terraform-provider-calico

command module
v0.0.0-...-c09ce87 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 2, 2016 License: Apache-2.0 Imports: 2 Imported by: 0

README

Calico Terraform Provider

About

Terraform provider for use with Calico 2.x.

Known Issues

Kubernetes as a storage backend for Calico support is there, but untested. Feedback wanted!

Install

Due to the large amount of dependencies from libcalico-go and it's usage of glide for dep management, the install is a bit more than just a go get.

mkdir -p $GOPATH/src/github.com/bolcom
git clone https://github.com/bolcom/terraform-provider-calico.git $GOPATH/src/github.com/bolcom/terraform-provider-calico
cd $GOPATH/src/github.com/bolcom/terraform-provider-calico
./build_for_terraform_version.sh 0.7.11 #insert your terraform version here

Usage

Provider Configuration

provider.tf

provider "calico" {
  backend_type = "etcdv2"
  backend_etcd_authority = "192.168.56.20:2379"
}

Etcd Backend

  • backend_etcd_scheme: default: http
  • backend_etcd_authority
  • backend_etcd_endpoints: multiple etcd endpoints separated by comma
  • backend_etcd_username
  • backend_etcd_password
  • backend_etcd_keyfile: File location keyfile
  • backend_etcd_certfile: File location certfile
  • backend_etcd_cacertfile: File location cacert

Kubernetes Backend

  • backend_k8s_configfile: K8sKubeconfigFile
  • backend_k8s_server: K8sServer
  • backend_k8s_clientcert: K8sClientCertificate
  • backend_k8s_clientkey: K8sClientKey
  • backend_k8s_ca: K8sCertificateAuthority
  • backend_k8s_token: K8sToken
Host Endpoint
resource "calico_hostendpoint" "myendpoint" {
  name = "myendpoint"
  node = "my-endpoint-001"
  interface = "eth0"
  expected_ips = ["127.0.0.1"]
  profiles = ["endpointprofile"]
  labels = { endpointlabel = "myvalue" }
}
Profile
resource "calico_profile" "myprofile" {
  name = "myprofile"
  labels = { endpointlabel = "myvalue" }
  spec {
    ingress {
      rule {
        action = "deny"
        protocol = "tcp"
        source {
          net = "10.0.0.0/24"
          selector = "profile == 'test'"
          ports = ["1:10", "20:30"]
          notPorts = ["40:60"]
        }
        icmp {
          code = 100
          type = 101
        }
      }
      rule {
        action = "allow"
        protocol = "udp"
        source {
          net = "11.0.0.0/24"
        }
      }
    }
    egress {
      rule {
        action = "deny"
        protocol = "tcp"
        source {
          net = "12.0.0.0/24"
        }
      }
      rule {
        action = "allow"
        protocol = "udp"
        source {
          net = "13.0.0.0/24"
        }
      }
    }
  }
}
Policy
resource "calico_policy" "mypolicy" {
  name = "mypolicy"
  spec {
    order = 100
    selector = "globalpolicy == 'test123'"
    ingress {
      rule {
        action = "deny"
        protocol = "tcp"
        source {
          net = "10.0.0.0/24"
          selector = "mykey == 'test'"
          ports = ["1:10", "20:30"]
          notPorts = ["40:60"]
        }
        icmp {
          code = 100
          type = 101
        }
      }
      rule {
        action = "allow"
        protocol = "udp"
        source {
          net = "11.0.0.0/24"
        }
      }
    }
    egress {
      rule {
        action = "deny"
        protocol = "tcp"
        source {
          net = "12.0.0.0/24"
        }
      }
      rule {
        action = "allow"
        protocol = "udp"
        source {
          net = "13.0.0.0/24"
        }
      }
    }
  }
}
IP Pools
resource "calico_ippool" "myippool" {
  cidr = "10.1.0.0/16"
  spec {
    ipip {
      enabled = "true"
    }
    nat-outgoing = "true"
    disabled = "true"
  }
}
BGP Peers
resource "calico_bgppeer" "mybgppeer" {
  scope = "node"
  node = "rack1-host1"
  peerIP = "192.168.1.1"
  spec {
    asNumber = "63400"
  }
}
Nodes
resource "calico_node" "mynode" {
  name = "node-hostname"
  spec {
    bgp {
      asNumber = "64512"
      ipv4Address = "10.244.0.1"
      ipv6Address = "2001:db8:85a3::8a2e:370:7334"
    }
  }
}

Testing

The script test.sh will:

  • download calicoctl and terraform
  • build terraform-provider-calico
  • spin up a container with etcd (docker-compose)
  • pull tests out of testing/test_*
  • do a terraform apply of the TF file
  • use calicoctl to get the result
  • compare it with the prestored results in the test_*.yaml file

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL