• Akamai Connected Cloud Cloud Open Source Terraform

    Assigning a firewall to Linode NodeBalancer using Terraform and Cloud Manager.

    Alesandro Slepčević Posted on

    Linode has finally rolled out support to assign a firewall device to a NodeBalancer (Linode’s managed load balancing service)!

    Assigning a firewall via CloudManager is quite easy and self-explanatory. Create a firewall, add the rules you need and simply select that firewall when you create a load balancer.

    More fun part is to use IaC, mainly Terraform.

    Example code which will create a NodeBalancer, Firewall device and assign it to a load balancer.

    NodeBalancer Terraform code: 

    resource "linode_nodebalancer" "primaryregion-lb" {
    label = "nodebalancer-web-${var.primary_region}"
    region = var.primary_region
    client_conn_throttle = 0
}

resource "linode_nodebalancer_config" "primaryregion-lb-config" {
    nodebalancer_id = linode_nodebalancer.primaryregion-lb.id
    port = 80
    protocol = "http"
    check = "http"
    check_path = "/"
    check_attempts = 3
    check_timeout = 30
    stickiness = "none"
    algorithm = "leastconn"
}

resource "linode_nodebalancer_node" "primary" {
    count = "2"
    nodebalancer_id = linode_nodebalancer.primaryregion-lb.id
    config_id = linode_nodebalancer_config.primaryregion-lb-config.id
    address = "${element(linode_instance.web-primary.*.private_ip_address, count.index)}:80"
    label = "nodebalancer-web-${var.primary_region}"
    weight = 50
}

    Terraform code to create a Firewall and assign it to the said load balancer.

    
resource "linode_firewall" "lb-fw" {
  label = "lb-pub"

  inbound {
    label    = "allow-http"
    action   = "ACCEPT"
    protocol = "TCP"
    ports    = "80"
    ipv4     = ["0.0.0.0/0"]
    ipv6     = ["::/0"]
  }

  inbound {
    label    = "allow-https"
    action   = "ACCEPT"
    protocol = "TCP"
    ports    = "443"
    ipv4     = ["0.0.0.0/0"]
    ipv6     = ["::/0"]
  }

  inbound_policy = "DROP"

  outbound_policy = "ACCEPT"

  nodebalancers = [linode_nodebalancer.primaryregion-lb.id]
}

    If you’ve ever used Terraform and Linode, you will notice it’s exactly the same approach we do when we want to assign a firewall device to a Linode (virtual machine); only difference is that we reference the “nodebalancer” instead of “linodes”.

    Cheers,

    Alex.

    Tagged:

    LEAVE A RESPONSE

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Alesandro Slepčević
    Senior Cloud Architect at Akamai
    View all posts

    Check these out!