-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudflare.tf
77 lines (70 loc) · 2.18 KB
/
cloudflare.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# Lookup for zone ID from the zone name
data "cloudflare_zones" "zones" {
filter {
name = var.cloudflare_zone
lookup_type = "exact"
status = "active"
}
}
locals {
cloudflare_zone_id = lookup(element(data.cloudflare_zones.zones.zones, 0), "id")
}
# data "cloudflare_api_token_permission_groups" "all" {}
# # Token allowed to edit DNS entries for specific zone.
# resource "cloudflare_api_token" "zone_dns_edit" {
# name = "terraform-gke-dns-edit"
# policy {
# permission_groups = [
# data.cloudflare_api_token_permission_groups.all.permissions["DNS Write"],
# ]
# resources = {
# "com.cloudflare.api.account.zone.${local.cloudflare_zone_id}" = "*"
# }
# }
# }
# The random_id resource is used to generate a 35 character secret for the tunnel
resource "random_id" "tunnel_secret" {
byte_length = 35
}
# A Named Tunnel resource called terraform-gcp-gke
resource "cloudflare_tunnel" "ovh_tunnel" {
account_id = var.cloudflare_account_id
name = "travigo-ovh-kube"
secret = random_id.tunnel_secret.b64_std
}
# Create DNS entries for the cloudflare tunnel
resource "cloudflare_record" "root" {
zone_id = local.cloudflare_zone_id
name = var.cloudflare_zone
value = "${cloudflare_tunnel.ovh_tunnel.id}.cfargotunnel.com"
type = "CNAME"
proxied = true
}
resource "cloudflare_record" "www" {
zone_id = local.cloudflare_zone_id
name = "www.${var.cloudflare_zone}"
value = "${cloudflare_tunnel.ovh_tunnel.id}.cfargotunnel.com"
type = "CNAME"
proxied = true
}
resource "cloudflare_record" "api" {
zone_id = local.cloudflare_zone_id
name = "api.${var.cloudflare_zone}"
value = "${cloudflare_tunnel.ovh_tunnel.id}.cfargotunnel.com"
type = "CNAME"
proxied = true
}
resource "cloudflare_record" "kibana" {
zone_id = local.cloudflare_zone_id
name = "kibana.${var.cloudflare_zone}"
value = "${cloudflare_tunnel.ovh_tunnel.id}.cfargotunnel.com"
type = "CNAME"
proxied = true
}
resource "cloudflare_record" "web" {
zone_id = local.cloudflare_zone_id
name = "web.${var.cloudflare_zone}"
value = "${cloudflare_tunnel.ovh_tunnel.id}.cfargotunnel.com"
type = "CNAME"
proxied = true
}