Creating GCP VPC

In this exercise we will create a GCP VPC using the GCP Cloud Shell BASH Cloud Console and terraform. Please see the following for more information about using Terraform from Google Cloud Shell: https://www.hashicorp.com/blog/kickstart-terraform-on-gcp-with-google-cloud-shell


Exercise 1: Launch Google Cloud Shell

  1. From your Google Console launch the Cloud Shell (top right of screen).

    Welcome to Cloud Shell! Type "help" to get started.
Your Cloud Platform project in this session is set to [PROJECT ID].
Use “gcloud config set project [PROJECT_ID]” to change to a different project.
eric_chen@cloudshell:~ ([PROJECT ID])$

  2. First you will need to follow the directions from: https://www.volterra.io/docs/reference/cloud-cred-ref/gcp-vpc-pol-reference

    Note

    You may need to also add the additional permissions.

    gcloud iam roles update volt_gcp_vpc_role --project=[PROJECT ID]  --add-permissions=compute.regionOperations.get
gcloud iam roles update volt_gcp_vpc_role --project=[PROJECT ID]  --add-permissions=compute.instanceTemplates.useReadOnly
gcloud iam roles update volt_gcp_vpc_role --project=[PROJECT ID]  --add-permissions=compute.regionBackendServices.create
gcloud iam roles update volt_gcp_vpc_role --project=[PROJECT ID]  --add-permissions=compute.healthChecks.useReadOnly
gcloud iam roles update volt_gcp_vpc_role --project=[PROJECT ID]  --add-permissions=compute.instanceGroups.use
gcloud iam roles update volt_gcp_vpc_role --project=[PROJECT ID]  --add-permissions=compute.regionBackendServices.get
gcloud iam roles update volt_gcp_vpc_role --project=[PROJECT ID]  --add-permissions=compute.regionBackendServices.delete
gcloud iam roles update volt_gcp_vpc_role --project=[PROJECT ID]  --add-permissions=compute.regionBackendServices.use

  3. You will next need to download a copy of the lab files.

  4. Run the command git clone https://github.com/f5devcentral/f5-volterra-labs-101

    eric_chen@cloudshell:~ ([PROJECT ID])$ git clone https://github.com/f5devcentral/f5-volterra-labs-101
Cloning into 'f5-volterra-labs-101'...
remote: Enumerating objects: 494, done.
remote: Counting objects: 100% (494/494), done.
remote: Compressing objects: 100% (323/323), done.
remote: Total 2092 (delta 267), reused 360 (delta 169), pack-reused 1598
Receiving objects: 100% (2092/2092), 12.14 MiB | 28.99 MiB/s, done.
Resolving deltas: 100% (1100/1100), done.

  5. Next change to the “f5-volterra-labs-101/networking/gcp” directory.

  6. Run terraform init to load the necessary terraform modules.

  7. You will need to configure the terraform. Use the built-in editor by running the command vi terraform.tfvars

  8. Add the following information (replace with relevant information).

    prefix  = "[unique prefix]"
region  = "[preferred GCP region]"
project = "[PROJECT ID]"

  9. Run terraform apply -auto-approve to build out your VPC.


Exercise 2: Create F5 Distributed Cloud GCP Cloud Credential

  1. From Google Cloud Shell export the key for the service ID that you created previously.

    $ gcloud iam service-accounts keys create --iam-account eric-chen-volterra-sa@[PROJECT ID].iam.gserviceaccount.com key.json
$ cat key.json

  2. In Distributed Cloud Console and switch to the Cloud and Edge Sites context. It can be access either from the Home page or an internal page.

  3. Navigate to “Manage” -> “Site Management” -> “Cloud Credentials”.

  4. Click on “Add Cloud Credential”

  5. For the name enter “[unique name]-gcp”.

  6. For the Cloud Credential Type: “GCP Credentials”

  7. For the Secret value enter the contents of the “key.json” file that you created earlier

  8. Click on “Blindfold”