diff --git a/README.md b/README.md index 65dc8d8..c360e63 100644 --- a/README.md +++ b/README.md @@ -98,6 +98,8 @@ Description of available input variables. Used input variables will change per t | Three Node Cluster Single NIC existing VPC / subnet | [Description](examples/three_node_cluster_single_nic_existing_vpc_existing_subnet/README.md) | | Three Node Cluster Multi NIC new VPC / subnet | [Description](examples/three_node_cluster_multi_nic_new_vpc_new_subnet/README.md) | | Three Node Cluster Multi NIC existing VPC / new subnet | [Description](examples/three_node_cluster_multi_nic_existing_vpc_new_subnet/README.md) | +| Three Node Single NIC existing VPC / subnet and 3rd party NAT GW | [Description](examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/README.md) | +| Three Node Multi NIC existing VPC / subnet and 3rd party NAT GW | [Description](examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/README.md) | | Three Node AppStack Cluster new VPC / subnet | [Description](examples/three_node_cluster_appstack_new_vpc_new_subnet/README.md) | | Three Node AppStack Cluster existing VPC / new subnet | [Description](examples/three_node_cluster_appstack_existing_vpc_new_subnet/README.md) | diff --git a/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/README.md b/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/README.md new file mode 100644 index 0000000..cbf4883 --- /dev/null +++ b/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/README.md @@ -0,0 +1,31 @@ +# Example three node multi NIC existing VPC and existing subnet with 3rd party NAT GW + +This example instantiates: + +- Three node CE +- GCP compute instance template +- GCP compute region instance group manager +- GCP compute instance +- GCP compute firewall for SLO +- GCP compute firewall for SLI +- SLO interface with private IP only + +# Usage + +- To deploy this example, GCP VPC and subnetwork for SLO and SLI interface are required in advance and in particular their names 3rd + party gateway should do SNAT and allow https IPSec ann or SSL traffic +- Prepare GPC instance image + * To be able to start a GCP VM instance, we need an instance image. This image must be saved in the Project Storage + * Follow instructions at [F5 XC GCP Image Download](https://docs.cloud.f5.com/docs/images/node-cloud-images#gcp) + * Example: gcloud compute images create rhel9-20240216075746-multi-voltmesh-us --family rhel9 --source-uri --guest-os-features="MULTI_IP_SUBNET" gs://ves-images/rhel9-20240216075746-multi-voltmesh.tar.gz + * Name of the created image will later on be used as input variable for Terraform +- Authentication can be done in different ways as outlined here: [Google Provider Authentication](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication) +- In this example we use gcloud command to authenticate. Run `gcloud auth application-default login` +- Export GCP_PROJECT_ID with: `export TF_VAR_gcp_project_id="gcp_project_name"` +- Export F5 XC API certificate password with: + * `export VES_P12_PASSWORD="p12 password"` + * `export TF_VAR_f5xc_api_p12_cert_password="$VES_P12_PASSWORD"` +- Edit `terraform.tfvars` file to align with your environment +- Copy F5XC API certificate file obtained in installation step into example directory +- Initialize with: `terraform init`, optionally run `terraform plan` +- Apply with: `terraform apply -auto-approve` or destroy with: `terraform destroy -auto-approve` \ No newline at end of file diff --git a/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/main.tf b/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/main.tf new file mode 100644 index 0000000..8bdd134 --- /dev/null +++ b/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/main.tf @@ -0,0 +1,54 @@ +locals { + custom_tags = { + Owner = var.owner + f5xc-tenant = var.f5xc_tenant + f5xc-template = "f5xc_gcp_cloud_ce_three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw" + } +} + +module "f5xc_gcp_cloud_ce_three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw" { + source = "../../modules/f5xc/ce/gcp" + owner = var.owner + is_sensitive = false + has_public_ip = false + ssh_public_key = file(var.ssh_public_key_file) + status_check_type = "cert" + gcp_region = var.gcp_region + gcp_project_id = var.gcp_project_id + gcp_instance_type = var.gcp_instance_type + gcp_instance_image = var.gcp_instance_image + gcp_instance_disk_size = var.gcp_instance_disk_size + gcp_existing_network_slo = var.gcp_existing_network_slo + gcp_existing_network_sli = var.gcp_existing_network_sli + gcp_existing_subnet_network_slo = var.gcp_existing_subnet_network_slo + gcp_existing_subnet_network_sli = var.gcp_existing_subnet_network_sli + f5xc_tenant = var.f5xc_tenant + f5xc_api_url = var.f5xc_api_url + f5xc_namespace = var.f5xc_namespace + f5xc_api_token = var.f5xc_api_token + f5xc_token_name = format("%s-%s-%s", var.project_prefix, var.f5xc_cluster_name, var.project_suffix) + f5xc_cluster_name = format("%s-%s-%s", var.project_prefix, var.f5xc_cluster_name, var.project_suffix) + f5xc_api_p12_file = var.f5xc_api_p12_file + f5xc_ce_gateway_type = var.f5xc_ce_gateway_type + f5xc_api_p12_cert_password = var.f5xc_api_p12_cert_password + f5xc_ce_nodes = { + node0 = { + az = format("%s-%s", var.gcp_region, var.gcp_zone_node0) + } + node1 = { + az = format("%s-%s", var.gcp_region, var.gcp_zone_node1) + } + node2 = { + az = format("%s-%s", var.gcp_region, var.gcp_zone_node2) + } + } + providers = { + google = google.default + volterra = volterra.default + } +} + +output "f5xc_gcp_cloud_ce_three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw" { + value = module.f5xc_gcp_cloud_ce_three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw +} + diff --git a/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/provider.tf b/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/provider.tf new file mode 100644 index 0000000..72c130c --- /dev/null +++ b/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/provider.tf @@ -0,0 +1,13 @@ +provider "volterra" { + api_p12_file = var.f5xc_api_p12_file + url = var.f5xc_api_url + alias = "default" +} + +provider "google" { + credentials = var.gcp_application_credentials != "" ? file(var.gcp_application_credentials) : null + project = var.gcp_project_id + region = var.gcp_region + zone = format("%s-%s", var.gcp_region, var.gcp_zone) + alias = "default" +} \ No newline at end of file diff --git a/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/terraform.tfvars b/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/terraform.tfvars new file mode 100644 index 0000000..06e903e --- /dev/null +++ b/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/terraform.tfvars @@ -0,0 +1,17 @@ +owner = "owner_email_address" +project_prefix = "f5xc" +project_suffix = "14" +ssh_public_key_file = "path to ssh public key file" +gcp_region = "us-east1" +gcp_zone_node0 = "b" +gcp_zone_node1 = "c" +gcp_zone_node2 = "d" +gcp_instance_image = "rhel9-20240216075746-multi-voltmesh-us" +gcp_existing_network_slo = "existing gcp network name for slo interface" +gcp_existing_network_sli = "existing gcp network name for sli interface" +gcp_existing_subnet_network_slo = "existing gcp subnetwork name for slo interface" +gcp_existing_subnet_network_sli = "existing gcp subnetwork name for sli interface" +f5xc_tenant = "full f5 xc tenant name e.g. playground-abcdefg" +f5xc_api_url = "f5 xc api url e.g. https://playground.console.ves.volterra.io/api" +f5xc_cluster_name = "gcp-ce-test" +f5xc_api_p12_file = "path_to_api_cert_file" \ No newline at end of file diff --git a/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/variables.tf b/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/variables.tf new file mode 100644 index 0000000..ca672c2 --- /dev/null +++ b/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/variables.tf @@ -0,0 +1,135 @@ +variable "project_prefix" { + type = string + description = "prefix string put in front of string" +} + +variable "project_suffix" { + type = string + description = "prefix string put at the end of string" +} + +variable "f5xc_api_p12_file" { + description = "F5 XC API certificate file" + type = string +} + +variable "f5xc_api_p12_cert_password" { + description = "F5 XC API certificate file password" + type = string + default = "" +} + +variable "f5xc_api_url" { + description = "F5 XC API URL" + type = string +} + +variable "f5xc_api_token" { + description = "F5 XC API token" + type = string +} + +variable "f5xc_tenant" { + description = "F5 XC Tenant name" + type = string +} + +variable "f5xc_namespace" { + description = "F5 XC namespace name" + type = string + default = "system" +} + +variable "f5xc_cluster_name" { + description = "F5 XC CE cluster name" + type = string +} + +variable "owner" { + description = "GCP tag owner email address" + type = string +} + +variable "f5xc_ce_gateway_type" { + description = "F5 XC CE gateway type" + type = string + default = "ingress_egress_gateway" +} + +variable "f5xc_cluster_latitude" { + description = "F5 XC CE geo latitude" + type = number + default = -73.935242 +} + +variable "f5xc_cluster_longitude" { + description = "F5 XC CE geo longitude" + type = number + default = 40.730610 +} + +variable "ssh_public_key_file" { + description = "path to ssh public key file" + type = string +} + +variable "gcp_project_id" { + description = "GCP account project id" + type = string +} + +variable "gcp_application_credentials" { + description = "GCP account credentials" + type = string + default = "" +} + +variable "gcp_instance_type" { + type = string + default = "n1-standard-4" +} + +variable "gcp_instance_disk_size" { + type = string + default = "40" +} + +variable "gcp_region" { + type = string +} + +variable "gcp_zone_node0" { + type = string +} + +variable "gcp_zone_node1" { + type = string +} + +variable "gcp_zone_node2" { + type = string +} + +variable "gcp_instance_image" { + type = string +} + +variable "gcp_existing_network_slo" { + description = "existing gcp network name slo" + type = string +} + +variable "gcp_existing_network_sli" { + description = "existing gcp network name sli" + type = string +} + +variable "gcp_existing_subnet_network_slo" { + description = "existing gcp subnetwork name slo" + type = string +} + +variable "gcp_existing_subnet_network_sli" { + description = "existing gcp subnetwork name sli" + type = string +} \ No newline at end of file diff --git a/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/versions.tf b/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/versions.tf new file mode 100644 index 0000000..3a1045d --- /dev/null +++ b/examples/three_node_multi_nic_existing_vpc_and_subnet_3rd_party_nat_gw/versions.tf @@ -0,0 +1,16 @@ +terraform { + required_version = ">= 1.3.0" + + required_providers { + volterra = { + source = "volterraedge/volterra" + version = "= 0.11.30" + } + google = { + source = "hashicorp/google" + version = ">= 4.48.0" + } + local = ">= 2.2.3" + null = ">= 3.1.1" + } +} \ No newline at end of file diff --git a/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/README.md b/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/README.md new file mode 100644 index 0000000..5f20583 --- /dev/null +++ b/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/README.md @@ -0,0 +1,30 @@ +# Example three node single NIC existing VPC and existing subnet with 3rd party NAT GW + +This example instantiates: + +- Three node CE +- GCP compute instance template +- GCP compute region instance group manager +- GCP compute instance +- GCP compute firewall for SLO +- SLO interface with private IP only + +# Usage + +- To deploy this example, GCP VPC and subnetwork for SLO interface are required in advance and in particular their names 3rd + party gateway should do SNAT and allow https IPSec ann or SSL traffic +- Prepare GPC instance image + * To be able to start a GCP VM instance, we need an instance image. This image must be saved in the Project Storage + * Follow instructions at [F5 XC GCP Image Download](https://docs.cloud.f5.com/docs/images/node-cloud-images#gcp) + * Example: gcloud compute images create rhel9-20240216075746-single-voltmesh-us --family rhel9 --source-uri gs://ves-images/rhel9-20240216075746-single-voltmesh.tar.gz + * Name of the created image will later on be used as input variable for Terraform +- Authentication can be done in different ways as outlined here: [Google Provider