Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GKE helm provider deployment guide #109

Merged
merged 11 commits into from
Jun 7, 2022
Merged

GKE helm provider deployment guide #109

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
e971789
add helm deployment guide
romankor Jun 2, 2022
a6c7e08
update documentation
romankor Jun 2, 2022
5ef6e02
change file name
romankor Jun 2, 2022
f40f804
Merge branch 'main' into feature/TG-3070-helm-deployment-guide
alexmensch Jun 3, 2022
c4fcd03
Small copy fixes
alexmensch Jun 4, 2022
11eb8b8
Built docs from templates
alexmensch Jun 4, 2022
f1ef1f0
Changed order
alexmensch Jun 4, 2022
7a8585a
CR
romankor Jun 7, 2022
23274b8
Merge branch 'main' into feature/TG-3070-helm-deployment-guide
romankor Jun 7, 2022
b66974a
Tweaks
alexmensch Jun 7, 2022
345b86e
make docs
alexmensch Jun 7, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions docs/guides/aws-deployment-guide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ This deployment guide walks you through a basic AWS deployment of Twingate. For

## Before you begin

* Sign up for an account on the [Twingate website](https://www.twingate.com). You will need the Twingate Enterprise tier to use Terraform with Twingate.
* Sign up for an account on the [Twingate website](https://www.twingate.com).
* Create a Twingate [API key](https://docs.twingate.com/docs/api-overview). The key will need to have full permissions to Read, Write, & Provision, in order to deploy Connectors through Terraform.

## Setting up the Provider
Expand All @@ -29,9 +29,11 @@ variable "network" {
}
```

In general, we recommend that you use [environment variables](https://www.terraform.io/language/values/variables#environment-variables) to set sensitive variables such as the API key and mark such variables as [`sensitive`](https://www.terraform.io/language/values/variables#suppressing-values-in-cli-output).

## Creating the Remote Network and Connectors in Twingate

Next, we'll create the objects in Twingate that correspond to the AWS network that we're deploying Twingate into: A Remote Network to represent the AWS VPC, and a Connector to be deployed in that VPC. We'll use these objects when we're deploying the Connector image and creating Resources to access through Twingate.
Next, we'll create the objects in Twingate that correspond to the AWS network that we're deploying Twingate into: a Remote Network to represent the AWS VPC, and a Connector to be deployed in that VPC. We'll use these objects when we're deploying the Connector image and creating Resources to access through Twingate.

```terraform
resource "twingate_remote_network" "aws_network" {
Expand Down Expand Up @@ -129,4 +131,4 @@ resource "twingate_resource" "tg_instance" {
remote_network_id = twingate_remote_network.my_aws_network.id
group_ids = ["R3JvdXG6OGky"]
}
```
```
150 changes: 150 additions & 0 deletions docs/guides/gke-helm-provider-deployment-guide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
---
subcategory: "gke"
page_title: "GKE Helm Provider Deployment Guide"
description: |-
This document walks you through a basic deployment using Twingate's Terraform provider on GKE using the Helm Terraform provider
---

# Deployment Guide

This deployment guide walks you through a Twingate Connector Helm deployment in a GKE cluster.

## Before you begin

* Sign up for an account on the [Twingate website](https://www.twingate.com).
* Create a Twingate [API key](https://docs.twingate.com/docs/api-overview). The key will need to have full permissions to Read, Write, & Provision, in order to deploy Connectors through Terraform.

## Setting up variables

```terraform
variable "twingate_network" {
default = "autoco"
}

variable "twingate_api_token" {
sensitive = true
}
```

In general, we recommend that you use [environment variables](https://www.terraform.io/language/values/variables#environment-variables) to set sensitive variables such as the API key and mark such variables as [`sensitive`](https://www.terraform.io/language/values/variables#suppressing-values-in-cli-output).

