// Module included in the following assemblies: // // * installing/installing_gcp/installing-gcp-user-infra.adoc // * installing/installing_gcp/installing-gcp-user-infra-vpc.adoc ifeval::["{context}" == "installing-gcp-user-infra-vpc"] :shared-vpc: endif::[] :_mod-docs-content-type: PROCEDURE [id="installation-creating-gcp-firewall-rules-vpc_{context}"] = Creating firewall rules in {gcp-short} You must create firewall rules in {gcp-first} for your {product-title} cluster to use. One way to create these components is to modify the provided Deployment Manager template. [NOTE] ==== If you do not use the provided Deployment Manager template to create your {gcp-short} infrastructure, you must review the provided information and manually create the infrastructure. If your cluster does not initialize correctly, you might have to contact Red Hat support with your installation logs. ==== .Prerequisites * Ensure you defined the variables in the _Exporting common variables_ and _Creating load balancers in {gcp-short}_ sections. .Procedure . Copy the template from the *Deployment Manager template for firewall rules* section of this topic and save it as `03_firewall.py` on your computer. This template describes the security groups that your cluster requires. . Create a `03_firewall.yaml` resource definition file: + [source,terminal] ---- $ cat <03_firewall.yaml imports: - path: 03_firewall.py resources: - name: cluster-firewall type: 03_firewall.py properties: allowed_external_cidr: '0.0.0.0/0' <1> infra_id: '${INFRA_ID}' <2> cluster_network: '${CLUSTER_NETWORK}' <3> network_cidr: '${NETWORK_CIDR}' <4> EOF ---- <1> `allowed_external_cidr` is the CIDR range that can access the cluster API and SSH to the bootstrap host. For an internal cluster, set this value to `${NETWORK_CIDR}`. <2> `infra_id` is the `INFRA_ID` infrastructure name from the extraction step. <3> `cluster_network` is the `selfLink` URL to the cluster network. <4> `network_cidr` is the CIDR of the VPC network, for example `10.0.0.0/16`. . Create the deployment by using the `gcloud` CLI: + ifdef::shared-vpc[] [source,terminal] ---- $ gcloud deployment-manager deployments create ${INFRA_ID}-firewall --config 03_firewall.yaml --project ${HOST_PROJECT} --account ${HOST_PROJECT_ACCOUNT} ---- endif::shared-vpc[] ifndef::shared-vpc[] [source,terminal] ---- $ gcloud deployment-manager deployments create ${INFRA_ID}-firewall --config 03_firewall.yaml ---- endif::shared-vpc[] ifeval::["{context}" == "installing-gcp-user-infra-vpc"] :!shared-vpc: endif::[]