Authentication](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#authentication) +- In this example we use gcloud command to authenticate. Run `gcloud auth application-default login` +- Export GCP_PROJECT_ID with: `export TF_VAR_gcp_project_id="gcp_project_name"` +- Export F5 XC API certificate password with: + * `export VES_P12_PASSWORD="p12 password"` + * `export TF_VAR_f5xc_api_p12_cert_password="$VES_P12_PASSWORD"` +- Edit `terraform.tfvars` file to align with your environment +- Copy F5XC API certificate file obtained in installation step into example directory +- Initialize with: `terraform init`, optionally run `terraform plan` +- Apply with: `terraform apply -auto-approve` or destroy with: `terraform destroy -auto-approve` \ No newline at end of file diff --git a/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/main.tf b/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/main.tf new file mode 100644 index 0000000..dfce312 --- /dev/null +++ b/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/main.tf @@ -0,0 +1,54 @@ +locals { + custom_tags = { + Owner = var.owner + f5xc-tenant = var.f5xc_tenant + f5xc-template = "f5xc_gcp_cloud_ce_three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw" + } +} + +module "f5xc_gcp_cloud_ce_three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw" { + source = "../../modules/f5xc/ce/gcp" + owner = var.owner + is_sensitive = false + has_public_ip = false + ssh_public_key = file(var.ssh_public_key_file) + status_check_type = "cert" + gcp_region = var.gcp_region + gcp_project_id = var.gcp_project_id + gcp_instance_type = var.gcp_instance_type + gcp_instance_image = var.gcp_instance_image + gcp_instance_disk_size = var.gcp_instance_disk_size + gcp_existing_network_slo = var.gcp_existing_network_slo + gcp_existing_network_sli = var.gcp_existing_network_sli + gcp_existing_subnet_network_slo = var.gcp_existing_subnet_network_slo + gcp_existing_subnet_network_sli = var.gcp_existing_subnet_network_sli + f5xc_tenant = var.f5xc_tenant + f5xc_api_url = var.f5xc_api_url + f5xc_namespace = var.f5xc_namespace + f5xc_api_token = var.f5xc_api_token + f5xc_token_name = format("%s-%s-%s", var.project_prefix, var.f5xc_cluster_name, var.project_suffix) + f5xc_cluster_name = format("%s-%s-%s", var.project_prefix, var.f5xc_cluster_name, var.project_suffix) + f5xc_api_p12_file = var.f5xc_api_p12_file + f5xc_ce_gateway_type = var.f5xc_ce_gateway_type + f5xc_api_p12_cert_password = var.f5xc_api_p12_cert_password + f5xc_ce_nodes = { + node0 = { + az = format("%s-%s", var.gcp_region, var.gcp_zone_node0) + } + node1 = { + az = format("%s-%s", var.gcp_region, var.gcp_zone_node1) + } + node2 = { + az = format("%s-%s", var.gcp_region, var.gcp_zone_node2) + } + } + providers = { + google = google.default + volterra = volterra.default + } +} + +output "f5xc_gcp_cloud_ce_three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw" { + value = module.f5xc_gcp_cloud_ce_three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw +} + diff --git a/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/provider.tf b/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/provider.tf new file mode 100644 index 0000000..72c130c --- /dev/null +++ b/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/provider.tf @@ -0,0 +1,13 @@ +provider "volterra" { + api_p12_file = var.f5xc_api_p12_file + url = var.f5xc_api_url + alias = "default" +} + +provider "google" { + credentials = var.gcp_application_credentials != "" ? file(var.gcp_application_credentials) : null + project = var.gcp_project_id + region = var.gcp_region + zone = format("%s-%s", var.gcp_region, var.gcp_zone) + alias = "default" +} \ No newline at end of file diff --git a/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/terraform.tfvars b/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/terraform.tfvars new file mode 100644 index 0000000..06e903e --- /dev/null +++ b/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/terraform.tfvars @@ -0,0 +1,17 @@ +owner = "owner_email_address" +project_prefix = "f5xc" +project_suffix = "14" +ssh_public_key_file = "path to ssh public key file" +gcp_region = "us-east1" +gcp_zone_node0 = "b" +gcp_zone_node1 = "c" +gcp_zone_node2 = "d" +gcp_instance_image = "rhel9-20240216075746-multi-voltmesh-us" +gcp_existing_network_slo = "existing gcp network name for slo interface" +gcp_existing_network_sli = "existing gcp network name for sli interface" +gcp_existing_subnet_network_slo = "existing gcp subnetwork name for slo interface" +gcp_existing_subnet_network_sli = "existing gcp subnetwork name for sli interface" +f5xc_tenant = "full f5 xc tenant name e.g. playground-abcdefg" +f5xc_api_url = "f5 xc api url e.g. https://playground.console.ves.volterra.io/api" +f5xc_cluster_name = "gcp-ce-test" +f5xc_api_p12_file = "path_to_api_cert_file" \ No newline at end of file diff --git a/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/variables.tf b/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/variables.tf new file mode 100644 index 0000000..ca672c2 --- /dev/null +++ b/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/variables.tf @@ -0,0 +1,135 @@ +variable "project_prefix" { + type = string + description = "prefix string put in front of string" +} + +variable "project_suffix" { + type = string + description = "prefix string put at the end of string" +} + +variable "f5xc_api_p12_file" { + description = "F5 XC API certificate file" + type = string +} + +variable "f5xc_api_p12_cert_password" { + description = "F5 XC API certificate file password" + type = string + default = "" +} + +variable "f5xc_api_url" { + description = "F5 XC API URL" + type = string +} + +variable "f5xc_api_token" { + description = "F5 XC API token" + type = string +} + +variable "f5xc_tenant" { + description = "F5 XC Tenant name" + type = string +} + +variable "f5xc_namespace" { + description = "F5 XC namespace name" + type = string + default = "system" +} + +variable "f5xc_cluster_name" { + description = "F5 XC CE cluster name" + type = string +} + +variable "owner" { + description = "GCP tag owner email address" + type = string +} + +variable "f5xc_ce_gateway_type" { + description = "F5 XC CE gateway type" + type = string + default = "ingress_egress_gateway" +} + +variable "f5xc_cluster_latitude" { + description = "F5 XC CE geo latitude" + type = number + default = -73.935242 +} + +variable "f5xc_cluster_longitude" { + description = "F5 XC CE geo longitude" + type = number + default = 40.730610 +} + +variable "ssh_public_key_file" { + description = "path to ssh public key file" + type = string +} + +variable "gcp_project_id" { + description = "GCP account project id" + type = string +} + +variable "gcp_application_credentials" { + description = "GCP account credentials" + type = string + default = "" +} + +variable "gcp_instance_type" { + type = string + default = "n1-standard-4" +} + +variable "gcp_instance_disk_size" { + type = string + default = "40" +} + +variable "gcp_region" { + type = string +} + +variable "gcp_zone_node0" { + type = string +} + +variable "gcp_zone_node1" { + type = string +} + +variable "gcp_zone_node2" { + type = string +} + +variable "gcp_instance_image" { + type = string +} + +variable "gcp_existing_network_slo" { + description = "existing gcp network name slo" + type = string +} + +variable "gcp_existing_network_sli" { + description = "existing gcp network name sli" + type = string +} + +variable "gcp_existing_subnet_network_slo" { + description = "existing gcp subnetwork name slo" + type = string +} + +variable "gcp_existing_subnet_network_sli" { + description = "existing gcp subnetwork name sli" + type = string +} \ No newline at end of file diff --git a/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/versions.tf b/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/versions.tf new file mode 100644 index 0000000..3a1045d --- /dev/null +++ b/examples/three_node_single_nic_existing_vpc_and_subnet_3rd_party_nat_gw/versions.tf @@ -0,0 +1,16 @@ +terraform { + required_version = ">= 1.3.0" + + required_providers { + volterra = { + source = "volterraedge/volterra" + version = "= 0.11.30" + } + google = { + source = "hashicorp/google" + version = ">= 4.48.0" + } + local = ">= 2.2.3" + null = ">= 3.1.1" + } +} \ No newline at end of file