nsxt-load-balancer-virtual-server

VMWare NSX-T Load Balancer Virtual Server Module

This Terraform module configures NSX-T load balancer virtual servers.

Requirements

Name	Version
terraform	>= 1.3.0
nsxt	>= 3.2.7

Usage

Basic usage of this module is as follows:

module "example" {
	 source  = "<module-path>"

	 # Required variables
	 application_profile_path  = 
	 display_name  = 
	 ip_address  = 
	 ports  = 

	 # Optional variables
	 access_list_control  = null
	 access_log_enabled  = true
	 client_ssl  = null
	 default_pool_member_ports  = []
	 enabled  = true
	 log_significant_event_only  = null
	 max_concurrent_connections  = null
	 max_new_connection_rate  = null
	 persistence_profile_path  = null
	 pool_path  = null
	 resource_description  = "Terraform provisioned"
	 rules  = {}
	 server_ssl  = null
	 service_path  = null
	 sorry_pool_path  = null
	 tags  = {}
}

Resources

Name	Type
nsxt_policy_lb_virtual_server.this	resource

Inputs

Name	Description	Type	Default	Required
access_list_control	Defines IP access lists used to control client connections	object({ enabled = optional(bool) action = string group_path = string })	null	no
access_log_enabled	Should the access log be enabled for the virtual server?	bool	true	no
application_profile_path	Application profile path for this virtual server. Note that this also differentiates between Layer 4 TCP/UDP and Layer 7 HTTP virtual servers.	string	n/a	yes
client_ssl	ssl binding for connections to the virtual server from clients.	object({ default_certificate_path = string client_auth = optional(string) certificate_chain_depth = optional(number) ca_paths = optional(list(string)) crl_paths = optional(list(string)) sni_paths = optional(list(string)) ssl_profile_path = optional(string) })	null	no
default_pool_member_ports	The default members ports to use when members do not specify their listening ports	list(string)	[]	no
display_name	The name of the LB Virtual Server	string	n/a	yes
enabled	Should the virtual server be enabled	bool	true	no
ip_address	IP Address for the virtual server.	string	n/a	yes
log_significant_event_only	Should only signficant events be logged to the access log. Requires access_log_enabled be true	bool	null	no
max_concurrent_connections	Maximum concurrent connections for the virtual server	number	null	no
max_new_connection_rate	New connection rate limit for the virtual server. Serves as a rate limiter.	number	null	no
persistence_profile_path	NSX resource path to a persistence profile which defines connection persistence for this virtual server	string	null	no
pool_path	NSX resource path to the load balancer pool which will service requests	string	null	no
ports	Ports the virtual server will listen on.	list(string)	n/a	yes
resource_description	Description field of all created resources	string	"Terraform provisioned"	no
rules	Defines load balancer behavior and routing to backend pool members.	map(object({ match_strategy = optional(string) phase = optional(string) actions = list(object({ http_redirect = optional(object({ redirect_status = string redirect_url = string })) http_reject = optional(object({ reply_status = string reply_message = optional(string) })) select_pool = optional(object({ pool_id = string })) variable_persistence_on = optional(object({ variable_name = string variable_hash_enabled = optional(bool) persistence_profile_path = optional(string) })) http_response_header_rewrite = optional(object({ header_name = string header_value = string })) http_response_header_delete = optional(object({ header_name = string })) variable_persistence_learn = optional(object({ variable_name = string variable_hash_enabled = optional(bool) persistence_profile_path = optional(string) })) http_request_uri_rewrite = optional(object({ uri = string uri_arguments = optional(string) })) http_request_header_rewrite = optional(object({ header_name = string header_value = string })) http_request_header_delete = optional(object({ header_name = string })) variable_assignment = optional(object({ variable_name = string variable_value = string })) jwt_auth = optional(object({ key = object({ certificate_path = optional(string) public_key_content = optional(string) }) pass_jwt_to_pool = optional(bool) realm = optional(string) tokens = optional(list(string)) })) ssl_mode_selection = optional(object({ ssl_mode = string })) connection_drop = optional(object({ drop = bool })) })) conditions = optional(list(object({ http_request_method = optional(object({ method = string inverse = optional(bool) })) http_request_version = optional(object({ version = string inverse = optional(bool) })) ip_header = optional(object({ source_address = string group_path = optional(string) inverse = optional(bool) })) tcp_header = optional(object({ source_port = string inverse = optional(bool) })) http_request_header = optional(object({ header_name = optional(string) header_value = string match_type = optional(string) case_sensitive = optional(bool) inverse = optional(bool) })) http_respone_header = optional(object({ header_name = string header_value = string match_type = optional(string) case_sensitive = optional(bool) inverse = optional(bool) })) variable = optional(object({ variable_name = string variable_value = string match_type = optional(string) case_sensitive = optional(bool) inverse = optional(bool) })) http_request_cookie = optional(object({ cookie_name = string cookie_value = string match_type = optional(string) case_sensitive = optional(bool) inverse = optional(bool) })) http_request_body = optional(object({ body_value = string match_type = optional(string) case_sensitive = optional(bool) inverse = optional(bool) })) ssl_sni = optional(object({ sni = string match_type = optional(string) case_sensitive = optional(bool) inverse = optional(bool) })) http_ssl = optional(object({ client_certificate_issuer_dn = optional(object({ issuer_dn = string match_type = optional(string) case_sensitive = optional(bool) })) client_certificate_subject_dn = optional(object({ subject_dn = string match_type = optional(string) case_sensitive = optional(bool) })) client_supported_ssl_ciphers = optional(list(string)) session_reused = optional(string) used_protocol = optional(string) used_ssl_cipher = optional(string) inverse = optional(bool) })) http_request_uri = optional(object({ uri = string match_type = optional(string) case_sensitive = optional(bool) inverse = optional(bool) })) http_request_uri_arguments = optional(object({ uri_arguments = string match_type = optional(string) case_sensitive = optional(bool) inverse = optional(bool) })) }))) }))	{}	no
server_ssl	ssl binding for connections from the virtual server to pool members.	object({ certificate_chain_depth = optional(number) client_certificate_path = optional(string) server_auth = optional(string) ca_paths = optional(list(string)) crl_paths = optional(list(string)) ssl_profile_path = optional(string) })	null	no
service_path	The load balancer service to associate this virtual server with	string	null	no
sorry_pool_path	The NSX resource path to a load balancer pool to service requests when the main pool is unavailable	string	null	no
tags	A map of NSX-T tag:scope pairs	map(string)	{}	no

Outputs

Name	Description
id	The NSX resource ID for the created virtual server.
nsxt_lb_virtual_server	The NSX resource object of the created virtual server.
path	The NSX resource path for the created virtual server.
revision	The NSX object revision path for the virtual server.