F5 Distributed Cloud > F5 Distributed Cloud Automation - NetOps, DevOps, SecOps and Beyond Source | Edit on
Lab 3: Leveraging Terraform¶
The following lab tasks will guide you through using Terraform to deploy and secure a Web based application. Students will start by creating an authentication certificate within Distributed Cloud that Terraform utilizes for authenticating the API calls. Next, a Tfvars file is created to customize the deployment to match the student’s environment. Terraform will then be used to deploy an HTTP Health Check, Origin Pool, and HTTP Load Balancer. Students will then modify and apply the Terraform configuration to add a Web Application Firewall to their existing HTTP Load Balancer. Finally, Terraform will be used to tear down everything it created in this lab.
Expected Lab Time: 20 minutes
Task 1: Deploy a Web Application with Terraform¶
In this task, you will create an API Certificate for Terraform to authneticate to the Distributed Cloud API. Next, you will create a Tfvars file to specify environment variables unique to your environment. After the Tfvars file is created, you will intialize Terraform and then deploy an HTTP Health Check, Origin Pool, and HTTP Load Balancer.
This lab will begin back in the Windows 10 client deployed as part of the UDF.
Create API Certificate from the Distributed Cloud Console |
---|
|
|
|
|
|
|
Note Use a password that you will remember for the certificate, if you don’t remember your API cert password, you will need to generate a new API cert. |
Set Windows Environment Variables for Terraform to Utilize |
---|
|
copy c:\Users\labuser\Downloads\f5-xc-lab-app.console.ves.volterra.io.api-creds.p12 c:\Users\labuser\xc-api-cert.p12
|
setx VES_P12_PASSWORD "<some_password>"
|
|
Open the Pre-Created Terraform Code in Visual Studio Code |
---|
|
|
c:\Users\labuser\appworld-f5xc-automation\Terraform
Note You may see a pop up window that says “Do you trust the authors of the files in this folder?” If you see this pop up, click “Yes, I trust the authors” |
Create a tfvars File for Specifying Environment Specific Variables |
---|
|
api_p12 = "c:/Users/labuser/xc-api-cert.p12"
tenant_name = "f5-xc-lab-app"
namespace = "<namespace>"
|
|
Initialize, Plan, and Apply Your Terraform Code |
---|
|
terraform init
|
|
terraform plan
|
|
terraform apply
|
|
|
Verify the Demo Shop App is Accessible Via a Web Browser |
---|
Note This illustrates that you are able to configure the delivery of an application via the Distributed Cloud API utilizing Terraform. |
Task 2: Create & Attach WAF Policy¶
In this task, you will modify your Terraform configuration to create and apply an Application Firewall policy with the default settings. Since Terraform tracks state, the apply command is used to modify the required existing objects within Distributed Cloud.
Edit Your Terraform Code to Create an Application Firewall and Add It to the Load Balancer |
---|
|
# Create WAF Policy
resource "volterra_app_firewall" "waf" {
name = "${var.namespace}-appfw"
namespace = var.namespace
allow_all_response_codes = true
default_anonymization = true
use_default_blocking_page = true
default_bot_setting = true
default_detection_settings = true
use_loadbalancer_setting = true
blocking = true
}
|
# WAF Config
app_firewall {
name = volterra_app_firewall.waf.name
namespace = var.namespace
}
Note The WAF Config should be indented two spaces under the Load Balancer configuration to maintain nesting style conventions. |
|
Plan and Apply Your New Terraform Code to Create an Application Firewall and Associate It to Your LB |
---|
terraform plan
|
|
terraform apply
|
|
|
Verify the Application Firewall was Created and Applied Within the Distributed Cloud Console |
---|
|
|
|
|
|
|
|
Task 3: Destroy the Terraform Objects¶
In this task, you will use Terraform to destroy the HTTP Health Check, Origin Pool, HTTP Load Balancer, and Web Application Firewall Policy that was created in Tasks 1 & 2.
Delete Distributed Cloud Objects Utilizing Terraform Destroy |
---|
|
terraform destroy
|
|
|
End of Lab 3 |
---|
This concludes Lab 3. In this lab, you learned how to setup Terraform to authenticate to to Distributed Cloud utilizing an API Certificate. You then created a Tfvars file to customize the deployment to match your environment. After that, you used Terraform to deploy an HTTP Health Check, Origin Pool, and HTTP Load Balancer. The Terraform configuration was then modified to create a Web Application Firewall policy and apply it to the HTTP Load Balancer. Finally, Terraform was used to destroy all of the objects created in this lab. A brief presentation and demo will be shared prior to the conclusion of this class. |