f5xcs-multi-region-appstack-gcp
This is a non-official F5 repository. This repo is not supported by F5 or DevCentral!
This repo will provide a solution for deploying F5 XCS Multi-Region Multi-Zone AppStack in GCP.
Distributed Cloud GCP Multi-Region Multi-Zone AppStack
The goal of this solution is to provide the infrastructure for a working demo to deploy F5 Distributed Cloud AppStack and Virtual Kubernetes (vk8s) on GCP in multiple regions with multiple zones.
To do
- Optional step (if you plan to run Managed or Physical k8s):
- Add cluster role with proper policy rules.
- URL List
- URLs:*
- Allowed Verbs:*
- Resource List
- API Groups:*
- Resource Types:*
- Allowed Verbs:*
- Resource List
- API Groups:rbac.authorization.k8s.io
- Resource Types:rolebindings, clusterroles, clusterrolebindings
- Resource Instances:admin, edit, view
- Allowed Verbs:create, bind, escalate
- URL List
- Add Cluster Role Bidning for user. Select ves-io-admin-cluster-role.
- Subject - email of user account
- Add cluster role with proper policy rules.
- Infrastructure buildout in GCP
- Run example_prep.sh
- Export variables:
- export VOLT_API_P12_FILE=/creds/.api-creds.p12
- export VES_P12_PASSWORD=12345678
- export GCP_PROJECT=project_name
- export GCP_ROLE_ID=xcs_gcp_vpc_role
- export GCP_ACCOUNT_ID=xcs-gcp-vpc-spn
- Validate GCP Role ID and Account ID were created in proper project
- Create a tfvars file or override.tf
- Manully or Auto Deploy (see Deployment options below):
Topology
- High Level Topology
Requirements
Name | Version |
---|---|
terraform | >= 0.13 |
~> 4.15.0 | |
http | 2.1.1 |
volterrarm | 0.11.6 |
Modules
Name | Source | Version |
---|---|---|
util | ./util | n/a |
gcp | ./gcp | n/a |
xcs | ./xcs | n/a |
Inputs
Name | Description | Type | Default |
---|---|---|---|
projectname | REQUIRED: This is your GCP Project Name | string |
"gcp_project_name" |
tenant_name | REQUIRED: This is your Volterra Tenant Name: https://<tenant_name>.console.ves.volterra.io/api | string |
"f5-xc-lab-app" |
namespace | REQUIRED: This is your Volterra Namespace | string |
"app1-dev" |
api_cert | REQUIRED: This is the path to the Volterra API Key. See https://volterra.io/docs/how-to/user-mgmt/credentials | string |
"./creds/api2.cer" |
name | REQUIRED: This is your Distributed Cloud prefix name | string |
"cust-provided" |
stackname | REQUIRED: This is your Distributed Cloud AppStack name | string |
"gcp-app-stack" |
gcp_region_one | REQUIRED: This is your GCP Region One | string |
"us-east4" |
gcp_region_one_zone_a | REQUIRED: This is your GCP Region One Zone A | string |
"us-east4a" |
gcp_region_one_zone_b | REQUIRED: This is your GCP Region One Zone B | string |
"us-east4b" |
gcp_region_one_zone_c | REQUIRED: This is your GCP Region One Zone C | string |
"us-east4c" |
gcp_cidr_one | REQUIRED: This is your GCP Region One cidr | string |
"10.90.0.0/23" |
gcp_subnet_one | REQUIRED: This is your GCP Region One subnet | string |
"10.90.0.0/24" |
gcp_region_two | REQUIRED: This is your GCP Region One | string |
"us-west2" |
gcp_region_two_zone_a | REQUIRED: This is your GCP Region Two Zone A | string |
"us-west2a" |
gcp_region_two_zone_b | REQUIRED: This is your GCP Region Two Zone B | string |
"us-west2b" |
gcp_region_two_zone_c | REQUIRED: This is your GCP Region Two Zone C | string |
"us-west2c" |
gcp_cidr_two | REQUIRED: This is your GCP Region two cidr | string |
"10.90.2.0/23" |
gcp_subnet_two | REQUIRED: This is your GCP Region two subnet | string |
"10.90.2.0/24" |
gcp_region_three | REQUIRED: This is your GCP Region One | string |
"europe-west3" |
gcp_region_three_zone_a | REQUIRED: This is your GCP Region Three Zone A | string |
"us-europe-west3a" |
gcp_region_three_zone_b | REQUIRED: This is your GCP Region Three Zone B | string |
"us-europe-west3b" |
gcp_region_three_zone_c | REQUIRED: This is your GCP Region Three Zone C | string |
"us-europe-west3c" |
gcp_cidr_three | REQUIRED: This is your GCP Region Three cidr | string |
"10.90.4.0/23" |
gcp_subnet_three | REQUIRED: This is your GCP Region three subnet | string |
"10.90.4.0/24" |
gcp_instance_type | REQUIRED: This is your GCP Instance Type | string |
"n1-stnadard-4" |
sshPublicKey | OPTIONAL: ssh public key for instances | string |
"" |
api_p12_file | REQUIRED: This is the path to the Volterra API Key. See https://volterra.io/docs/how-to/user-mgmt/credentials | string |
"./creds/f5-xc-lab-app.console.ves.volterra.io.api-creds.p12" |
sshPublicKeyPath | OPTIONAL: ssh public key path for instances | string |
"./creds/id_rsa.pub" |
api_key | REQUIRED: This is the path to the Volterra API Key. See https://volterra.io/docs/how-to/user-mgmt/credentials | string |
"./creds/api.key" |
delegated_dns_domain | n/a | string |
"user-defined" |
volterra_tf_action | n/a | string |
"apply" |
gateway_type | n/a | string |
"voltstack_cluster" |
api_url | n/a | string |
"https://f5-xc-lab-app.console.ves.volterra.io/api" |
tags | Environment tags for objects | map(string) |
{ |
Deployment
For manual deployment you can do the traditional terraform commands.
terraform init
terraform plan
terraform apply --auto-approve
For auto deployment you can do with the deploy.sh and destroy.sh scripts.
./deploy
./destroy
Troubleshooting
Please refer to the following:
- F5 Distributed Cloud
- Terraform
Support
For support, please open a GitHub issue. Note, the code in this repository is community supported and is not supported by F5 Networks. For a complete list of supported projects please reference SUPPORT.md.
Community Code of Conduct
Please refer to the F5 DevCentral Community Code of Conduct.
License
Copyright
Copyright 2014-2022 F5 Networks Inc.
F5 Networks Contributor License Agreement
Before you start contributing to any project sponsored by F5 Networks, Inc. (F5) on GitHub, you will need to sign a Contributor License Agreement (CLA).
If you are signing as an individual, we recommend that you talk to your employer (if applicable) before signing the CLA since some employment agreements may have restrictions on your contributions to other projects. Otherwise by submitting a CLA you represent that you are legally entitled to grant the licenses recited therein.
If your employer has rights to intellectual property that you create, such as your contributions, you represent that you have received permission to make contributions on behalf of that employer, that your employer has waived such rights for your contributions, or that your employer has executed a separate CLA with F5.
If you are signing on behalf of a company, you represent that you are legally entitled to grant the license recited therein. You represent further that each employee of the entity that submits contributions is authorized to submit such contributions on behalf of the entity pursuant to the CLA.