GCP Deployment with Terraform
This guide describes how the BlueRock Secure MCP Server is deployed on Google Compute Engine (GCE) using Terraform.
Terraform scripts are executed from a local machine or CI/CD environment with the Google Cloud SDK (gcloud) initialized. The scripts use the Google Cloud APIs to provision the necessary Compute Engine, Networking, and Storage resources.
Prerequisites
Google Cloud CLI tools (
gcloud), for installation refer to the official Google Cloud CLI installation guide.Terraform: Version
1.0or higher installed, for installation refer to the official HashiCorp Terraform guide.BlueRock images: BlueRock provides pre-packaged images of BlueRock Ubuntu 2404 Linux Distribution - (Free or Full version), contact BlueRock support for the images.
VersionOSKernel VersionGCP Image NameFree
Ubuntu 24.04
6.12.63
bluerock-release-26-08-0-ubuntu2404-6.12.63-free
Full
Ubuntu 24.04
6.12.63
bluerock-release-26-08-0-ubuntu2404-6.12.63
BlueRock GCP Architecture Components
A typical deployment on GCP consists of the following resources:
GCP Resource/Service
Description
VPC Network
Provides an isolated virtual network environment in GCP.
Cloud NAT / Router
Enables outbound internet access for private instances without a Public IP.
Compute Engine (GCE)
Runs the BlueRock MCP Server using a hardened Ubuntu image.
Persistent Disk
Provides persistent block storage attached to the GCE instance.
Cloud Storage (GCS)
Stores configuration files and certificates for the BlueRock node.
IAM Service Account
Grants the GCE instance minimal permissions for Logging and Storage.
Cloud Logging
Collects and monitors system and application logs from the node.
Deployment Types
BlueRock GCP deployments support two primary modes based on networking requirements:
Public Deployment: The instance is assigned a Public IP and is accessible via SSH restricted by a specific CIDR range.
Private Deployment: The instance has no public IP. Access is facilitated through Identity-Aware Proxy (IAP), and outbound connectivity is provided via Cloud NAT.
Deployment Package Overview
Download and Extract Package
Download and extract the BlueRock deployment bluerock_gcp_deployments_scripts.zip package in which a sub-package bluerock-gcp-terraform-26-08.tar.gz refer to the and extract it on your local environment.
Directory Structure
The GCP Terraform scripts follow a hierarchical structure to separate full and free versions:
Parameter Reference
Key variables defined in variables.tf that must be configured in your terraform.tfvars:
Parameter
Description
Required
Example
project_id
The unique ID of your GCP project
Yes
project-1234
region
GCP region for resource deployment
Yes
us-central1
boot_image
The name of the BlueRock Ubuntu image
Yes
bluerock-release-26-08-0-ubuntu2404-6.12.63-free
machine_type
GCE instance type
Yes
e2-standard-2
allow_ip
User's or Admin's desktop IP Address
Yes
xx.xx.xx.xx/32
terraform.tfvars Configuration
terraform.tfvars ConfigurationBy default, the package has terraform.tfvars.example file to configure parameters based on requirements and rename it to terraform.tfvars for quick onboarding.
terraform.tfvars Parameter Reference
terraform.tfvars Parameter ReferenceThe following parameters are defined in the terraform.tfvars file. You must update these values to match your GCP project environment before running the deployment scripts.
Parameter
Description
Required
Example / Default Value
project_id
The unique GCP Project ID where resources will be deployed.
Yes
your-project-id
region
The GCP region for the deployment (e.g., us-central1).
Yes
us-central1
zone
The specific availability zone within the region.
Yes
us-central1-a
prefix
A string prefix used for naming all generated GCP resources.
No
bluerock-free
allow_ip
CIDR range allowed for SSH access to the BlueRock node.
Yes
xx.xx.xx.xx/20 (Use some private network of xx.xx.xx.xx/20)
machine_type
The GCE machine type (vCPU/RAM) for the instance.
Yes
e2-standard-4
boot_image
The name of the pre-baked BlueRock Ubuntu OS image.
Yes
bluerock-release-26-08-0-ubuntu2404-6.12.63-free
existing_network
Existing VPC Network name. Leave empty to create a new one.
Optional
""
existing_subnetwork
Existing Subnetwork name. Leave empty to create a new one.
Optional
""
enable_external_otel
Enables the OpenTelemetry collector for external telemetry.
No
true
existing_bucket_name
Existing GCS bucket name to store configuration/logs.
Optional
""
Configuration Steps for terraform.tfvars
terraform.tfvars To prepare your environment for deployment, follow these steps to initialize your variables:
Navigate to the appropriate deployment directory. for example:
gcp/compute/terraform/ubuntu/PublicDeployment/Copy the example variables file to a live configuration file:
Edit the
terraform.tfvarsfile and provide your specificproject_idandboot_image.
Note:
If you are deploying into an existing network, ensure both
existing_networkandexisting_subnetworkare provided; otherwise, Terraform will attempt to create a new VPC and Subnet.
Terrform Running the Deployment
Navigate to the desired deployment directory (e.g.,
PublicDeployment).Initialize:
Plan:
Apply:
Post-Deployment Validation
Check BlueRock Instance
Verify the VM status and retrieve the IP via the gcloud CLI:
Verify Services
SSH into the instance and check the BlueRock control plane status:
View Logs in GCP
To view logs In GCP:
Log in to your GCP account in a browser navigate to Compute Engine > VM Instances.
Select the required instance.
Select Logging.

Last updated