Original design
This is the starting point of the infrastructure. A classic design that lot of enterprises have or used to have. Virtual Machine (VM) and Bare Metal Server (BMS) are sharing a same vlan behind a firewall. Everything begins when the VM wants to move to a more virtual infrastructure with distributed routing and firewalling. In this case they want to move to VMware NSXT.
From a physical point of view, the migration is performed on leaf and spine infrastructure that we will call the underlay.
This article is to show an example of how to manage NSX-T firewall rules as a code through Terraform. You can find the project on my github account : nsxt-frac-tf-cm and nsxt-frac-tf-rm
I will describe the structure of the project, how it works, the data model, the Terraform code explanation and finish with an example.
Structure of the project The diagram below shows a summary of how I organized the project in order to fully use infrastructre as code.