GCP implementation for the networking lab#6
Merged
rishabkumar7 merged 10 commits intomainfrom Feb 14, 2026
Merged
Conversation
- Added main Terraform configuration for GCP resources. - Created compute module with instances for bastion, web, API, and database servers. - Implemented DNS module for internal DNS management. - Established network module with VPC and subnetwork configurations. - Configured firewall rules with intentional misconfigurations for educational purposes. - Added initialization scripts for each server type to set up necessary software and configurations. - Defined outputs for easy access to important information such as IP addresses and SSH keys. - Included variables for project configuration and resource management.
…add DNS transaction configuration
…ID extraction logic
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds a full GCP-based networking troubleshooting lab to the repo, including Terraform to provision intentionally misconfigured infrastructure plus scripts/docs to deploy, validate, and tear down the environment.
Changes:
- Added Terraform root + modules (network/compute/dns) to provision VPC/subnets/NAT/firewalls/VMs and expose connection outputs.
- Added automation scripts for setup, validation (incident checks + token export), and teardown/cleanup.
- Added a GCP lab README with topology, incidents, workflow, and cleanup steps.
Reviewed changes
Copilot reviewed 24 out of 24 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| gcp/README.md | Lab instructions, incident queue, validation and cleanup workflow |
| gcp/scripts/setup.sh | Preflight + Terraform init/plan/apply + SSH key extraction |
| gcp/scripts/validate.sh | Validates incident fixes via SSH + optional completion token export/verify |
| gcp/scripts/destroy.sh | Terraform destroy plus extra cleanup (firewall/DNS record-sets/SSH key) |
| gcp/terraform/main.tf | Terraform root config: providers + module wiring |
| gcp/terraform/variables.tf | Root variables (project/region/zone/admin username) |
| gcp/terraform/outputs.tf | Connection outputs (IPs, key, instructions) |
| gcp/terraform/transaction.yaml | Cloud DNS transaction/import content (currently not wired in) |
| gcp/terraform/modules/network/main.tf | VPC, subnets, router/NAT |
| gcp/terraform/modules/network/firewall.tf | Firewall rules (incl. intentionally broken rules for incidents) |
| gcp/terraform/modules/network/variables.tf | Network module inputs (CIDRs, region, deployment id) |
| gcp/terraform/modules/network/outputs.tf | Network module outputs (self links) |
| gcp/terraform/modules/network/routes.tf | Placeholder routes file |
| gcp/terraform/modules/compute/main.tf | VM provisioning + SSH key generation + startup scripts |
| gcp/terraform/modules/compute/variables.tf | Compute module inputs (subnet links, admin username, etc.) |
| gcp/terraform/modules/compute/outputs.tf | Compute outputs (IPs + private key) |
| gcp/terraform/modules/compute/templates/bastion-init.sh | Bastion bootstrapping (tools + SSH key + MOTD) |
| gcp/terraform/modules/compute/templates/web-init.sh | Web VM bootstrapping (nginx + SSL + MOTD) |
| gcp/terraform/modules/compute/templates/api-init.sh | API VM bootstrapping (python http.server + MOTD) |
| gcp/terraform/modules/compute/templates/database-init.sh | DB VM bootstrapping (Postgres config + user/db + MOTD) |
| gcp/terraform/modules/dns/main.tf | Private managed zone creation |
| gcp/terraform/modules/dns/variables.tf | DNS module inputs (VM IPs, VPC) |
| gcp/terraform/modules/dns/outputs.tf | DNS module output (zone name) |
| gcp/terraform/modules/dns/records.tf | Placeholder for DNS records |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ommands for better error handling
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 24 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+37
to
+48
| module "compute" { | ||
| source = "./modules/compute" | ||
| project_id = var.project_id | ||
| region = var.region | ||
| zone = var.zone | ||
| deployment_id = random_id.deployment.hex | ||
|
|
||
| vpc_self_link = module.network.vpc_self_link | ||
| public_subnet_link = module.network.public_subnet_link | ||
| private_subnet_link = module.network.private_subnet_link | ||
| database_subnet_link = module.network.database_subnet_link | ||
| } |
There was a problem hiding this comment.
admin_username is defined at the root and used in connection_instructions, but it is never passed into module.compute. This means overriding TF_VAR_admin_username will change the printed SSH username without actually changing the VM usernames/metadata, and the variable is effectively unused for provisioning. Pass admin_username = var.admin_username into module.compute (and preferably output it for scripts) so the username is consistent everywhere.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
… DNS transaction file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces a comprehensive GCP networking lab designed for realistic troubleshooting exercises. It adds Terraform infrastructure, setup and teardown scripts, and detailed documentation. The lab deploys intentionally misconfigured VPC, subnets, VMs, DNS, and firewall rules, and provides incident tickets for users to diagnose and fix. The most important changes are grouped below.
Lab Infrastructure and Automation
setup.shanddestroy.shscripts ingcp/scriptsfor automated deployment and teardown of lab resources, including pre-flight checks, API enabling, SSH key handling, and DNS/firewall cleanup. [1] [2]gcp/terraform/main.tfand module files to provision VPC, subnets, four VMs (bastion, web, API, database), DNS zones, and outputs for connectivity and SSH access. [1] [2] [3]VM Initialization and User Experience
bastion-init.sh,api-init.sh) to install networking tools, set up SSH keys, configure MOTD, and start services for hands-on troubleshooting. [1] [2]Lab Documentation and Workflow
gcp/README.mdwith a network diagram, step-by-step instructions, incident queue (four realistic tickets), validation workflow, and cleanup guidance for users.Encoded References:
[1] [2] [3] [4] [5] [6] [7] [8]