We value your privacy
Terraform module for VPC setup in DigitalOcean. Optionally, deploys Droplet and configures it as a VPC Gateway.
Once you have a Corewide Solutions Portal account, this one-time action will use your browser session to retrieve credentials:
shellterraform login solutions.corewide.com
Initialize mandatory providers:
Copy and paste into your Terraform configuration and insert the variables:
hclmodule "tf_do_vpc" {
source = "solutions.corewide.com/digitalocean/tf-do-vpc/digitalocean"
version = "~> 1.1.0"
# specify module inputs here or try one of the examples below
...
}
Initialize the setup:
shellterraform init
Corewide DevOps team strictly follows Semantic Versioning
Specification
to
provide our clients with products that have predictable upgrades between versions. We
recommend
pinning
patch versions of our modules using pessimistic
constraint operator (~>) to prevent breaking changes during upgrades.
To get new features during the upgrades (without breaking compatibility), use
~> 1.1 and run
terraform init -upgrade
For the safest setup, use strict pinning with version = "1.1.0"
All notable changes to this project are documented here.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
gateway_urn and reserved_ip_urn outputsgateway_ips.public_ip output renamed to gateway_ips.publicgateway_ips.private_ip output renamed to gateway_ips.privategateway_ips.public_ip output in favour of gateway_ips.public and will be deleted in v2.0gateway_ips.private_ip output in favour of gateway_ips.private and will be deleted in v2.0vpc)gateway_ips)Deploy only VPC with custom IP range:
hclmodule "vpc" {
source = "solutions.corewide.com/digitalocean/tf-do-vpc/digitalocean"
version = "~> 1.1"
name_prefix = "foo"
region = "fra1"
cidr_block = "10.114.32.0/20"
}
Deploy VPC and gateway droplet with minimum configuration:
hclmodule "vpc" {
source = "solutions.corewide.com/digitalocean/tf-do-vpc/digitalocean"
version = "~> 1.1"
name_prefix = "foo"
region = "fra1"
gateway = {}
}
Full module configuration - deploy VPC with custom IP range, deploy and configure gateway droplet with minimal instance size, custom SSH keys and reserved IP address using cloud-init:
hclmodule "vpc" {
source = "solutions.corewide.com/digitalocean/tf-do-vpc/digitalocean"
version = "~> 1.1"
name_prefix = "foo"
region = "fra1"
cidr_block = "10.114.32.0/20"
description = "Module usage example"
gateway = {
size = "s-1vcpu-1gb"
tags = [
"application",
]
ssh_keys = [
digitalocean_ssh_key.main.fingerprint,
]
}
}
To configure backend droplets to use the VPC gateway, follow the example below or use the official tutorial.
Routing droplet traffic via GW. Create a droplet and configure it using cloud-init config:
hclresource "digitalocean_droplet" "backend" {
image = "ubuntu-22-10-x64"
name = "backend"
region = "fra1"
size = "s-1vcpu-1gb"
vpc_uuid = module.vpc.vpc.id
ssh_keys = [
digitalocean_ssh_key.main.fingerprint,
]
# Provide cloud-init script to configure gateway
user_data = join("
", [
"#cloud-config",
yamlencode({
runcmd = [
# Add an IP route to your network configuration so the Droplet can retain access to its metadata endpoint (169.254.169.254)
"ip route add 169.254.169.254 via $(curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/gateway) dev $(route|awk '/^default/{print $NF}')",
# Add new gateway Droplet IP route to the backend Droplet network configuration
"ip route change default via ${module.vpc.gateway_ips.private_ip}"
]
}),
])
}
| Variable | Description | Type | Default | Required | Sensitive |
|---|---|---|---|---|---|
name_prefix |
Naming prefix for all the resources created by the module | string |
yes | no | |
region |
Digital Ocean region to create resources in | string |
yes | no | |
cidr_block |
The parameters for VPC creation | string |
no | no | |
description |
A free-form text field up to a limit of 255 characters to describe the VPC | string |
no | no | |
gateway |
The parameters for Gateway Droplet creation | object |
no | no | |
gateway.size |
The machine type for GW droplet to use | string |
s-1vcpu-1gb |
no | no |
gateway.ssh_keys |
A list of SSH key IDs or fingerprints to authorize | list(string) |
[] |
no | no |
gateway.tags |
A list of the tags to be applied to this Droplet | list(string) |
[] |
no | no |
| Output | Description | Type | Sensitive |
|---|---|---|---|
gateway_ips |
Contains public_ip and private_ip of the Gateway Droplet |
computed |
no |
gateway_urn |
URN of gateway droplet | computed |
no |
reserved_ip_urn |
URN of reserved IP | computed |
no |
vpc |
VPC resource attributes | resource |
no |
| Dependency | Version | Kind |
|---|---|---|
terraform |
>= 1.3 |
CLI |
digitalocean/digitalocean |
~> 2.16 |
provider |