## Setting up the Provider

First, we need to set up the Twingate Terraform provider by providing your network ID and the API key you provisioned earlier.

```terraform
provider "twingate" {
api_token = var.twingate_api_token
network = var.twingate_network
}
```

## Provider Requirements

Minimum provider versions are excluded for the purposes of the example below.

```terraform
terraform {
required_providers {
helm = {
source = "hashicorp/helm"
}
google = {
source = "hashicorp/google"
}
twingate = {
source = "twingate/twingate"
}
docker = {
source = "kreuzwerker/docker"
}
}
}
```

## Provider setup

```terraform

provider "google" {
project = "my-project-id"
region = "us-central1"
}

data "google_client_config" "provider" {}
romankor marked this conversation as resolved.
Show resolved Hide resolved

data "google_container_cluster" "cluster" {
name = "my-cluster"
location = "us-central1"
}

provider "helm" {
kubernetes {
host = "https://${data.google_container_cluster.cluster.endpoint}"
token = data.google_client_config.provider.access_token
cluster_ca_certificate = base64decode(
data.google_container_cluster.cluster.master_auth[0].cluster_ca_certificate
)
}
}

data "docker_registry_image" "connector" {
name = "twingate/connector:1"
}

```
## Creating the Remote Network and Connectors in Twingate

Next, we'll create the objects in Twingate that correspond to the GCP network that we're deploying Twingate into: a Remote Network to represent the GKE subnet, and a Connector to be deployed in that subnet. We'll use these objects when we're deploying the Connector Helm chart.

```terraform
resource "twingate_remote_network" "gcp_network" {
name = "GCP Network"
}

resource "twingate_connector" "gke_connector" {
remote_network_id = twingate_remote_network.gcp_network.id
}

resource "twingate_connector_tokens" "gke_connector_tokens" {
connector_id = twingate_connector.gke_connector.id
}
```

## Deploying the Connector

Now that we have the data types created in Twingate, we need to deploy a Connector into the GKE cluster to handle Twingate traffic.

```terraform
resource "helm_release" "connector" {
chart = "connector"
name = "twingate-connector"
repository = "https://twingate.github.io/helm-charts"
namespace = "twingate"
create_namespace = true
recreate_pods = true

set {
name = "connector.network"
value = var.twingate_network
}

# Connector image updates are not tied to Helm chart updates, so in order to keep the Connector up to date we are using its image sha256 as a Helm property.
# Every time a new version of the Connector is pushed and the Terraform build runs, the Connector will be updated and restarted.
set {
name = "sha256"
value = data.docker_registry_image.connector.sha256_digest
}

set {
name = "connector.accessToken"
value = twingate_connector_tokens.gke_connector_tokens.access_token
}

set {
name = "connector.refreshToken"
value = twingate_connector_tokens.gke_connector_tokens.refresh_token
}

}
```
8 changes: 5 additions & 3 deletions templates/guides/aws-deployment-guide.md.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ This deployment guide walks you through a basic AWS deployment of Twingate. For

## Before you begin

* Sign up for an account on the [Twingate website](https://www.twingate.com). You will need the Twingate Enterprise tier to use Terraform with Twingate.
* Sign up for an account on the [Twingate website](https://www.twingate.com).
* Create a Twingate [API key](https://docs.twingate.com/docs/api-overview). The key will need to have full permissions to Read, Write, & Provision, in order to deploy Connectors through Terraform.

## Setting up the Provider
Expand All @@ -29,9 +29,11 @@ variable "network" {
}
```

In general, we recommend that you use [environment variables](https://www.terraform.io/language/values/variables#environment-variables) to set sensitive variables such as the API key and mark such variables as [`sensitive`](https://www.terraform.io/language/values/variables#suppressing-values-in-cli-output).

## Creating the Remote Network and Connectors in Twingate

Next, we'll create the objects in Twingate that correspond to the AWS network that we're deploying Twingate into: A Remote Network to represent the AWS VPC, and a Connector to be deployed in that VPC. We'll use these objects when we're deploying the Connector image and creating Resources to access through Twingate.
Next, we'll create the objects in Twingate that correspond to the AWS network that we're deploying Twingate into: a Remote Network to represent the AWS VPC, and a Connector to be deployed in that VPC. We'll use these objects when we're deploying the Connector image and creating Resources to access through Twingate.

```terraform
resource "twingate_remote_network" "aws_network" {
Expand Down Expand Up @@ -79,4 +81,4 @@ resource "twingate_resource" "tg_instance" {
remote_network_id = twingate_remote_network.my_aws_network.id
group_ids = ["R3JvdXG6OGky"]
}
```
```
150 changes: 150 additions & 0 deletions templates/guides/gke-helm-provider-deployment-guide.md.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
---
subcategory: "gke"
page_title: "GKE Helm Provider Deployment Guide"
description: |-
This document walks you through a basic deployment using Twingate's Terraform provider on GKE using the Helm Terraform provider
---

# Deployment Guide

This deployment guide walks you through a Twingate Connector Helm deployment in a GKE cluster.

## Before you begin

* Sign up for an account on the [Twingate website](https://www.twingate.com).
* Create a Twingate [API key](https://docs.twingate.com/docs/api-overview). The key will need to have full permissions to Read, Write, & Provision, in order to deploy Connectors through Terraform.

## Setting up variables

```terraform
variable "twingate_network" {
default = "autoco"
}

variable "twingate_api_token" {
sensitive = true
}
```

In general, we recommend that you use [environment variables](https://www.terraform.io/language/values/variables#environment-variables) to set sensitive variables such as the API key and mark such variables as [`sensitive`](https://www.terraform.io/language/values/variables#suppressing-values-in-cli-output).

## Setting up the Provider

First, we need to set up the Twingate Terraform provider by providing your network ID and the API key you provisioned earlier.

```terraform
provider "twingate" {
api_token = var.twingate_api_token
network = var.twingate_network
}
```

## Provider Requirements

Minimum provider versions are excluded for the purposes of the example below.

```terraform
terraform {
required_providers {
helm = {
source = "hashicorp/helm"
}
google = {
source = "hashicorp/google"
}
twingate = {
source = "twingate/twingate"
}
docker = {
source = "kreuzwerker/docker"
}
}
}
```

## Provider setup

```terraform

provider "google" {
project = "my-project-id"
region = "us-central1"
}

data "google_client_config" "provider" {}

data "google_container_cluster" "cluster" {
name = "my-cluster"
location = "us-central1"
}

provider "helm" {
kubernetes {
host = "https://${data.google_container_cluster.cluster.endpoint}"
token = data.google_client_config.provider.access_token
cluster_ca_certificate = base64decode(
data.google_container_cluster.cluster.master_auth[0].cluster_ca_certificate
)
}
}

data "docker_registry_image" "connector" {
name = "twingate/connector:1"
}

```
## Creating the Remote Network and Connectors in Twingate

Next, we'll create the objects in Twingate that correspond to the GCP network that we're deploying Twingate into: a Remote Network to represent the GKE subnet, and a Connector to be deployed in that subnet. We'll use these objects when we're deploying the Connector Helm chart.

```terraform
resource "twingate_remote_network" "gcp_network" {
name = "GCP Network"
}

resource "twingate_connector" "gke_connector" {
remote_network_id = twingate_remote_network.gcp_network.id
}

resource "twingate_connector_tokens" "gke_connector_tokens" {
connector_id = twingate_connector.gke_connector.id
}
```

## Deploying the Connector

Now that we have the data types created in Twingate, we need to deploy a Connector into the GKE cluster to handle Twingate traffic.

```terraform
resource "helm_release" "connector" {
chart = "connector"
name = "twingate-connector"
repository = "https://twingate.github.io/helm-charts"
namespace = "twingate"
create_namespace = true
recreate_pods = true

set {
name = "connector.network"
value = var.twingate_network
}

# Connector image updates are not tied to Helm chart updates, so in order to keep the Connector up to date we are using its image sha256 as a Helm property.
# Every time a new version of the Connector is pushed and the Terraform build runs, the Connector will be updated and restarted.
set {
name = "sha256"
value = data.docker_registry_image.connector.sha256_digest
}

set {
name = "connector.accessToken"
value = twingate_connector_tokens.gke_connector_tokens.access_token
}

set {
name = "connector.refreshToken"
value = twingate_connector_tokens.gke_connector_tokens.refresh_token
}

}
```