greyhoundforty
commented
1 year ago base instance example:
resource "ibm_is_instance" "instance" {
name = "${local.prefix}-instance"
vpc = module.vpc.vpc_id[0]
image = data.ibm_is_image.base.id
profile = var.instance_profile
resource_group = module.resource_group.resource_group_id
metadata_service_enabled = var.metadata_service_enabled
boot_volume {
name = "${local.prefix}-boot-volume"
}
primary_network_interface {
subnet = module.vpc.subnet_ids[0]
allow_ip_spoofing = var.allow_ip_spoofing
security_groups = [module.security_group.security_group_id[0]]
}
user_data = templatefile("${path.module}/init.tftpl", { logdna_ingestion_key = module.logging.logdna_ingestion_key, region = local.region, vpc_tag = "vpc:${local.prefix}-vpc" })
zone = local.vpc_zones[0].zone
keys = local.ssh_key_ids
tags = concat(local.tags, ["zone:${local.vpc_zones[0].zone}"])
}
resource "ibm_is_floating_ip" "instance" {
name = "${local.prefix}-instance-public-ip"
resource_group = module.resource_group.resource_group_id
target = ibm_is_instance.instance.primary_network_interface[0].id
tags = concat(local.tags, ["zone:${local.vpc_zones[0].zone}"])
}
The main issue I have found is that the warpspeed installer does not properly detect the public IP on a VPC instance (or classic for that matter). I've worked around this previously by using the VPC metadata service and adding some lines in to the standard warpspeed installer script https://bunker.services/warpspeed-installer.sh
Looking to add the ability to deploy a warpspeed VPN server in place of or in addition to the bastion server. Since I am not using the VPC VPN is my WG VPN still zone restricted? Can my WG instance in zone-1 see the bastion or other instances in zone 2/3?