Manage F5 BIG-IP FAST with Terraform (Part 2 - Create HTTPS application)

Here we will use F5 BIG-IP FAST Terraform resources to create HTTPS application.

Certificate and key will be uploaded using specific Terraform resources and used in F5 BIG-IP FAST Terraform resource as existing items in F5 BIG-IP device configuration.

 

Table of Content

 

Workflow for creating HTTPS application with certificate and key files (app4.crt and app4.key) available in the folder.

First, create 5 files:

  • main.tf
  • variables.tf
  • inputs.auto.tfvars
  • outputs.tf
  • providers.tf

 

variables.tf

variable bigip {}
variable bigip {}
variable username {}
variable password {}

 

inputs.auto.tfvars

bigip = "10.1.1.9:443"
username = "admin"
password = "yYyYyYy"

 

providers.tf

terraform {
  required_providers {
    bigip = {
      source = "F5Networks/bigip"
      version = ">= 1.16.0"
    }
  }
}
provider "bigip" {
  address  = var.bigip
  username = var.username
  password = var.password
}

 

main.tf

resource "bigip_ssl_certificate" "app4crt" {
  name      = "app4.crt"
  content   = file("app4.crt")
  partition = "Common"
}

resource "bigip_ssl_key" "app4key" {
  name      = "app4.key"
  content   = file("app4.key")
  partition = "Common"
}

resource "bigip_fast_https_app" "this" {
  application               = "myApp4"
  tenant                    = "scenario4"
  virtual_server            {
    ip                        = "10.1.10.224"
    port                      = 443
  }
  tls_server_profile {
    tls_cert_name             = "/Common/app4.crt"
    tls_key_name              = "/Common/app4.key"
  }
  pool_members  {
    addresses                 = ["10.1.10.120", "10.1.10.121", "10.1.10.122"]
    port                      = 80
  }
  snat_pool_address = ["10.1.10.50", "10.1.10.51", "10.1.10.52"]
  load_balancing_mode       = "least-connections-member"
  monitor       {
    send_string               = "GET / HTTP/1.1\\r\\nHost: example.com\\r\\nConnection: Close\\r\\n\\r\\n"
    response                  = "200 OK"
  }
  depends_on          = [bigip_ssl_certificate.app4crt, bigip_ssl_key.app4key]
}

 

outputs.tf

output "configJSON" {
  value   = bigip_fast_http_app.this
  sensitive = true
}

 

here is how run it:

$ terraform init -upgrade
$ terraform plan -out scenario4
$ terraform apply "scenario4"

 

 

 

Demo Video

 

 

Resources

Terraform Registry documentation
F5 BIG-IP Terraform Provider
Lab guide

 

Article Series

Manage F5 BIG-IP FAST with Terraform (Intro)
Manage F5 BIG-IP FAST with Terraform (Part 1 - Create multiple HTTP applications in the same tenant)
Manage F5 BIG-IP FAST with Terraform (Part 2 - Create HTTPS application)
Manage F5 BIG-IP FAST with Terraform (Part 3 - Manage multiple AWAF policies based on HTTP criteria)
Manage F5 BIG-IP FAST with Terraform (Part 4 - Manage Canary testing of AWAF policies)
Published Nov 28, 2022
Version 1.0
application delivery
No CommentsBe the first to comment