The Tunnel provider is used to manage local network tunnels. This enables users to securely access and manage remote servers (databases, web servers, etc.) in private networks without needing to open additional ports to the outside networks.
The provider is compatible with HashiCorp Cloud Platform (HCP)
For optimal compatibility with HashiCorp Cloud Platform, use Ephemeral Resources
terraform {
required_providers {
tunnel = {
source = "dfns/tunnel"
version = ">= 1.1.0"
}
}
}
ephemeral "tunnel_ssm" "eks" {
target_host = "https://eks-cluster.region.eks.amazonaws.com"
target_port = 443
ssm_instance = "i-instanceid"
ssm_region = "us-east-1"
}
provider "kubernetes" {
host = "https://${ephemeral.tunnel_ssm.eks.local_host}:${ephemeral.tunnel_ssm.eks.local_port}"
tls_server_name = "eks-cluster.region.eks.amazonaws.com"
client_certificate = file("~/.kube/client-cert.pem")
client_key = file("~/.kube/client-key.pem")
cluster_ca_certificate = file("~/.kube/cluster-ca-cert.pem")
}data "tunnel_ssm" "eks" {
target_host = "https://eks-cluster.region.eks.amazonaws.com"
target_port = 443
ssm_instance = "i-instanceid"
ssm_region = "us-east-1"
}- Clone the repository
- Enter the repository directory
- Build the provider using the Go
installcommand:
go installThis provider uses Go modules. Please see the Go documentation for the most up-to-date information about using Go modules.
To add a new dependency github.com/author/dependency to your Terraform provider:
go get github.com/author/dependency
go mod tidyThen commit the changes to go.mod and go.sum.
If you wish to work on the provider, you'll first need Go installed on your machine (see Requirements above).
To compile the provider, run go install. This will build the provider and put the provider binary in the $GOPATH/bin directory.
To generate or update documentation, run make generate.
In order to run the full suite of Acceptance tests, run make testacc.
Note: Acceptance tests create real resources, and often cost money to run.
make testacc