Skip to content

Commit

Permalink
Update README for networking
Browse files Browse the repository at this point in the history
  • Loading branch information
bryan-bar committed Feb 15, 2024
1 parent daa8460 commit d266e89
Showing 1 changed file with 52 additions and 1 deletion.
53 changes: 52 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ edb-terraform generate \
--infra-file edb-terraform/docs/examples/aws/edb-ra-3.yml
cd example
terraform init
terraform apply
terraform apply -var "force_dynamic_ip=true"
terraform destroy
```

Expand Down Expand Up @@ -219,3 +219,54 @@ edb-terraform setup
├── terraform.tfvars.json # Automatically detected Terraform variables. Original values under `edb-terraform/terraform.tfvars.yml`
└── common_vars.tf # Terraform placeholder variables used by all providers
```

## Configurations
Each provider has a:
- set of example configurations available under the docs directory.
- spec object within `variables.tf` of its specification module.

AWS
- [spec](./edbterraform/data/terraform/aws/modules/specification/variables.tf)
- [examples](./docs/examples/aws/machines-v2.yml)
Azure
- [spec](./edbterraform/data/terraform/azure/modules/specification/variables.tf)
- [examples](./docs/examples/azure/machines-v2.yml)
GCloud
- [spec](./edbterraform/data/terraform/gcloud/modules/specification/variables.tf)
- [examples](./docs/examples/gcloud/machines-v2.yml)

### Networking
By default, there are 4 `defaults` availabe when defining ports:
- `public` - ports for publics access
- `service` - ports for limited access
- `internal` - ports for all internal access
- `""` - ports without defaults (Default)

When defining `service` ports,
users can use 2 variables to dynamically update the allowed ips on top of adding values under the `cidrs` key.
This is meant for single time use and in most cases you should set the expected cidr ranges.
- `service_cidrblocks` - a list of cidrblocks for service access.
- `force_dynamic_ip` - use an http endpoint to get the current public ip and appended to service_cidrblocks.

> :warning:
> Policy rules might block generic rules such as `0.0.0.0/0`,
> which is often used by users with changing ips.
> This can cause unexpected ssh errors since resources are available before policies are applied.
> If possible, make use of a jump host to have a set of persistent ips.
> Otherwise, make use of the `force_dynamic_ip` or `service_cidrblocks` options to dynamically set service ips.
> :warning:
> Only AWS supports security groups, which allows for more flexibility with port configurations.
> We mimic the functionality of security groups for Azure and GCloud to allow ports to be defined per instance.
### Environment variables
Terraform allows for top-level variables to be defined with cli arguments or environment variables.
For any variable you can:
- Environment variable for any stage: `TF_VAR_ARGS=<CLI ARGS>`
- Environment variable for a targetted stage: `TF_VAR_ARGS_<stage>=<CLI ARGS>`
- Environment variable for a root variable: `TF_VAR_<variable>=<ARGS>`
- CLI Argument for a root variable: `-var <variable>=<ARGS>`

Example variable:
- `TF_VAR_force_dynamic_ip=true` is the same as `-var force_dynamic_ip=true`
- `TF_VAR_service_cidrblocks='["0.0.0.0/0"]'`

0 comments on commit d266e89

Please sign in to comment.