Linux/Unix>> terraform-digitalocean-firewall-docker-api>> 返回
项目作者: thojkooi

项目描述 :
Terraform module to configure a set of firewall rules on DigitalOcean for limiting access to an exposed Docker Remote API
高级语言: HCL
项目地址: git://github.com/thojkooi/terraform-digitalocean-firewall-docker-api.git
创建时间: 2018-04-28T11:52:10Z
项目社区:https://github.com/thojkooi/terraform-digitalocean-firewall-docker-api
开源协议:MIT License
下载


Terraform - DigitalOcean Docker Remote API firewall rule set

Terraform module to configure a set of firewall rules on DigitalOcean for limiting access to an exposed Docker Remote API. It creates inbound rules and outbound rules.

CircleCI

Requirements

  • Terraform >= v0.11.7
  • Digitalocean account / API token with write access

Usage

Basic usage example:

  2. provider "digitalocean" {
  3. }
  5. resource "digitalocean_tag" "docker_api" {
  6.     name = "Docker Remote API"
  7. }
  9. resource "digitalocean_tag" "access_docker_api" {
  10.     name = "Access to docker Remote API"
  11. }
  13. module "default-firewall" {
  14.     source  = "thojkooi/firewall-docker-api/digitalocean"
  15.     version = "0.1.0"
  16.     prefix  = "dev"
  18.     # Droplets exposing the Docker Remote API
  19.     tags    = ["${digitalocean_tag.docker_api.id}"]
  21.     # Droplets allowed to access the exposed Docker Remote API
  22.     api_access_tags = ["${digitalocean_tag.access_docker_api.id}"]
  24.     # Limit access from all addresses to the docker remote api
  25.     api_access_from_adresses = []
  27.     # Specific droplets that can access the api
  28.     api_access_droplet_ids = []
  30.     # load balancer uids that may access the api port
  31.     api_access_load_balancer_uids = []
  32. }

Firewall rules

Inbound firewall rules:

Port Description Source Applied to
2376/TCP Inbound traffic api_access_tags, api_access_droplet_ids, api_access_from_adresses, api_access_load_balancer_uids droplet_ids, tags

Outbound firewall rules:

Port Description Destination Applied to
2376/TCP Outbound traffic droplet_ids, tags api_access_tags, api_access_droplet_ids

The outbound rule is only created if either api_access_tags or api_access_droplet_ids is set to a non-empty value.

Variables

Variable Default Description
prefix Prefix applied to firewall rule names (Required)
droplet_ids [] List of droplet ids to which the inbound rule sets will be applied
tags [] List of tag ids, any droplet matching these tags will have the inbound rule set applied
remote_api_port 2376 TCP port on which the Docker Remote API may be reached
api_access_tags [] List of droplet tags from which Docker Remote API access is allowed
api_access_droplet_ids [] List of droplet ids from which Docker Remote API access is allowed
api_access_from_adresses ["0.0.0.0/0", "::/0"] An array of strings containing the IPv4 addresses, IPv6 addresses, IPv4 CIDRs, and/or IPv6 CIDRs from which Docker Remote API access is allowed
api_access_load_balancer_uids [] An array containing the IDs of the Load Balancers from which Docker Remote API access is allowed