Ctrlk

GCP Deployment with Terraform

This guide describes how the BlueRock Secure MCP Server is deployed on Google Compute Engine (GCE) using Terraform.

Terraform scripts are executed from a local machine or CI/CD environment with the Google Cloud SDK (gcloud) initialized. The scripts use the Google Cloud APIs to provision the necessary Compute Engine, Networking, and Storage resources.

Prerequisites

  • Google Cloud CLI tools (gcloud), for installation refer to the official Google Cloud CLI installation guide.

  • Terraform: Version 1.0 or higher installed, for installation refer to the official HashiCorp Terraform guide.

  • BlueRock images: BlueRock provides pre-packaged images of BlueRock Ubuntu 2404 Linux Distribution - (Free or Full version), contact BlueRock support for the images.

    Version
    OS
    Kernel Version
    GCP Image Name

    Free

    Ubuntu 24.04

    6.12.63

    bluerock-release-26-08-0-ubuntu2404-6.12.63-free

    Full

    Ubuntu 24.04

    6.12.63

    bluerock-release-26-08-0-ubuntu2404-6.12.63

BlueRock GCP Architecture Components

A typical deployment on GCP consists of the following resources:

GCP Resource/Service

Description

VPC Network

Provides an isolated virtual network environment in GCP.

Cloud NAT / Router

Enables outbound internet access for private instances without a Public IP.

Compute Engine (GCE)

Runs the BlueRock MCP Server using a hardened Ubuntu image.

Persistent Disk

Provides persistent block storage attached to the GCE instance.

Cloud Storage (GCS)

Stores configuration files and certificates for the BlueRock node.

IAM Service Account

Grants the GCE instance minimal permissions for Logging and Storage.

Cloud Logging

Collects and monitors system and application logs from the node.

Deployment Types

BlueRock GCP deployments support two primary modes based on networking requirements:

  • Public Deployment: The instance is assigned a Public IP and is accessible via SSH restricted by a specific CIDR range.

  • Private Deployment: The instance has no public IP. Access is facilitated through Identity-Aware Proxy (IAP), and outbound connectivity is provided via Cloud NAT.

Deployment Package Overview

Download and Extract Package

Download and extract the BlueRock deployment bluerock_gcp_deployments_scripts.zip package in which a sub-package bluerock-gcp-terraform-26-08.tar.gz refer to the and extract it on your local environment.

Directory Structure

The GCP Terraform scripts follow a hierarchical structure to separate full and free versions:

Parameter Reference

Key variables defined in variables.tf that must be configured in your terraform.tfvars:

Parameter

Description

Required

Example

project_id

The unique ID of your GCP project

Yes

project-1234

region

GCP region for resource deployment

Yes

us-central1

boot_image

The name of the BlueRock Ubuntu image

Yes

bluerock-release-26-08-0-ubuntu2404-6.12.63-free

machine_type

GCE instance type

Yes

e2-standard-2

allow_ip

User's or Admin's desktop IP Address

Yes

xx.xx.xx.xx/32

terraform.tfvars Configuration

By default, the package has terraform.tfvars.example file to configure parameters based on requirements and rename it to terraform.tfvars for quick onboarding.

terraform.tfvars Parameter Reference

The following parameters are defined in the terraform.tfvars file. You must update these values to match your GCP project environment before running the deployment scripts.

Parameter

Description

Required

Example / Default Value

project_id

The unique GCP Project ID where resources will be deployed.

Yes

your-project-id

region

The GCP region for the deployment (e.g., us-central1).

Yes

us-central1

zone

The specific availability zone within the region.

Yes

us-central1-a

prefix

A string prefix used for naming all generated GCP resources.

No

bluerock-free

allow_ip

CIDR range allowed for SSH access to the BlueRock node.

Yes

xx.xx.xx.xx/20 (Use some private network of xx.xx.xx.xx/20)

machine_type

The GCE machine type (vCPU/RAM) for the instance.

Yes

e2-standard-4

boot_image

The name of the pre-baked BlueRock Ubuntu OS image.

Yes

bluerock-release-26-08-0-ubuntu2404-6.12.63-free

existing_network

Existing VPC Network name. Leave empty to create a new one.

Optional

""

existing_subnetwork

Existing Subnetwork name. Leave empty to create a new one.

Optional

""

enable_external_otel

Enables the OpenTelemetry collector for external telemetry.

No

true

existing_bucket_name

Existing GCS bucket name to store configuration/logs.

Optional

""

Configuration Steps for terraform.tfvars

To prepare your environment for deployment, follow these steps to initialize your variables:

  1. Navigate to the appropriate deployment directory. for example: gcp/compute/terraform/ubuntu/PublicDeployment/

  2. Copy the example variables file to a live configuration file:

  1. Edit the terraform.tfvars file and provide your specific project_id and boot_image.

Note:

If you are deploying into an existing network, ensure both existing_network and existing_subnetwork are provided; otherwise, Terraform will attempt to create a new VPC and Subnet.

Terrform Running the Deployment

  1. Navigate to the desired deployment directory (e.g., PublicDeployment).

  2. Initialize:

  3. Plan:

  4. Apply:

Post-Deployment Validation

Check BlueRock Instance

Verify the VM status and retrieve the IP via the gcloud CLI:

Verify Services

SSH into the instance and check the BlueRock control plane status:

View Logs in GCP

To view logs In GCP:

  1. Log in to your GCP account in a browser navigate to Compute Engine > VM Instances.

  2. Select the required instance.

  3. Select Logging.

PreviousGCP Deployment with CLINextAzure Deployments

Last updated