Skip to content
/ terraform-cloudguard-gke Public

Terraform projects which builds and onboard a GKE Cluster into Cloudguard

5 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gbrembati/terraform-cloudguard-gke

BranchesTags

Repository files navigation

Check Point CPSM Configuration

This Terraform project is intended to create a Kubernetes environment in GCP and onboards it in the CloudGuard Native Portal.
In this case, we use four different Terraform providers: Google Cloud, Kubernetes, Helm, CloudGuard.
As per my deployments (made in London), this project creates all of the following in about 10 minutes.

Which are the components created?

The project creates the following resources and combines them:

  1. GCP Networks: it connects to GCP and create a VPC with a subnet
  2. GCP Kubernetes Cluster: it creates a GKE cluster in the environment
  3. Juice Shop Deployment: it deploys a Juice Shop test application
  4. Cluster Onboarding: it creates the environment in the CloudGuard Portal
  5. Notification: it creates a notification to send the findings via mail
  6. Continuous Compliance Policy: it creates a continuous policy with the Kubernetes Best Practice Ruleset
  7. Create the Check Point components: it creates all the components needed in the cluster using a Helm Chart

How to start?

First, you need to have a CloudGuard CSPM account, and if you don't, you can create one with these links:

  1. Create an account in Europe Region
  2. Create an account in Asia Pacific Region
  3. Create an account in United States Region

Get API credentials in your CPSM Portal

Then you will need to get the API credentials that you will be using with Terraform to onboard the accounts.

CSPM Service Account

Remember to copy these two values! You will need to enter them in the .tfvars file later on.

Get the Key to access your Google Cloud Project

You would need to create an access to your GCP Project that Terraform will use to access your environment.
First you would need to create a Service Account with the following steps:

GCP Service Account

Once you have created the Service account you would need to create a JSON Key and put it in this project folder:

GCP SA Key

How to use it

The only thing that you need to do is changing the terraform.tfvars file located in this directory.

# Set in this file your deployment variables
gcp-region       = "xxxxxxxxxxxxxx"
gcp-project      = "xxxxxxxxxxxxxx"
gcp-cluster-name = "xxxxxxxxxxxxxx"
gcp-key-name     = "xxxxxxxxxxxxxx.json"

cspm-key-id      = "xxxxxxxxxxxxxx"
cspm-key-secret  = "xxxxxxxxxxxxxx"
cspm-org-unit    = "xxxxxxxxxxxxxx"
cspm-admin-mail  = "xxxxxxxxxxxxxx"

# Select your CSPM residency: usea1 [default], euwe1, apso1
cspm-residency   = "usea1"

If you want (or need) to further customize other project details, you can change defaults in the different name-variables.tf files. Here you will also be able to find the descriptions that explain what each variable is used for.

About

Terraform projects which builds and onboard a GKE Cluster into Cloudguard

Topics

terraform gcp checkpoint cloudguard cloudguard-dome9

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages