Infrastructure-only

Deploying Infrastructure-Only in Google GCP

Contents

• Introduction
• Prerequisites
• Important Configuration Notes
• Installation Example

Introduction

This solution uses a Terraform template to launch a new networking stack. It will create three VPC networks with one subnet each: mgmt, external, internal. Use this terraform template to create your Google VPC infrastructure, and then head back to the BIG-IP GCP Terraform folder to get started!

Prerequisites

• This template requires a service account to deploy with the Terraform Google provider and build out all the neccessary Google objects
  • See the Terraform Google Provider "Adding Credentials" for details. Also, review the available Google GCP permission scopes too.
  • Permissions will depend on the objects you are creating
  • My service account for Terraform deployments in GCP uses the following roles:
    • Compute Admin
    • Storage Admin
    • Service Account User
    • Service Account Admin
    • Project IAM Admin
  • Note: Make sure to practice least privilege

Important Configuration Notes

• Variables are configured in variables.tf
• Sensitive variables like Google SSH keys are configured in terraform.tfvars
  • Note: Other items like BIG-IP password are stored in Google Cloud Secret Manager. Refer to the Prerequisites.
• Files
  • main.tf - resources for provider, versions, storage bucket
  • network.tf - resources for VPCs, subnets, firewall rules

Requirements

Name	Version
terraform	>= 1.2.0
google	>= 4.57.0

Providers

Name	Version
google	4.57.0
random	3.4.3

Modules

No modules.

Resources

Name	Type
google_compute_firewall.app	resource
google_compute_firewall.app-ilb-probe	resource
google_compute_firewall.default-allow-internal-ext	resource
google_compute_firewall.default-allow-internal-int	resource
google_compute_firewall.default-allow-internal-mgmt	resource
google_compute_firewall.mgmt	resource
google_compute_firewall.one_nic	resource
google_compute_network.vpc_ext	resource
google_compute_network.vpc_int	resource
google_compute_network.vpc_mgmt	resource
google_compute_subnetwork.vpc_ext_sub	resource
google_compute_subnetwork.vpc_int_sub	resource
google_compute_subnetwork.vpc_mgmt_sub	resource
random_id.buildSuffix	resource

Inputs

Name	Description	Type	Default	Required
adminSrcAddr	Allowed Admin source IP prefix	string	"0.0.0.0/0"	no
ext_address_prefix	External subnet address prefix	string	"10.1.10.0/24"	no
f5_cloud_failover_label	This is a tag used for F5 Cloud Failover Extension to identity which cloud objects to move during a failover event.	string	"myFailover"	no
gcp_project_id	GCP Project ID for provider	string	null	no
gcp_region	GCP Region for provider	string	"us-west1"	no
gcp_zone_1	GCP Zone 1 for provider	string	"us-west1-a"	no
int_address_prefix	Internal subnet address prefix	string	"10.1.20.0/24"	no
mgmt_address_prefix	Management subnet address prefix	string	"10.1.1.0/24"	no
projectPrefix	This value is inserted at the beginning of each Google object (alpha-numeric, no special character)	string	"demo"	no
resourceOwner	This is a tag used for object creation. Example is last name.	string	null	no

Outputs

Name	Description
external_subnet_name	External subnet name
external_vpc	External VPC name
internal_subnet_name	Internal subnet name
internal_vpc	Internal VPC name
mgmt_subnet_name	Management subnet name
mgmt_vpc	Management VPC name

Installation Example

To run this Terraform template, perform the following steps:

1. Clone the repo to your favorite location
2. Modify terraform.tfvars with the required information

    # Google Environment
    projectPrefix  = "mydemo123"
    adminSrcAddr   = "0.0.0.0/0"
    gcp_project_id = "xxxxx"
    gcp_region     = "us-west1"
    gcp_zone_1     = "us-west1-a"
    resourceOwner  = "mylastname"

3. Initialize the directory

    terraform init

4. Test the plan and validate errors

    terraform plan

5. Finally, apply and deploy

    terraform apply

6. When done with everything, don't forget to clean up!

    terraform destroy

Documentation

Visit DevCentral to read Service Discovery in Google Cloud with F5 BIG-IP where I show you my basic VPC setup (networks, subnets) along with firewall rules.