add additional topologies

README.md

@@ -98,6 +98,8 @@ Description of available input variables. Used input variables will change per t
 | Three Node Cluster Single NIC existing VPC / subnet                         | [Description](examples/three_node_cluster_single_nic_existing_vpc_existing_subnet/README.md)      |
 | Three Node Cluster Multi NIC new VPC / subnet                               | [Description](examples/three_node_cluster_multi_nic_new_vpc_new_subnet/README.md)                 |
 | Three Node Cluster Multi NIC existing VPC / new subnet                      | [Description](examples/three_node_cluster_multi_nic_existing_vpc_new_subnet/README.md)            |
+| Three Node Single NIC existing VPC / subnet and 3rd party NAT GW            | [Description](examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/README.md)  |
+| Three Node Multi NIC existing VPC / subnet and 3rd party NAT GW             | [Description](examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/README.md)   |
 | Three Node AppStack Cluster new VPC / subnet                                | [Description](examples/three_node_cluster_appstack_new_vpc_new_subnet/README.md)                  |
 | Three Node AppStack Cluster existing VPC / new subnet                       | [Description](examples/three_node_cluster_appstack_existing_vpc_new_subnet/README.md)             |
 

examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/README.md

@@ -0,0 +1,31 @@
+# Example three node multi NIC existing VPC and existing subnet with 3rd party NAT GW
+
+This example instantiates:
+
+- Three node CE
+- GCP compute instance template
+- GCP compute region instance group manager
+- GCP compute instance
+- GCP compute firewall for SLO
+- GCP compute firewall for SLI
+- SLO interface with private IP only
+
+# Usage
+
+- To deploy this example, GCP VPC and subnetwork for SLO and SLI interface are required in advance and in particular their names 3rd
+  party gateway should do SNAT and allow https IPSec ann or SSL traffic
+- Prepare GPC instance image
+    * To be able to start a GCP VM instance, we need an instance image. This image must be saved in the Project Storage
+    * Follow instructions at [F5 XC GCP Image Download](https://docs.cloud.f5.com/docs/images/node-cloud-images#gcp)
+    * Example: gcloud compute images create rhel9-20240216075746-multi-voltmesh-us --family rhel9 --source-uri --guest-os-features="MULTI_IP_SUBNET" gs://ves-images/rhel9-20240216075746-multi-voltmesh.tar.gz
+    * Name of the created image will later on be used as input variable for Terraform
+- Authentication can be done in different ways as outlined here: [Google Provider Authentication](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication)
+- In this example we use gcloud command to authenticate. Run `gcloud auth application-default login`
+- Export GCP_PROJECT_ID with: `export TF_VAR_gcp_project_id="gcp_project_name"`
+- Export F5 XC API certificate password with:
+    * `export VES_P12_PASSWORD="p12 password"`
+    * `export TF_VAR_f5xc_api_p12_cert_password="$VES_P12_PASSWORD"`
+- Edit `terraform.tfvars` file to align with your environment
+- Copy F5XC API certificate file obtained in installation step into example directory
+- Initialize with: `terraform init`, optionally run `terraform plan`
+- Apply with: `terraform apply -auto-approve` or destroy with: `terraform destroy -auto-approve`

examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/main.tf

@@ -0,0 +1,54 @@
+locals {
+  custom_tags = {
+    Owner         = var.owner
+    f5xc-tenant   = var.f5xc_tenant
+    f5xc-template = "f5xc_gcp_cloud_ce_three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw"
+  }
+}
+
+module "f5xc_gcp_cloud_ce_three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw" {
+  source                          = "../../modules/f5xc/ce/gcp"
+  owner                           = var.owner
+  is_sensitive                    = false
+  has_public_ip                   = false
+  ssh_public_key                  = file(var.ssh_public_key_file)
+  status_check_type               = "cert"
+  gcp_region                      = var.gcp_region
+  gcp_project_id                  = var.gcp_project_id
+  gcp_instance_type               = var.gcp_instance_type
+  gcp_instance_image              = var.gcp_instance_image
+  gcp_instance_disk_size          = var.gcp_instance_disk_size
+  gcp_existing_network_slo        = var.gcp_existing_network_slo
+  gcp_existing_network_sli        = var.gcp_existing_network_sli
+  gcp_existing_subnet_network_slo = var.gcp_existing_subnet_network_slo
+  gcp_existing_subnet_network_sli = var.gcp_existing_subnet_network_sli
+  f5xc_tenant                     = var.f5xc_tenant
+  f5xc_api_url                    = var.f5xc_api_url
+  f5xc_namespace                  = var.f5xc_namespace
+  f5xc_api_token                  = var.f5xc_api_token
+  f5xc_token_name                 = format("%s-%s-%s", var.project_prefix, var.f5xc_cluster_name, var.project_suffix)
+  f5xc_cluster_name               = format("%s-%s-%s", var.project_prefix, var.f5xc_cluster_name, var.project_suffix)
+  f5xc_api_p12_file               = var.f5xc_api_p12_file
+  f5xc_ce_gateway_type            = var.f5xc_ce_gateway_type
+  f5xc_api_p12_cert_password      = var.f5xc_api_p12_cert_password
+  f5xc_ce_nodes = {
+    node0 = {
+      az = format("%s-%s", var.gcp_region, var.gcp_zone_node0)
+    }
+    node1 = {
+      az = format("%s-%s", var.gcp_region, var.gcp_zone_node1)
+    }
+    node2 = {
+      az = format("%s-%s", var.gcp_region, var.gcp_zone_node2)
+    }
+  }
+  providers = {
+    google   = google.default
+    volterra = volterra.default
+  }
+}
+
+output "f5xc_gcp_cloud_ce_three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw" {
+  value = module.f5xc_gcp_cloud_ce_three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw
+}
+

examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/provider.tf

@@ -0,0 +1,13 @@
+provider "volterra" {
+  api_p12_file = var.f5xc_api_p12_file
+  url          = var.f5xc_api_url
+  alias        = "default"
+}
+
+provider "google" {
+  credentials = var.gcp_application_credentials != "" ? file(var.gcp_application_credentials) : null
+  project     = var.gcp_project_id
+  region      = var.gcp_region
+  zone        = format("%s-%s", var.gcp_region, var.gcp_zone)
+  alias       = "default"
+}

examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/terraform.tfvars

@@ -0,0 +1,17 @@
+owner                           = "owner_email_address"
+project_prefix                  = "f5xc"
+project_suffix                  = "14"
+ssh_public_key_file             = "path to ssh public key file"
+gcp_region                      = "us-east1"
+gcp_zone_node0                  = "b"
+gcp_zone_node1                  = "c"
+gcp_zone_node2                  = "d"
+gcp_instance_image              = "rhel9-20240216075746-multi-voltmesh-us"
+gcp_existing_network_slo        = "existing gcp network name for slo interface"
+gcp_existing_network_sli        = "existing gcp network name for sli interface"
+gcp_existing_subnet_network_slo = "existing gcp subnetwork name for slo interface"
+gcp_existing_subnet_network_sli = "existing gcp subnetwork name for sli interface"
+f5xc_tenant                     = "full f5 xc tenant name e.g. playground-abcdefg"
+f5xc_api_url                    = "f5 xc api url e.g. https://playground.console.ves.volterra.io/api"
+f5xc_cluster_name               = "gcp-ce-test"
+f5xc_api_p12_file               = "path_to_api_cert_file"

examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/variables.tf

@@ -0,0 +1,135 @@
+variable "project_prefix" {
+  type        = string
+  description = "prefix string put in front of string"
+}
+
+variable "project_suffix" {
+  type        = string
+  description = "prefix string put at the end of string"
+}
+
+variable "f5xc_api_p12_file" {
+  description = "F5 XC API certificate file"
+  type        = string
+}
+
+variable "f5xc_api_p12_cert_password" {
+  description = "F5 XC API certificate file password"
+  type        = string
+  default     = ""
+}
+
+variable "f5xc_api_url" {
+  description = "F5 XC API URL"
+  type        = string
+}
+
+variable "f5xc_api_token" {
+  description = "F5 XC API token"
+  type        = string
+}
+
+variable "f5xc_tenant" {
+  description = "F5 XC Tenant name"
+  type        = string
+}
+
+variable "f5xc_namespace" {
+  description = "F5 XC namespace name"
+  type        = string
+  default     = "system"
+}
+
+variable "f5xc_cluster_name" {
+  description = "F5 XC CE cluster name"
+  type        = string
+}
+
+variable "owner" {
+  description = "GCP tag owner email address"
+  type        = string
+}
+
+variable "f5xc_ce_gateway_type" {
+  description = "F5 XC CE gateway type"
+  type        = string
+  default     = "ingress_egress_gateway"
+}
+
+variable "f5xc_cluster_latitude" {
+  description = "F5 XC CE geo latitude"
+  type        = number
+  default     = -73.935242
+}
+
+variable "f5xc_cluster_longitude" {
+  description = "F5 XC CE geo longitude"
+  type        = number
+  default     = 40.730610
+}
+
+variable "ssh_public_key_file" {
+  description = "path to ssh public key file"
+  type        = string
+}
+
+variable "gcp_project_id" {
+  description = "GCP account project id"
+  type        = string
+}
+
+variable "gcp_application_credentials" {
+  description = "GCP account credentials"
+  type        = string
+  default     = ""
+}
+
+variable "gcp_instance_type" {
+  type    = string
+  default = "n1-standard-4"
+}
+
+variable "gcp_instance_disk_size" {
+  type    = string
+  default = "40"
+}
+
+variable "gcp_region" {
+  type = string
+}
+
+variable "gcp_zone_node0" {
+  type = string
+}
+
+variable "gcp_zone_node1" {
+  type = string
+}
+
+variable "gcp_zone_node2" {
+  type = string
+}
+
+variable "gcp_instance_image" {
+  type = string
+}
+
+variable "gcp_existing_network_slo" {
+  description = "existing gcp network name slo"
+  type        = string
+}
+
+variable "gcp_existing_network_sli" {
+  description = "existing gcp network name sli"
+  type        = string
+}
+
+variable "gcp_existing_subnet_network_slo" {
+  description = "existing gcp subnetwork name slo"
+  type        = string
+}
+
+variable "gcp_existing_subnet_network_sli" {
+  description = "existing gcp subnetwork name sli"
+  type        = string
+}

examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/versions.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_version = ">= 1.3.0"
+
+  required_providers {
+    volterra = {
+      source  = "volterraedge/volterra"
+      version = "= 0.11.30"
+    }
+    google = {
+      source = "hashicorp/google"
+      version = ">= 4.48.0"
+    }
+    local = ">= 2.2.3"
+    null  = ">= 3.1.1"
+  }
+}

examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/README.md

@@ -0,0 +1,30 @@
+# Example three node single NIC existing VPC and existing subnet with 3rd party NAT GW
+
+This example instantiates:
+
+- Three node CE
+- GCP compute instance template
+- GCP compute region instance group manager
+- GCP compute instance
+- GCP compute firewall for SLO
+- SLO interface with private IP only
+
+# Usage
+
+- To deploy this example, GCP VPC and subnetwork for SLO interface are required in advance and in particular their names 3rd
+  party gateway should do SNAT and allow https IPSec ann or SSL traffic
+- Prepare GPC instance image
+    * To be able to start a GCP VM instance, we need an instance image. This image must be saved in the Project Storage
+    * Follow instructions at [F5 XC GCP Image Download](https://docs.cloud.f5.com/docs/images/node-cloud-images#gcp)
+    * Example: gcloud compute images create rhel9-20240216075746-single-voltmesh-us --family rhel9 --source-uri gs://ves-images/rhel9-20240216075746-single-voltmesh.tar.gz
+    * Name of the created image will later on be used as input variable for Terraform
+- Authentication can be done in different ways as outlined here: [Google Provider Authentication](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication)
+- In this example we use gcloud command to authenticate. Run `gcloud auth application-default login`
+- Export GCP_PROJECT_ID with: `export TF_VAR_gcp_project_id="gcp_project_name"`
+- Export F5 XC API certificate password with:
+    * `export VES_P12_PASSWORD="p12 password"`
+    * `export TF_VAR_f5xc_api_p12_cert_password="$VES_P12_PASSWORD"`
+- Edit `terraform.tfvars` file to align with your environment
+- Copy F5XC API certificate file obtained in installation step into example directory
+- Initialize with: `terraform init`, optionally run `terraform plan`
+- Apply with: `terraform apply -auto-approve` or destroy with: `terraform destroy -auto-approve`

examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/main.tf

@@ -0,0 +1,54 @@
+locals {
+  custom_tags = {
+    Owner         = var.owner
+    f5xc-tenant   = var.f5xc_tenant
+    f5xc-template = "f5xc_gcp_cloud_ce_three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw"
+  }
+}
+
+module "f5xc_gcp_cloud_ce_three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw" {
+  source                          = "../../modules/f5xc/ce/gcp"
+  owner                           = var.owner
+  is_sensitive                    = false
+  has_public_ip                   = false
+  ssh_public_key                  = file(var.ssh_public_key_file)
+  status_check_type               = "cert"
+  gcp_region                      = var.gcp_region
+  gcp_project_id                  = var.gcp_project_id
+  gcp_instance_type               = var.gcp_instance_type
+  gcp_instance_image              = var.gcp_instance_image
+  gcp_instance_disk_size          = var.gcp_instance_disk_size
+  gcp_existing_network_slo        = var.gcp_existing_network_slo
+  gcp_existing_network_sli        = var.gcp_existing_network_sli
+  gcp_existing_subnet_network_slo = var.gcp_existing_subnet_network_slo
+  gcp_existing_subnet_network_sli = var.gcp_existing_subnet_network_sli
+  f5xc_tenant                     = var.f5xc_tenant
+  f5xc_api_url                    = var.f5xc_api_url
+  f5xc_namespace                  = var.f5xc_namespace
+  f5xc_api_token                  = var.f5xc_api_token
+  f5xc_token_name                 = format("%s-%s-%s", var.project_prefix, var.f5xc_cluster_name, var.project_suffix)
+  f5xc_cluster_name               = format("%s-%s-%s", var.project_prefix, var.f5xc_cluster_name, var.project_suffix)
+  f5xc_api_p12_file               = var.f5xc_api_p12_file
+  f5xc_ce_gateway_type            = var.f5xc_ce_gateway_type
+  f5xc_api_p12_cert_password      = var.f5xc_api_p12_cert_password
+  f5xc_ce_nodes = {
+    node0 = {
+      az = format("%s-%s", var.gcp_region, var.gcp_zone_node0)
+    }
+    node1 = {
+      az = format("%s-%s", var.gcp_region, var.gcp_zone_node1)
+    }
+    node2 = {
+      az = format("%s-%s", var.gcp_region, var.gcp_zone_node2)
+    }
+  }
+  providers = {
+    google   = google.default
+    volterra = volterra.default
+  }
+}
+
+output "f5xc_gcp_cloud_ce_three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw" {
+  value = module.f5xc_gcp_cloud_ce_three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw
+}
+

examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/provider.tf

@@ -0,0 +1,13 @@
+provider "volterra" {
+  api_p12_file = var.f5xc_api_p12_file
+  url          = var.f5xc_api_url
+  alias        = "default"
+}
+
+provider "google" {
+  credentials = var.gcp_application_credentials != "" ? file(var.gcp_application_credentials) : null
+  project     = var.gcp_project_id
+  region      = var.gcp_region
+  zone        = format("%s-%s", var.gcp_region, var.gcp_zone)
+  alias       = "default"
+}