Create a VPC VoltMesh AWS site (two interfaces node)

Problem this snippet solves:

How to create a VoltMesh node inside an existing VPC. The VoltMesh node will be a two interfaces node and so could be used as both an ingress or egress gateway for the VPC.

How to use this snippet:

Pre-Requirements:

  • Get and create the following from the AWS console:
  • Get the ID of the VPC in which you want to deploy the VoltMesh node
  • Get the ID of the "workload subnet" where are sitting the ressources you want to expose with the VoltMesh node in the VPC
  • Create and get the ID of the following:
  • One subnet (/28 for instance) that will be used as "outside" subnet for the VoltMesh node ie handling the Internet connectivity
  • One subnet (/28 for instance) that will be used as "inside" subnet for the VoltMesh node

For more information regarding our AWS concepts, please refer to: https://www.volterra.io/docs/how-to/site-management/create-aws-site

    openssl pkcs12 -info -in certificate.p12 -out private_key.key -nodes -nocerts
    openssl pkcs12 -info -in certificate.p12 -out certificate.cert -nokeys
  • Create a variables.tf Terraform variables file:
    variable "api_cert" {
        type = string
        default = "/<full path to>/certificate.cert"
    }
    
    variable "api_key" {
      type = string
      default = "/<full path to>/private_key.key"
    }
    
    variable "api_url" {
        type = string
        default = "https://<tenant_name>.console.ves.volterra.io/api"
    }


  • Create a main.tf Terraform file:
    terraform {
      required_version = ">= 0.12.9, != 0.13.0"
    
      required_providers {
        volterra = {
          source = "volterraedge/volterra"
          version = ">=0.0.6"
        }
      }
    }
    provider "volterra" {
      api_cert = var.api_cert
      api_key = var.api_key
      url   = var.api_url
    }


In the directory where your terraform files are, run:

terraform init


Then:

terraform apply


Code :

resource "volterra_aws_vpc_site" "aws-vpc-example" {
  name      = "aws-vpc-example"
  namespace = "system"
  aws_region = ""
  
  assisted = false
  instance_type = "t3.xlarge"
  
  //AWS credentials entered in the Volterra Console
    aws_cred {
      name      = ""
      namespace = "system"
      tenant    = ""
    }

  vpc {
    vpc_id = ""
  }

  ingress_egress_gw {
    aws_certified_hw = "aws-byol-multi-nic-voltmesh"
    no_forward_proxy = true
    no_global_network = true
    no_inside_static_routes = true
    no_outside_static_routes = true
    no_network_policy = true    
    }
   
    //Availability zones and subnet options for the Volterra Node
    az_nodes {
      //AWS AZ
      aws_az_name = ""
      
      //Site local outside subnet
      outside_subnet {
        existing_subnet_id = ""
      }

      //Site local inside subnet
      inside_subnet {
        existing_subnet_id = ""
      }

      //Workload subnet
      workload_subnet {    
        existing_subnet_id = ""
      }
    }
  
  //Mandatory
  logs_streaming_disabled = true
  
  //Mandatory
  no_worker_nodes = true
}

Tested this on version:

No Version Found
Published Oct 25, 2021
Version 1.0

Was this article helpful?

No CommentsBe the first to comment