Create an internal HTTP Load-Balancer on Volterra with Terraform
Problem this snippet solves:
How to create an internal HTTP Load-Balancer with VoltMesh where the Origin is reachable through a Volterra node.
Two steps are needed:
- Creation of the Origin (1-origin.tf file)
- Creation of the Load-Balancer (2-http-lb.tf file)
How to use this snippet:
Pre-Requirements:
- Have a Volterra API Certificate. Please see this page for the API Certificate generation: https://volterra.io/docs/how-to/user-mgmt/credentials
- Extract the certificate and the key from the .p12:
openssl pkcs12 -info -in certificate.p12 -out private_key.key -nodes -nocerts
openssl pkcs12 -info -in certificate.p12 -out certificate.cert -nokeys
- Create a variables.tf Terraform variables file:
variable "api_cert" {
type = string
default = "/<full path to>/certificate.cert"
}
variable "api_key" {
type = string
default = "/<full path to>/private_key.key"
}
variable "api_url" {
type = string
default = "https://<tenant_name>.console.ves.volterra.io/api"
}
- Create a main.tf Terraform file:
terraform {
required_version = ">= 0.12.9, != 0.13.0"
required_providers {
volterra = {
source = "volterraedge/volterra"
version = ">=0.0.6"
}
}
}
provider "volterra" {
api_cert = var.api_cert
api_key = var.api_key
url = var.api_url
}
In the directory where your terraform files are, run:
terraform init
Then:
terraform apply
Code :
//==========================================================================
//Definition of the Origin, 1-origin.tf
//Start of the TF file
resource "volterra_origin_pool" "sample-http-origin-pool" {
name = "sample-http-origin-pool"
//Name of the namespace where the origin pool must be deployed
namespace = "mynamespace"
origin_servers {
private_ip {
ip = "10.17.20.13"
//From which interface of the node onsite the IP of the service is reachable. Value are inside_network / outside_network or both.
outside_network = true
//Site definition
site_locator {
site {
name = "name-of-the-site"
namespace = "system"
tenant = "name-of-the-tenant"
}
}
}
labels = {
}
}
no_tls = true
port = "80"
endpoint_selection = "LOCALPREFERED"
loadbalancer_algorithm = "LB_OVERRIDE"
}
//End of the file
//==========================================================================
//==========================================================================
//Definition of the Load-Balancer, 2-http-lb.tf
//Start of the TF file
resource "volterra_http_loadbalancer" "sample-http-lb" {
depends_on = [volterra_origin_pool.sample-http-origin-pool]
//Mandatory "Metadata"
name = "sample-http-lb"
//Name of the namespace where the origin pool must be deployed
namespace = "mynamespace"
//End of mandatory "Metadata"
//Mandatory "Basic configuration"
domains = ["mydomain.internal"]
http {
dns_volterra_managed = false
}
//End of mandatory "Basic configuration"
//Optional "Default Origin server"
default_route_pools {
pool {
name = "sample-http-origin-pool"
namespace = "mynamespace"
}
weight = 1
}
//End of optional "Default Origin server"
//Mandatory "VIP configuration"
advertise_on_public_default_vip = true
//End of mandatory "VIP configuration"
//Mandatory "Security configuration"
no_service_policies = true
no_challenge = true
disable_rate_limit = true
disable_waf = true
//End of mandatory "Security configuration"
//Mandatory "Load Balancing Control"
source_ip_stickiness = true
//End of mandatory "Load Balancing Control"
}
//End of the file
//==========================================================================Tested this on version:
No Version FoundPublished Oct 13, 2021
Version 1.0
Philippe_Veys
Employee
EmployeePhilippe_VeysEmployee
Employee1 Comment
update 2023 :
openssl pkcs12 -info -in certificate.p12 -out private_key.key -nodes -nocerts -legacy
openssl pkcs12 -info -in certificate.p12 -out certificate.cert -nokeys -legacy
