Create an internal HTTP Load-Balancer on Volterra with Terraform

Problem this snippet solves:

How to create an internal HTTP Load-Balancer with VoltMesh where the Origin is reachable through a Volterra node.

Two steps are needed:

  1. Creation of the Origin (1-origin.tf file)
  2. Creation of the Load-Balancer (2-http-lb.tf file)

How to use this snippet:

Pre-Requirements:

    openssl pkcs12 -info -in certificate.p12 -out private_key.key -nodes -nocerts
    openssl pkcs12 -info -in certificate.p12 -out certificate.cert -nokeys

  • Create a variables.tf Terraform variables file:

    variable "api_cert" {
        type = string
        default = "/<full path to>/certificate.cert"
    }
    
    variable "api_key" {
      type = string
      default = "/<full path to>/private_key.key"
    }
    
    variable "api_url" {
        type = string
        default = "https://<tenant_name>.console.ves.volterra.io/api"
    }

  • Create a main.tf Terraform file:

    terraform {
      required_version = ">= 0.12.9, != 0.13.0"
    
      required_providers {
        volterra = {
          source = "volterraedge/volterra"
          version = ">=0.0.6"
        }
      }
    }
    provider "volterra" {
      api_cert = var.api_cert
      api_key = var.api_key
      url   = var.api_url
    }

In the directory where your terraform files are, run:

terraform init

Then:

terraform apply

Code :

//==========================================================================
//Definition of the Origin, 1-origin.tf
//Start of the TF file
resource "volterra_origin_pool" "sample-http-origin-pool" {
  name                   = "sample-http-origin-pool"
  //Name of the namespace where the origin pool must be deployed
  namespace              = "mynamespace"
 
   origin_servers {

    private_ip {
      ip = "10.17.20.13"

      //From which interface of the node onsite the IP of the service is reachable. Value are inside_network / outside_network or both.
      outside_network = true
     
     //Site definition
      site_locator {
        site {
          name      = "name-of-the-site"
          namespace = "system"
          tenant    = "name-of-the-tenant"
        }
      }
    }

    labels = {
    }
  }

  no_tls = true
  port = "80"
  endpoint_selection     = "LOCALPREFERED"
  loadbalancer_algorithm = "LB_OVERRIDE"
}
//End of the file
//==========================================================================

//==========================================================================
//Definition of the Load-Balancer, 2-http-lb.tf
//Start of the TF file
resource "volterra_http_loadbalancer" "sample-http-lb" {
depends_on = [volterra_origin_pool.sample-http-origin-pool]
//Mandatory "Metadata"
name      = "sample-http-lb"
//Name of the namespace where the origin pool must be deployed
namespace = "mynamespace"
//End of mandatory "Metadata" 

//Mandatory "Basic configuration"
  domains = ["mydomain.internal"]
  http {
    dns_volterra_managed = false
  }
//End of mandatory "Basic configuration"

//Optional "Default Origin server"
default_route_pools {
    pool {
      name = "sample-http-origin-pool"
      namespace = "mynamespace"
    }
    weight = 1
  }
//End of optional "Default Origin server"

//Mandatory "VIP configuration"
advertise_on_public_default_vip = true
//End of mandatory "VIP configuration"

//Mandatory "Security configuration"
no_service_policies = true
no_challenge = true
disable_rate_limit = true
disable_waf = true
//End of mandatory "Security configuration"

//Mandatory "Load Balancing Control"
source_ip_stickiness = true
//End of mandatory "Load Balancing Control"
  
}
//End of the file
//==========================================================================

Tested this on version:

No Version Found
Published Oct 13, 2021
Version 1.0
  • update 2023 :

    openssl pkcs12 -info -in certificate.p12 -out private_key.key -nodes -nocerts -legacy
    openssl pkcs12 -info -in certificate.p12 -out certificate.cert -nokeys -legacy