cancel
Showing results for 
Search instead for 
Did you mean: 
Jeff_Giroux
F5 Employee
F5 Employee

The BIG-IP Public Cloud team has developed many solutions over the years to enable customers to easily deploy BIG-IP with a few steps. In the first article of this series, I discussed the differences between the v1 and v2 BIG-IP Cloud Solution Templates for public cloud. In this article, I plan to cover how-to deploy BIG-IP services into a Google Cloud new network stack.

How-to v2 Quickstart Example: BIG-IP on Google Cloud with New Network Stack

The following section will be a walkthrough with steps to deploy BIG-IP in GCP using the Quickstart example with a new network stack. You can use the same techniques in order to copy the templates, modify as needed, and deploy in your environment.

Jeff_Giroux_0-1650986814579.png

Clone GitHub Repository

1. Navigate to GitHub repo for v2 BIG-IP GDM templates

2. Select the "Code" button and copy the HTTPS address

Jeff_Giroux_0-1650947864747.png

3. Open a terminal (ex. Visual Studio Code) and clone the repository

cd ~/Desktop
git clone https://github.com/F5Networks/f5-google-gdm-templates-v2.git

Modify Parameters - New Stack

For this section, I will deploy BIG-IP with a new network stack in GCP. The result will be the following:

    • 4x New VPCs: mgmt, external, internal, app (and related components)
    • Application instance running docker, container=f5devcentral/f5-demo-app:latest
    • BIG-IP instance, version=16.1.2.2
    • 4x CPU, 3-NICs
    • Using runtime-init-conf-3nic-payg-with-app.yaml from examples in F5 GitHub repo
    • BIG-IP system, network, application, and WAF configurations

Here we go!

Note: For demo purposes of this article, we will use a tagged version of the repo to maintain article consistency with code.

1. From your terminal, set DEPLOYMENT_NAME, set CONFIG_FILE, and change folders

DEPLOYMENT_NAME=giroux-bigip-new
CONFIG_FILE=sample_quickstart.yaml

cd f5-google-gdm-templates-v2/examples/quickstart
git checkout tags/v2.4.0.0

2. Review the entire README for instructions and prerequisites

3. Edit the file sample_quickstart.yaml

# sample_quickstart.yaml - BIG-IP with new stack
# Note: Commented and some Optional lines were removed from
#       the yaml below. This keeps the code block small
#       for easier illustration purposes.

imports:
  - path: quickstart.py
  - path: ../modules/application/application.py
  - path: ../modules/bastion/bastion.py
  - path: ../modules/bigip-standalone/bigip_standalone.py
  - path: ../modules/dag/dag.py
  - path: ../modules/network/network.py
resources:
  - name: quickstart-py
    properties:
      bigIpImageName: f5-bigip-16-1-2-2-0-0-28-payg-best-plus-1gbps-220505081153
      bigIpRuntimeInitConfig: >-
        https://raw.githubusercontent.com/F5Networks/f5-google-gdm-templates-v2/v2.4.0.0/examples/quickstart/bigip-configurations/runtime-init-conf-3nic-payg-with-app.yaml
      numNics: 3
      owner: giroux
      provisionPublicIp: true
      region: us-west1
      restrictedSrcAddressApp: [0.0.0.0/0]
      restrictedSrcAddressMgmt: [0.0.0.0/0]
      uniqueString: giroux123
      zone: us-west1-a
    type: quickstart.py

Deploy the BIG-IP - New Stack

1. From your terminal, launch the GDM template

gcloud deployment-manager deployments create ${DEPLOYMENT_NAME} --config ${CONFIG_FILE}
# Sample Output
The fingerprint of the deployment is b's2KjL3L6B3NaZl_r0357sQ=='
Waiting for create [operation-1650990003719-5dd9110b30bfc-32269218-fee350de]...done.              
Create operation operation-1650990003719-5dd9110b30bfc-32269218-fee350de completed successfully.

