google-cloud-platform - 创建 ForwardingRule 时出错,在与转发规则相同的区域和 VPC 中需要保留和活动的子网
问题描述
我正在尝试使用 terrafrom 创建区域负载均衡器,但我无法创建转发规则和区域 http(s) 代理。
resource "google_compute_region_ssl_certificate" "ssl-crt" {
project = "proyecto-pegachucho"
name_prefix = "my-certificate-"
region = var.lb_region
private_key = file("lb_http/certificate/privateKey.key")
certificate = file("lb_http/certificate/certificate.crt")
lifecycle {
create_before_destroy = true
}
}
resource "google_compute_forwarding_rule" "lb-front-HTTP" {
name = var.lb_front_name
load_balancing_scheme = "INTERNAL_MANAGED"
port_range = var.lb_front_port_range
target = google_compute_region_target_http_proxy.lb-proxy-http.self_link
region = var.lb_region
network = var.lb_network
subnetwork = var.lb_subnetwork
ip_address = "10.10.30.5"
}
resource "google_compute_forwarding_rule" "lb-front-HTTPS" {
name = "lb-https-front"
port_range = "443"
load_balancing_scheme = "INTERNAL_MANAGED"
ip_address = "10.10.30.6"
target = google_compute_region_target_https_proxy.lb-proxy-https.self_link
region = var.lb_region
network = var.lb_network
subnetwork = var.lb_subnetwork
}
resource "google_compute_region_target_http_proxy" "lb-proxy-http" {
name = var.lb_proxy_name
region = var.lb_region
project = "proyecto-pegachucho"
url_map = google_compute_region_url_map.lb_url_map.self_link
}
resource "google_compute_region_target_https_proxy" "lb-proxy-https" {
name = "test-proxy"
region = var.lb_region
project = "proyecto-pegachucho"
url_map = google_compute_region_url_map.lb_url_map.self_link
ssl_certificates = [google_compute_region_ssl_certificate.ssl-crt.id]
}
resource "google_compute_region_url_map" "lb_url_map" {
name = var.url_map_name
region = var.lb_region
default_service = google_compute_region_backend_service.lb-backend.self_link
}
resource "google_compute_region_backend_service" "lb-backend" {
name = var.lb_backend_name
region = var.lb_region
project = "proyecto-pegachucho"
load_balancing_scheme = "INTERNAL_MANAGED"
port_name = var.lb_backend_port_name
protocol = var.lb_backend_protocol
timeout_sec = var.lb_backend_timeout
health_checks = [var.healthcheck_output]
locality_lb_policy = "ROUND_ROBIN"
backend {
group = var.ig_id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
}
这会引发以下错误:
Error: Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/proyecto-pegachucho/regions/us-central1/targetHttpProxies/lb-proxy'. A reserved and active subnetwork is required in the same region and VPC as the forwarding rule., invalid
on lb_http\lb_http.tf line 13, in resource "google_compute_forwarding_rule" "lb-front-HTTP":
13: resource "google_compute_forwarding_rule" "lb-front-HTTP" {
Error: Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/proyecto-pegachucho/regions/us-central1/targetHttpsProxies/test-proxy'. A reserved and active subnetwork is required in the same region and VPC as the forwarding rule., invalid
on lb_http\lb_http.tf line 24, in resource "google_compute_forwarding_rule" "lb-front-HTTPS":
24: resource "google_compute_forwarding_rule" "lb-front-HTTPS" {
我尝试使用 google beta 提供程序,但似乎我没有权限,而我对我的 terraform 服务帐户拥有所有者权限。
Error: Error creating RegionSslCertificate: googleapi: Error 403: Required 'compute.regionSslCertificates.create' permission for 'projects/proyecto-pegachucho/regions/us-central1/sslCertificates/my-certificate-20210628014206664300000001', forbidden
on lb_http\lb_http.tf line 1, in resource "google_compute_region_ssl_certificate" "ssl-crt":
1: resource "google_compute_region_ssl_certificate" "ssl-crt" {
Error: Error creating RegionBackendService: googleapi: Error 403: Required 'compute.regionBackendServices.create' permission for 'projects/proyecto-pegachucho/regions/us-central1/backendServices/lb-backend'
More details:
Reason: forbidden, Message: Required 'compute.regionBackendServices.create' permission for 'projects/proyecto-pegachucho/regions/us-central1/backendServices/lb-backend'
Reason: forbidden, Message: Required 'compute.healthChecks.useReadOnly' permission for 'projects/proyecto-pegachucho/global/healthChecks/hsbc-healthcheck-dev'
Reason: forbidden, Message: Required 'compute.instanceGroups.use' permission for 'projects/proyecto-pegachucho/zones/us-central1-b/instanceGroups/tomcats-ig'
on lb_http\lb_http.tf line 59, in resource "google_compute_region_backend_service" "lb-backend":
59: resource "google_compute_region_backend_service" "lb-backend" {
解决方案
在为内部 HTTP(S) 负载平衡器创建转发规则之前,您必须创建一个仅代理子网。您在其中使用内部 HTTP(S) 负载均衡器的虚拟专用网络 (VPC) 的每个区域都必须具有仅代理子网。
显示的错误消息在最后一句中对其进行了描述:
Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/proyecto-pegachucho/regions/us-central1/targetHttpProxies/lb-proxy'.
A reserved and active subnetwork is required in the same region and VPC as the forwarding rule.
要解决这个问题,您可以通过gcloud compute networks subnets create命令手动创建所述仅代理子网,或者通过google_compute_subnetwork使用 terraform 变体,其中所有相同的字段都可用,您可以使用create中的文档作为指南,然后侵入它到处都是terraform。
请注意,这必须在为您的内部 HTTP(S) LB 创建转发规则之前完成
我希望提供的解决方案能有所帮助!
推荐阅读
- c++ - AVX 寄存器和两个 SSE 寄存器的高效拆分/连接
- javascript - 如何在 React Native 中使用 MapLibre GL Js
- excel - 如何在不更改数字格式的情况下将用户窗体中的文本框中的数字导出到工作表
- jquery - Rails 6将输入添加到页面中的列表
- msbuild - 即使出现错误,Azure 管道 msbuild 也会成功?
- javascript - Firestore 更新集合值
- python - 将特定时间格式转换为另一种格式
- php - Laravel 如何解析模型中的一些方法?
- node.js - 在 IISnode 的请求正文中发送带有大数据的发布请求时,在 IIS 中不起作用
- excel - Excel vba combobox.value 读取十进制值的 10 倍