时间戳

首页 > 解决方案 > 如何使用证书创建 hcloud 负载均衡器服务

terraform - 如何使用证书创建 hcloud 负载均衡器服务

问题描述

我正在尝试创建一个 hcloud(hetzner 云)负载平衡器并通过 terraform 向其添加 https 服务。由于某种原因,我无法将证书附加到负载均衡器服务,并且出现以下错误:

Error: Incorrect attribute value type

  on hcloud.tf line 76, in resource "hcloud_load_balancer_service" "web_lb_service":
  76:     certificates     = data.hcloud_certificate.lb_cert.id

Inappropriate value for attribute "certificates": list of number required.

我用于负载均衡器服务的 terraform 配置如下:

resource "hcloud_certificate" "domain_cert" {
    name = var.domain

    private_key = tls_private_key.cert_private_key.private_key_pem
    certificate = acme_certificate.certificate.certificate_pem

    labels = {
        type = "cert"
    }
}

resource "hcloud_load_balancer" "web_lb" {
  name               = "web_lb"
  load_balancer_type = "lb11"
  location           = var.location
  labels = {
    type = "web"
  }

  dynamic "target" {
    for_each = hcloud_server.web
    content {
      type      = "server"
      server_id = target.value["id"]
    }
  }

  algorithm {
    type = "round_robin"
  }
}

data "hcloud_certificate" "lb_cert" {
    id = hcloud_certificate.domain_cert.id
}

resource "hcloud_load_balancer_service" "web_lb_service" {
  load_balancer_id = hcloud_load_balancer.web_lb.id
  protocol         = "https"
  listen_port      = var.https_port
  destination_port = var.https_port
  health_check {
    protocol = var.https_protocol
    port     = var.https_port
    interval = "10"
    timeout  = "10"
    http {
      path         = "/"
      status_codes = ["2??", "3??"]
    }
   }
  http {
    certificates     = data.hcloud_certificate.lb_cert.id
 }
}

resource "hcloud_load_balancer_network" "web_network" {
  load_balancer_id        = hcloud_load_balancer.web_lb.id
  subnet_id               = hcloud_network_subnet.hc_private_subnet.id
  enable_public_interface = "true"
}

有什么想法吗?

谢谢!

br

标签: terraformhcloud

解决方案

您需要certificates作为列表传递,而不是作为单个参数传递。 https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/load_balancer_service

证书 - (可选,list[int])负载均衡器拥有的证书中的 ID 列表。

所以这部分应该看起来像

resource "hcloud_load_balancer_service" "web_lb_service" {
  load_balancer_id = hcloud_load_balancer.web_lb.id
  protocol         = "https"
  listen_port      = var.https_port
  destination_port = var.https_port
  health_check {
    protocol = var.https_protocol
    port     = var.https_port
    interval = "10"
    timeout  = "10"
    http {
      path         = "/"
      status_codes = ["2??", "3??"]
    }
   }
  http {
    certificates     = [data.hcloud_certificate.lb_cert.id]
 }
}

推荐阅读