernetes during launch.) | ||
|
||
## File system | ||
|
||
The root file system is configured to be read-only to prevent an attacker from making permanent local changes and prevents binaries from being written to the local filesystem. | ||
To create a persistent file system, add a `Datastore` to attach volumes or object storage. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters