Creating subnets

Create a subnet for setting up VSP One SDS Block.

If you already created a subnet satisfying the following conditions, no more subnets need to be created because you can use the subnet for setting up VSP One SDS Block.

If you use an existing subnet, the number of characters must be from 1 to 63.
Each subnet for control network, internode network, and compute network is set with the required IP address range.
- For the IP address range for the control network subnet, set a range of IPv4 addresses sufficient to create storage nodes (or tiebreaker node), controller nodes, and load balancers.
- For the IP address range for the internode network subnet, set a range of IPv4 addresses sufficient to create storage nodes (or tiebreaker node).
- For the IP address range for the compute network subnet, set a range of IPv4 addresses sufficient to create storage nodes and a compute node.
  
  To use a combination of IPv4 and IPv6 addresses (dual stack), also set a range of IPv6 addresses sufficient to create storage nodes and a compute node.
Communication between the control network subnet and its outside is allowed.
Communication between the internode network subnet and its outside is not allowed.
To mitigate security risks, each subnet for control network, internode network, and compute network is a private subnet.
Private Google Access is set as enabled.
When placing a compute node in the VPC or subnet different from the VPC or subnet for compute network, communication between the compute network subnet and the VPC and subnet in which a compute node is to be placed must be allowed.
To perform remote copy (by using the Universal Replicator function) with a storage system placed in a network different from that for the subnet of VSP One SDS Block compute network, communication between the network for the compute network subnet and the network in which the storage system is installed must be allowed.
In the case of Multi-Zone configuration, the following subnets are created in each Zone.
- For Zone in which storage nodes are to be installed: Control network subnet, internode network subnet, compute network subnet
- For Zone in which tiebreaker node is to be installed: Control network subnet, internode network subnet
In the case of Multi-Zone configuration, communication between subnets of the same type in each Zone is allowed.
Various communications are allowed in each virtual network firewall conforming to TCP/UDP port numbers required for communication and Setting Cloud Next Generation Firewall.

Log in with a Google account that meets the conditions described in Google account permissions.
Log in to the VM (for example, Cloud Shell) that allows for running gcloud CLI and Terraform.
Place the template files for creating subnets (SubnetConfiguration) in any empty directory of the VM, and then unzip it.
The command to copy a file existing in a bucket to a VM is as follows:
```
gsutil cp gs://[bucket-name]/[file-path] .
```
Note:
Run the terraform command in the directory in which a cloud configuration file package is located in the succeeding steps. This directory in which a cloud configuration file package is located is called the Terraform working directory.

The Terraform working directory contains terraform template files (SubnetConfiguration), packages, and subnet control information.

If you create multiple subnets, create an empty working directory for each subnet.

Among the extracted template files, edit two files, backend.auto.tfvars and terraform.tfvars.

Edit the following parameters for each file.

backend.auto.tfvars

Item name	Setting
bucket	Bucket name of Cloud Storage in which a terraform state file is to be stored. Setting requirements are as follows: Do not add a slash ("/") at the end.
prefix	Folder name of Cloud Storage in which a terraform state file is to be stored. Specify the folder created beforehand. When creating multiple subnets, specify an empty folder for each subnet. Setting requirements are as follows: Do not add a slash ("/") at the end. No file exists in the specified folder.

Item name

Setting

bucket

Bucket name of Cloud Storage in which a terraform state file is to be stored.

Setting requirements are as follows:

Do not add a slash ("/") at the end.

prefix

Folder name of Cloud Storage in which a terraform state file is to be stored. Specify the folder created beforehand.

When creating multiple subnets, specify an empty folder for each subnet.

Setting requirements are as follows:

Do not add a slash ("/") at the end.
No file exists in the specified folder.

terraform.tfvars

Item name	Setting
namePrefix	Prefix assigned to the name of the subnet. Setting requirements are as follows: The number of characters must be from 1 to 43. Characters must be lowercase alphabetical characters, numbers, and symbols ("-"). The first character must be lowercase alphabetical.
project	ID of the project in which the subnet is to be created. Be careful not to specify a project name.
region	Name of the region in which the subnet is to be created.
controlNetworkName	Name of the virtual control network for which the subnet is to be created. Setting requirements are as follows: The number of characters must be from 1 to 62.
internodeNetworkName	Name of the virtual internode network for which the subnet is to be created. Setting requirements are as follows: The number of characters must be from 1 to 62.
computeNetworkName	Name of the virtual compute network for which the subnet is to be created. Setting requirements are as follows: The number of characters must be from 1 to 62.
controlSubnetIPv4CidrBlock	CIDR block for IPv4 addresses of a control subnet. Setting requirements are as follows: The number of characters must be from 9 to 18. The CIDR block format must be used.
controlNetworkAllowedIpv4AddCidrBlocks	List of CIDR blocks for IPv4 addresses to be allowed to access a control subnet. Setting requirements are as follows: If no IPv4 addresses are to be allowed, specify an empty array ([]). If you add IPv4 addresses to be allowed, specify them in the CIDR block format delimited by a comma "," (if you specify multiple addresses).
internodeSubnetIPv4CidrBlock	CIDR block for IPv4 addresses of an internode subnet. Setting requirements are as follows: The number of characters must be from 9 to 18. The CIDR block format must be used.
computeSubnetIPv4CidrBlock	CIDR block for IPv4 addresses of a compute subnet. Setting requirements are as follows: The number of characters must be from 9 to 18. The CIDR block format must be used.
computeNetworkAllowedIpv4AddCidrBlocks	List of CIDR blocks for IPv4 addresses to be allowed to access a compute subnet. Setting requirements are as follows: If no IPv4 addresses are to be allowed, specify an empty array ([]). If you add IPv4 addresses to be allowed, specify them in the CIDR block format delimited by a comma "," (if you specify multiple addresses).
computeNetworkAllowedIpv6AddCidrBlocks	List of CIDR blocks for IPv6 addresses to be allowed to access a compute subnet. Setting requirements are as follows: If no IPv6 addresses are to be allowed, specify an empty array ([]). If you add IPv6 addresses to be allowed, specify them in the CIDR block format.
computeSubnetIPv6Type	Access type of IPv6 addresses of a compute subnet. Setting requirements are as follows: If you use IPv6 addresses, set "Internal." If you do not use IPv6 addresses, set an empty string ("").

For conditions other than those indicated in this table, see Terraform and Google Cloud documentation.

Run the following command in the directory in which the template files exists.
```
terraform init -backend-config="backend.auto.tfvars"
```
Verify that Terraform has been successfully initialized! is displayed.

Also, verify that a file whose name is default.tfstate has been created in the Cloud Storage bucket that you specified for backend.auto.tfvars.
Confirm the changes accompanying creation of a subnet based on the information of the terraform.tfvars file.
Run the following command to confirm the changes.
```
terraform plan
```
If Plan: x to add, y to change, z to destroy. is displayed and no error is output after running the command, there is no problem. The number of resources to be added is shown in x, the number of resources to be changed is shown in y, and the number of resources to be deleted is shown in z.

If entry is prompted or an error is output in the middle of processing, review the template files.
Note:
In some cases of running the command, the beginning of the displayed output might not be visible because a large number of output lines cannot fit in a single screen. To view all the output contents, try output to a text file, for example.
If there is no problem as a result of confirmation by using the terraform plan command, create a subnet.
1. Run the following command.
```
terraform apply
```
2. When Enter a value: is displayed after running the command, enter yes.
  If Apply complete! is output after running the command, creation of a subnet has been completed.
  Note:
  - If Cloud Shell is disconnected or the window is inadvertently closed while a subnet is being created, you can confirm the latest result by using the terraform output command.
  - If the terraform apply command results in failure, creation of the subnet might have resulted in unnecessary resources. Verify that there is no problem with the template files and other items, and then run the terraform apply command again.

Confirm the created subnet from the VPC network of Google Cloud.

The character string you set for namePrefix is to be used as a name prefix of the following resources.

Resource	Name
Control subnet	<`namePrefix`>-control-subnet
Internode subnet	<`namePrefix`>-internode-subnet
Compute subnet	<`namePrefix`>-compute-subnet
Control network firewall rule	<`namePrefix`>-control-fw-rule1 to 7
Internode network firewall rule	<`namePrefix`>-internode-fw-rule 1 to 4
Compute network firewall rule	<`namePrefix`>-compute-fw-rule 1 to 12

Note:

<namePrefix>-control-fw-rule 2 and 6 are created when controlNetworkAllowedIpv4AddCidrBlocks is specified.

<namePrefix>-compute-fw-rule 3 and 11 are created when computeNetworkAllowedIpv4AddCidrBlocks is specified.

<namePrefix>-compute-fw-rule 2, 6, 8, and 10 are created when ulaInternalIpv6Range is specified for virtual network creation or automatically assigned.

<namePrefix>-compute-fw-rule 4 and 12 are created when computeNetworkAllowedIpv6AddCidrBlocks is specified (in addition to when ulaInternalIpv6Range is specified for virtual network creation or automatically assigned).

Firewall rules of the numbers other than those mentioned earlier are created with no condition.
Do not set resource type names such as "subnet" for namePrefix.

For example, setting resource type names such as "subnet" for namePrefix generates "subnet-control-fw-rule" because creating a subnet also creates a network firewall rule.
Firewall rules that depend on a user environment are not created. Accordingly, if firewall rules are insufficient, set firewall rules for each virtual network according to TCP/UDP port numbers required for communication and Setting Cloud Next Generation Firewall.

This completes subnet creation.