Create an HTTPS Origin based on private IP for VoltMesh

Problem this snippet solves:

How to create an HTTPS Origin that could be used in a VoltMesh HTTP or HTTPS Load-Balancer.

This Origin is based on a private IP that can be reached with a Volterra node deployed on the same site as the ressource.

How to use this snippet:

Pre-requirements:

    openssl pkcs12 -info -in certificate.p12 -out private_key.key -nodes -nocerts
    openssl pkcs12 -info -in certificate.p12 -out certificate.cert -nokeys
  • Create a variables.tf Terraform variables file:
    variable "api_cert" {
            type = string
            default = "/<full path to>/certificate.cert"
        }
        
        variable "api_key" {
          type = string
          default = "/<full path to>/private_key.key"
        }
        
        variable "api_url" {
            type = string
            default = "https://<tenant_name>.console.ves.volterra.io/api"
        }
  • Create a main.tf Terraform file:
    terraform {
          required_version = ">= 0.12.9, != 0.13.0"
        
          required_providers {
            volterra = {
              source = "volterraedge/volterra"
              version = ">=0.0.6"
            }
          }
        }
        provider "volterra" {
          api_cert = var.api_cert
          api_key = var.api_key
          url   = var.api_url
        }

In the directory where your terraform files are, run:

terraform init

Then:

terraform apply


Code :

resource "volterra_origin_pool" "sample-https-origin-pool" {
  name                   = "sample-https-origin-pool"
 //Name of the namespace where the origin pool must be deployed
  namespace              = "mynamespace"
 
   origin_servers {

    private_ip {
      ip = "10.17.20.13"

      //From which interface of the node onsite the IP of the service is reachable. Value are inside_network / outside_network or both.
      outside_network = true
     
     //Site definition
      site_locator {
        site {
          name      = "name-of-the-site"
          namespace = "system"
          tenant    = "name-of-the-tenant"
        }
      }
    }

    labels = {
    }
  } 
   
  use_tls {
    use_host_header_as_sni = true
  tls_config {
    default_security = true
  }
  skip_server_verification = true
  no_mtls = true
  }

  no_tls = false
  port = "443"
  endpoint_selection     = "LOCALPREFERED"
  loadbalancer_algorithm = "LB_OVERRIDE"
}

Tested this on version:

No Version Found
Published Oct 18, 2021
Version 1.0

Was this article helpful?

No CommentsBe the first to comment