Skip to content

Latest commit

 

History

History

cloud_credential

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
terraform.tfvars.example
terraform.tfvars.example
 
 
variables.tf
variables.tf
 
 

README.md

Create an F5 Distributed Cloud GCP Cloud Credential

This example demonstrates how to use the module with Google and Volterra providers to create an F5 Distributed Cloud custom IAM role in a project, and assign it to a new service account, and embed the service account credentials into an XC Cloud Credential.

NOTE: This example will embed the service account JSON key as plaintext in XC and in Terraform state. You can choose to use my unofficial F5XC provider to blindfold the secret before sending to XC, but the JSON key will remain stored as plaintext in Terraform state. See Blindfold Cloud Credential for example usage.

For production use you should create the split this action into two phases and use Blindfold to encrypt the JSON credentials offline. See https://docs.cloud.f5.com/docs/services/app-stack/secrets-management for more information.

Example tfvars file

  • Create the custom role with randomly generated identifier with prefix f5_xc_ in project my-project-id
  • Create a service account named f5-xc@my-project-id.iam.gserviceaccount.com and attach the custom role
  • Create an F5 XC Cloud Credential named f5-xc in your tenant that holds the service account credentials
project_id = "my-project-id"
name = "f5-xc"

Prerequisites

  • Google Cloud project
  • Appropriate IAM roles in the project
    • Create and manage IAM roles
    • Create and manage service account
  • Appropriate roles to create Cloud Credential in an F5 XC tenant

Resources created

  • Custom F5 Distributed Cloud IAM role created in the project
  • Service account with binding to custom IAM role and JSON authentication key
  • F5 XC Cloud Credential for GCP

Requirements

Name Version
terraform >= 1.3
google >= 4.58
volterra >= 0.11

Modules

Name Source Version
role memes/f5-distributed-cloud-role/google 1.0.9

Resources

Name Type
google_project_iam_member.sa resource
google_service_account.sa resource
google_service_account_key.sa resource
volterra_cloud_credentials.xc resource

Inputs

Name Description Type Default Required
name The name to assign to the created service account and Cloud Credential resources. string n/a yes
project_id The identifier of the Google Cloud project that will contain the custom role. string n/a yes

Outputs

Name Description
cloud_credential The unique name of the GCP Cloud Credential in your F5 XC tenant.
qualified_role_id The qualified role-id for the custom F5 Distributed Cloud role.