cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Philippe_Veys
F5 Employee
F5 Employee

Problem this snippet solves:

How to create an HTTPS Origin that could be used in a VoltMesh HTTP or HTTPS Load-Balancer.

This Origin is based on a private IP that can be reached with a Volterra node deployed on the same site as the ressource.

How to use this snippet:

Pre-requirements:

    openssl pkcs12 -info -in certificate.p12 -out private_key.key -nodes -nocerts
    openssl pkcs12 -info -in certificate.p12 -out certificate.cert -nokeys
  • Create a variables.tf Terraform variables file:
    variable "api_cert" {
            type = string
            default = "/<full path to>/certificate.cert"
        }
        
        variable "api_key" {
          type = string
          default = "/<full path to>/private_key.key"
        }
        
        variable "api_url" {
            type = string
            default = "https://<tenant_name>.console.ves.volterra.io/api"
        }
  • Create a main.tf Terraform file:
    terraform {
          required_version = ">= 0.12.9, != 0.13.0"
        
          required_providers {
            volterra = {
              source = "volterraedge/volterra"
              version = ">=0.0.6"
            }
          }
        }
        provider "volterra" {
          api_cert = var.api_cert
          api_key = var.api_key
          url   = var.api_url
        }

In the directory where your terraform files are, run:

terraform init

Then:

terraform apply


Code :

resource "volterra_origin_pool" "sample-https-origin-pool" {
  name                   = "sample-https-origin-pool"
 //Name of the namespace where the origin pool must be deployed
  namespace              = "mynamespace"
 
   origin_servers {

    private_ip {
      ip = "10.17.20.13"

      //From which interface of the node onsite the IP of the service is reachable. Value are inside_network / outside_network or both.
      outside_network = true
     
     //Site definition
      site_locator {
        site {
          name      = "name-of-the-site"
          namespace = "system"
          tenant    = "name-of-the-tenant"
        }
      }
    }

    labels = {
    }
  } 
   
  use_tls {
    use_host_header_as_sni = true
  tls_config {
    default_security = true
  }
  skip_server_verification = true
  no_mtls = true
  }

  no_tls = false
  port = "443"
  endpoint_selection     = "LOCALPREFERED"
  loadbalancer_algorithm = "LB_OVERRIDE"
}

Tested this on version:

No Version Found
Version history
Last update:
‎18-Oct-2021 04:53
Updated by:
Contributors