时间戳

首页 > 解决方案 > Terraform 中的 InvalidGroup.NotFound 错误,但存在安全组

terraform - Terraform 中的 InvalidGroup.NotFound 错误,但存在安全组

问题描述

我从 command 收到以下错误AWS_PROFILE=myprofile AWS_REGION=sa-east-1 terraform apply -target=module.saopaulo_service_dev_kubernetes

Error authorizing security group rule type ingress: InvalidGroup.NotFound: The security group ‘sg-something’ does not exist

我申请的目标如下。

module "saopaulo_service_dev_kubernetes" {
  source = "./modules/regional-kubernetes"

  region_code    = "saopaulo"
  vpc_name       = "main"
  env            = "dev"
  cluster_prefix = "service"

  instance_type = "m5.2xlarge"

  providers = {
    aws = aws.saopaulo
  }
}

源文件如下。我没有添加所有文件,因为文件太多,只是附加了terraform-aws-modules/eks/aws我用来创建模块的 eks 模块 ( )。

data "aws_eks_cluster" "cluster" {
  name = module.eks.cluster_id
}

data "aws_eks_cluster_auth" "cluster" {
  name = module.eks.cluster_id
}

provider "kubernetes" {
  host                   = data.aws_eks_cluster.cluster.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.cluster.token
  load_config_file       = false
  version                = "~> 1.9"
}

module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "12.2.0" # Version Pinning

  cluster_name    = local.cluster_name
  cluster_version = local.cluster_version
  vpc_id          = local.vpc_id
  subnets         = local.private_subnets

  cluster_enabled_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]

  worker_additional_security_group_ids = [aws_security_group.nodeport.id, data.aws_security_group.common_eks_sg.id]

  wait_for_cluster_cmd = "for i in `seq 1 60`; do curl -k -s $ENDPOINT/healthz >/dev/null && exit 0 || true; sleep 5; done; echo TIMEOUT && exit 1"

  worker_groups = concat([{
    instance_type = "t3.micro"

    asg_min_size = "1"
    asg_max_size = var.asg_max_size

    key_name = "shared-backdoor"

    kubelet_extra_args = join(" ", [
      "--node-labels=app=nodeport",
      "--register-with-taints=dedicated=nodeport:NoSchedule"
    ])

    pre_userdata = file("${path.module}/pre_userdata.sh")

    tags = concat([for k, v in local.common_tags : {
      key                 = k
      value               = v
      propagate_at_launch = "true"
      }], [{
      key                 = "Role"
      value               = "nodeport"
      propagate_at_launch = "true"
    }])

  }], local.worker_group)

  map_users = local.allow_user
  # map_roles = local.allow_roles[var.env]
}

我在 sa-east-1 区域中有名为 sg-something 的安全组,并且还检查了我是否正在通过检查在正确的区域上运行 terraform apply

data "aws_region" "current" {}
output my_region {
  value = data.aws_region.current.name
}

有什么建议么?

标签: terraform

解决方案

推荐阅读