Deployment Automation
Twingate Connectors run in a linux/amd64
Docker container, which makes them widely compatible with a range of deployment methods and environments. The information below will help you automate their deployment.
Full Automation: Terraform Provider
If your organization uses Terraform to manage your infrastructure as code, you can use Twingate’s Terraform provider to automatically provision Connectors, along with other Twingate constructs such as Resources and Remote Networks. Please see the documentation for more details.
Deployment Automation Alternatives
Twingate Admin API
Twingate’s Admin API provides programmatic control over most admin functions, which you can use to automate the configuration of your Twingate Network.
The API can also specifically be used to provision Connectors and new tokens programatically.
Semi-automated approach
If you do not use Terraform, or do not wish to use the API, you may retrieve tokens from the Admin Console using the “Manual” Connector deployment option in the Admin Console. Note that the Connector tokens are unique to that specific Connector, and these tokens cannot be reused for multiple Connectors.
Therefore, in order to incorporate Connectors into a semi-automated process, keep the following in mind:
- You must continue to provision new Connectors through the Admin console or through the Twingate API.
- Use the environment variables generated for that specific Connector.
- The configuration variable for a single Connector cannot be re-used for additional Connectors.
Connector deployment parameters
If you are deploying Connectors and using manual token generation as described in the previous section, the following information will help deploy Connectors successfully.
Connector image source:
- The Connector image is public and hosted on Docker Hub. You can use an image registry address of
docker.io
with the image nametwingate/connector
and image taglatest
.
Fixed deployment parameters:
TWINGATE_NETWORK
should be the subdomain of your Twingate account (eg.acme
if your account is athttps://acme.twingate.com
).- The Docker parameter
--restart=unless-stopped
is used to ensure that the Connector container is always automatically restarted unless explicitly stopped. The equivalent setting should be used in any other container environment.
Connector-specific deployment parameters are:
TWINGATE_ACCESS_TOKEN
is an authentication token specific to the Connector being deployed. This should be treated as a secret and never checked into source control.TWINGATE_REFRESH_TOKEN
is an authentication refresh token specific to the Connector being deployed. This should similarly be treated as a secret.- The Docker parameter
--name
is used to identify the connector in your container management system. You can any name here, but it is probably most helpful to ensure that it matches the auto-generated name in the Admin console. - (Optional)
DNS_SERVER
is an optional parameter that specifies what DNS server the Connector should use to resolve Resources. If this is a private DNS server, it must be accessible from the Connector host.
Example: Helm Chart
An example of pulling all of the above together for a Helm Chart can be found here: https://github.com/Twingate/helm-charts
Last updated 10 months ago