Additional Flags and Subnet Router Failover

hardfinhq / terraform-aws-tailscale-subnet-router

Terraform module for Tailscale subnet router in AWS ECS Fargate

https://registry.terraform.io/modules/hardfinhq/tailscale-subnet-router/aws

Apache License 2.0

30 stars 9 forks source link

Additional Flags and Subnet Router Failover #10

Closed cablespaghetti closed 1 year ago

cablespaghetti commented 1 year ago

This PR incorporates a number of changes we've made on our fork. All should be backwards compatible with the exception of the ECS Service name which will change, causing a delete/recreate.

The changes made are:

Ability to specify arbitrary tailscale up flags, which we use for --advertise-exit-node
Ability to specify a name for all the resources rather than just using the VPC name, which we use to have multiple deployed in a single VPC for HA/failover purposes
Ability to specify different CPU/Memory settings for the ECS Task Definition

cablespaghetti commented 1 year ago

Our config now looks like this:

module "subnet_router" {
  count  = 2
  source = "github.com/tailsdotcom/terraform-aws-tailscale-subnet-router/modules/subnet_router"

  name         = "main-infra-vpc-${count.index}-tailscale"
  vpc          = "main-infra-vpc"
  subnet_group = "infrastructure-${data.aws_availability_zones.available.names[count.index]}-main"

  assign_public_ip            = false
  security_group_ids          = [aws_security_group.tailscale.id]
  target_ecs_cluster          = aws_ecs_cluster.tailscale-subnet-router.name
  tailscale_auth_key_secret   = "tailscale_auth_key"
  tailscale_docker_repository = "tailscale-subnet-router"
  tailscale_docker_tag        = "20230227"
  enable_execute_command      = true
  additional_routes           = local.tgw_routes
  additional_flags            = "--advertise-exit-node"
  cpu_architecture            = "ARM64"
  cpu                         = "1024"
  memory                      = "2048"
}

dhermes commented 1 year ago

@cablespaghetti Thanks for another great contribution. This LGTM other than a few small changes:

Nit on vpc -> VPC in documentation for humans
Change to root variables.tf
Backwards compatible change / no-op to ECS service name

dhermes commented 1 year ago

@cablespaghetti Everything looks great except for the missing change to the root variables.tf

cablespaghetti commented 1 year ago

@cablespaghetti Everything looks great except for the missing change to the root variables.tf

You're too fast for me! I think it's all done now.

dhermes commented 1 year ago

You're too fast for me!

Haha my bad. Thanks for all the great work!