NAME                         TYPE             STATE      ERRORS  INTENT
giroux123-app-int-fw         compute.v1.firewall  COMPLETED  []
giroux123-app-subnet         compute.v1.subnetwork  COMPLETED  []
giroux123-app-vip-fw         compute.v1.firewall  COMPLETED  []
giroux123-application-vm-01  compute.v1.instance  COMPLETED  []
giroux123-bigip-vm-01-ti     compute.v1.targetInstance  COMPLETED  []
giroux123-bigip-vm-01        compute.v1.instance  COMPLETED  []
giroux123-ext-network        compute.v1.network  COMPLETED  []
giroux123-ext-subnet         compute.v1.subnetwork  COMPLETED  []
giroux123-fr-01              compute.v1.forwardingRule  COMPLETED  []
giroux123-http-hc            compute.v1.healthCheck  COMPLETED  []
giroux123-https-hc           compute.v1.healthCheck  COMPLETED  []
giroux123-int-network-02     compute.v1.network  COMPLETED  []
giroux123-int-subnet-02      compute.v1.subnetwork  COMPLETED  []
giroux123-mgmt-fw            compute.v1.firewall  COMPLETED  []
giroux123-mgmt-network       compute.v1.network  COMPLETED  []
giroux123-mgmt-subnet        compute.v1.subnetwork  COMPLETED  []
giroux123-tcp-hc             compute.v1.healthCheck  COMPLETED  []

Validating the Deployment

See the "Validating the Deployment" section or the "Further Exploring" section in the Quickstart README file for more validation commands.

1. Retrieve the parent template outputs

2. Copy the values for bigIpManagementPublicIp and vip1PublicIp

gcloud deployment-manager manifests describe --deployment=${DEPLOYMENT_NAME} --format="value(layout)" | yq .resources[0].outputs
# Sample Output
...snippet
- finalValue: 35.230.75.234
  name: bigIpManagementPublicIp

...snippet...
- finalValue: 34.127.104.242
  name: vip1PublicIp

SSH to BIG-IP and Review Logs

1. Access BIG-IP and enter bash mode (value from bigIpManagementPublicIp)

ssh admin@35.230.75.234 -i ~/.ssh/id_rsa

admin@(giroux123-bigip1)(Standalone)(Active)(/Common)(tmos)# bash
[admin@giroux123-bigip1:Active:Standalone] ~ #

2. Review BIG-IP Runtime Init onboard logs

[admin@giroux123-bigip1:Active:Standalone] ~ # cat /var/log/cloud/bigIpRuntimeInit.log

# Sample Output
...snippet...
2022-04-26T16:30:20.440Z [19059]: info: Executing inline shell command: tmsh save sys config
2022-04-26T16:30:27.075Z [19059]: info: Shell command: tmsh save sys config execution completed; response: Saving running configuration...
...snippet...
 - saving ...done

2022-04-26T16:30:27.076Z [19059]: info: Initializing telemetryClient
2022-04-26T16:30:27.657Z [19059]: info:         ...snippet...
2022-04-26T16:30:27.721Z [19059]: info: Sending f5-teem report
2022-04-26T16:30:27.726Z [19059]: info: All operations finished successfully

Testing the Application and WAF

The following tests will work if you deploy the BIG-IP with Layer 4-7 settings. For my demo settings, the "new stack" creates an app server and adds a BIG-IP listener with WAF policy. You can still POST an AS3 declaration to the BIG-IP, or you can login manually and create a pool and listener. Check out the F5 AS3 Docs for more example declarations!

1. From your local machine, curl the demo application (value from vip1PublicIp)

curl http://34.127.104.242 -I
# Sample Output
HTTP/1.1 200 OK
...snippet...
Set-Cookie: BIGipServer~Tenant_1~Shared~Shared_Pool=xxxx; path=/; Httponly
Set-Cookie: TS01aa0884=xxxx; Path=/

2. Perform a security violation by sending a disallowed 'method' of DELETE

curl http://34.127.104.242 -X DELETE
# Sample Output
<html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: 9487250596978229314<br><br><a href='javascript&colon;history.back();'>[Go Back]</a></body></html>

Delete and Clean Up

1. Delete the deployment

gcloud deployment-manager deployments delete ${DEPLOYMENT_NAME} -q

Summary

This article shows you how to use the BIG-IP Cloud Solution Templates to easily deploy services and BIG-IP in Google Cloud. I use sample configurations in this article to deploy a BIG-IP device with a new network stack and a demo application server. I then show you how to validate the deployment, review onboard logs, and test the application. This Quickstart example is an easy way to have your applications protected by BIG-IP and running on Google Cloud. Make sure to check out the other examples in the GitHub repository for scenarios like active/standby or autoscale.

Resources

Article Series

Version history
Last update:
‎16-Aug-2022 11:29
Updated by:
Contributors