vault-starter
hashicorp/vault-starter/gcp
GCP
A Terraform Module for provisioning an OSS Vault cluster (using integrated storage) as described by HashiCorp reference architecture.
Vault GCP Module This is a Terraform module for provisioning Vault with integrated storage on GCP. This module defaults to setting up a cluster with 5 Vault nodes (as recommended by the Vault with Integrated Storage Reference Architecture). About This Module This module implements the Vault with Integrated Storage Reference Architecture on GCP using the open source version of Vault 1.8+. How to Use This Module - Ensure your GCP credentials are configured correctly and have permission to use the following GCP services: - Cloud Resource Manager API - Compute Engine API - GCP Identity & Access Management (IAM) - GCP Key Management System API - Google Cloud Load Balancing - GCP SSL Certificates - Secret Manager API - To deploy without an existing VPC, use the example VPC code to build out the
| Name | Type | Description | Default |
|---|---|---|---|
| resource_name_prefix | string | Prefix for naming resources | |
| subnetwork | string | The self link of the subnetwork in which to deploy resources | |
| user_supplied_kms_key_ring_self_link | string | (Optional) Self link to user created kms key ring | |
| user_supplied_kms_crypto_key_self_link | string | (Optional) Self link to user created kms crypto key | |
| user_supplied_userdata_path | string | (Optional) File path to custom userdata script being supplied by the user | |
| leader_tls_servername | string | One of the shared DNS SAN used to create the certs used for mTLS | |
| project_id | string | GCP project in which to launch resources | |
| tls_secret_id | string | Secret id/name given to the Google Secret Manager secret | |
| ssl_certificate_name | string | Name of the created managed SSL certificate. Required when create_load_balancer | |
| location | string | Location of the kms key ring | "global" |
| vault_version | string | Vault version | "1.8.2" |
| vm_disk_size | number | VM Disk size | 500 |
| networking_healthcheck_ips | list(string) | Allowed IPs required for healthcheck. Provided by GCP | [
"35.191.0.0/16",
"130.211.0.0/22"
|
| ssh_source_ranges | list(string) | The source IP address ranges from which SSH traffic will be permitted; these ran | [
"35.235.240.0/20"
] |
| vm_disk_type | string | VM Disk type. SSD recommended | "pd-ssd" |
| vault_lb_health_check | string | The endpoint to check for Vault's health status | "/v1/sys/health?activecode=200\u0026stan |
| create_load_balancer | bool | If true, creates a private load balancer. Set to false to disable the load balan | true |
| node_count | number | Number of Vault nodes to deploy | 5 |
| vm_disk_source_image | string | VM Disk source image | "projects/ubuntu-os-cloud/global/images/ |
| networking_firewall_ports | list(string) | Additional ports to open in the firewall | [] |
| networking_ip_allow_list | list(string) | List of allowed IPs for the firewall | [
"0.0.0.0/0"
] |
| reserve_subnet_range | string | The IP address ranges for the https proxy range for the load balancer | "10.1.0.0/16" |
| vm_machine_type | string | VM Machine Type | "n2-standard-4" |
lb_address — Load Balancer Address GCP