For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Create an HTTPS Origin based on private IP for VoltMesh

Problem this snippet solves:

How to create an HTTPS Origin that could be used in a VoltMesh HTTP or HTTPS Load-Balancer.

This Origin is based on a private IP that can be reached with a Volterra node deployed on the same site as the ressource.

How to use this snippet:

Pre-requirements:

    openssl pkcs12 -info -in certificate.p12 -out private_key.key -nodes -nocerts
    openssl pkcs12 -info -in certificate.p12 -out certificate.cert -nokeys
  • Create a variables.tf Terraform variables file:
    variable "api_cert" {
            type = string
            default = "/<full path to>/certificate.cert"
        }
        
        variable "api_key" {
          type = string
          default = "/<full path to>/private_key.key"
        }
        
        variable "api_url" {
            type = string
            default = "https://<tenant_name>.console.ves.volterra.io/api"
        }
  • Create a main.tf Terraform file:
    terraform {
          required_version = ">= 0.12.9, != 0.13.0"
        
          required_providers {
            volterra = {
              source = "volterraedge/volterra"
              version = ">=0.0.6"
            }
          }
        }
        provider "volterra" {
          api_cert = var.api_cert
          api_key = var.api_key
          url   = var.api_url
        }

In the directory where your terraform files are, run:

terraform init

Then:

terraform apply


Code :

resource "volterra_origin_pool" "sample-https-origin-pool" {
  name                   = "sample-https-origin-pool"
 //Name of the namespace where the origin pool must be deployed
  namespace              = "mynamespace"
 
   origin_servers {

    private_ip {
      ip = "10.17.20.13"

      //From which interface of the node onsite the IP of the service is reachable. Value are inside_network / outside_network or both.
      outside_network = true
     
     //Site definition
      site_locator {
        site {
          name      = "name-of-the-site"
          namespace = "system"
          tenant    = "name-of-the-tenant"
        }
      }
    }

    labels = {
    }
  } 
   
  use_tls {
    use_host_header_as_sni = true
  tls_config {
    default_security = true
  }
  skip_server_verification = true
  no_mtls = true
  }

  no_tls = false
  port = "443"
  endpoint_selection     = "LOCALPREFERED"
  loadbalancer_algorithm = "LB_OVERRIDE"
}

Tested this on version:

No Version Found
Published Oct 18, 2021
Version 1.0
cloud
devops
VoltMesh
No CommentsBe the first to comment