Terraform module to configure Docker Swarm mode firewall rules on DigitalOcean. Based on the Docker documentation. This module provides a basic set of rules for cluster communications.
provider "digitalocean" {
}
resource "digitalocean_tag" "cluster" {
name = "swarm-mode-cluster"
}
resource "digitalocean_tag" "manager" {
name = "manager"
}
resource "digitalocean_tag" "worker" {
name = "worker"
}
module "swarm-mode-cluster" {
source = "github.com/thojkooi/terraform-digitalocean-docker-swarm-mode"
total_managers = 3
total_workers = 5
domain = "do.example.com"
do_token = "${var.do_token}"
manager_ssh_keys = "${var.ssh_keys}"
worker_ssh_keys = "${var.ssh_keys}"
manager_tags = ["${digitalocean_tag.cluster.id}", "${digitalocean_tag.manager.id}"]
worker_tags = ["${digitalocean_tag.cluster.id}", "${digitalocean_tag.worker.id}"]
}
module "swarm-mode-firewall" {
source = "thojkooi/docker-swarm-firewall/digitalocean"
version = "1.0.0"
prefix = "my-project"
cluster_tags = ["${digitalocean_tag.cluster.id}"]
}
See examples for more.
The following rules will be created:
The following inbound rules are applied to any droplet that matches the id in cluster_droplet_ids
or has a tag listed in cluster_tags
:
Port | Description | Source |
---|---|---|
2377/TCP |
cluster management communications | cluster_droplet_ids , cluster_tags |
7946/TCP |
Container network discovery | cluster_droplet_ids , cluster_tags |
7946/UDP |
Container network discovery | cluster_droplet_ids , cluster_tags |
4789/UDP |
Container overlay network | cluster_droplet_ids , cluster_tags |
Please note that previous versions of this module also added rules for SSH access and various outbound rules. These have been removed from this module. Simliar functionality is provided by the following modules:
- DigitalOcean firewall rules set, provides SSH inbound/outbound and various outbound rules.
- DigitalOcean Remote Docker API access.