Skip to content
This repository has been archived by the owner on May 26, 2024. It is now read-only.

thojkooi/terraform-digitalocean-docker-swarm-firewall

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Terraform - Digital Ocean Swarm mode firewall rules

Terraform module to configure Docker Swarm mode firewall rules on DigitalOcean. Based on the Docker documentation. This module provides a basic set of rules for cluster communications.

CircleCI


Requirements

Usage

provider "digitalocean" {
}

resource "digitalocean_tag" "cluster" {
    name = "swarm-mode-cluster"
}

resource "digitalocean_tag" "manager" {
    name = "manager"
}

resource "digitalocean_tag" "worker" {
    name = "worker"
}

module "swarm-mode-cluster" {
    source            = "github.com/thojkooi/terraform-digitalocean-docker-swarm-mode"
    total_managers    = 3
    total_workers     = 5
    domain            = "do.example.com"
    do_token          = "${var.do_token}"
    manager_ssh_keys  = "${var.ssh_keys}"
    worker_ssh_keys   = "${var.ssh_keys}"
    manager_tags      = ["${digitalocean_tag.cluster.id}", "${digitalocean_tag.manager.id}"]
    worker_tags       = ["${digitalocean_tag.cluster.id}", "${digitalocean_tag.worker.id}"]
}

module "swarm-mode-firewall" {
    source  = "thojkooi/docker-swarm-firewall/digitalocean"
    version = "1.0.0"

    prefix                     = "my-project"
    cluster_tags               = ["${digitalocean_tag.cluster.id}"]
}

See examples for more.

Firewall rules

The following rules will be created:

Cluster communications

The following inbound rules are applied to any droplet that matches the id in cluster_droplet_ids or has a tag listed in cluster_tags:

Port Description Source
2377/TCP cluster management communications cluster_droplet_ids, cluster_tags
7946/TCP Container network discovery cluster_droplet_ids, cluster_tags
7946/UDP Container network discovery cluster_droplet_ids, cluster_tags
4789/UDP Container overlay network cluster_droplet_ids, cluster_tags

Please note that previous versions of this module also added rules for SSH access and various outbound rules. These have been removed from this module. Simliar functionality is provided by the following modules:

License

MIT © Thomas Kooi