azure - Terraform - 如何查找用于网络对等互连的 Azure Kubernetes AKS vnet ID
问题描述
我正在使用单个 Terraform 脚本来部署 AKS 和应用程序网关。到目前为止,一切都按预期工作,我需要做的最后一件事是在 AKS 和应用程序网关之间配置 vnet 对等互连。
根据 Terraform 的文档,vnet peering 需要 AKS vnet 名称和 ID:
# AppGw to AKS
resource "azurerm_virtual_network_peering" "appgw_aks_peering" {
name = "appgw-aks-peer"
resource_group_name = "my-appgw-rg"
virtual_network_name = azurerm_virtual_network.my_vnet.name
remote_virtual_network_id = ???
}
# AKS to AppGw
resource "azurerm_virtual_network_peering" "aks_appgw_peering" {
name = "aks-appgw-peer"
resource_group_name = "my-aksnode-rg"
virtual_network_name = ???
remote_virtual_network_id = azurerm_virtual_network.my_vnet.id
}
resource "azurerm_kubernetes_cluster" "my_cluster" {
name = "my-aks"
location = "australiaeast"
resource_group_name = "my-aks-rg"
node_resource_group = "my-aksnode-rg"
addon_profile {
ingress_application_gateway {
enabled = true
gateway_id = azurerm_application_gateway.my_appgw.id
}
}
default_node_pool {
name = "np01"
node_count = 1
os_disk_size_gb = 30
vm_size = var.aks_np_vm_sku
}
...
}
我遇到的问题是创建 AKS 时会自动创建 AKS vnet,并且名称或 ID 都不会导出到任何地方。我找不到使用 Terraform 获取 AKS vnet 名称或 ID 的方法。有人可以指出我正确的方向或建议替代解决方案吗?
解决方案
由于无法从 AKS 集群的资源块中获取 Vnet ID,因此您也可以为 AKS 创建一个 vnet 和子网,并在默认节点池块中创建集群时使用它,如下所示:
default_node_pool {
name = "np01"
node_count = 1
os_disk_size_gb = 30
vm_size = var.aks_np_vm_sku
vnet_subnet_id = azurerm_subnet.aks.id
}
因此,根据您的要求,.tf 文件将如下所示:
provider "azurerm" {
features{}
}
data "azurerm_resource_group" "name" {
name = "resourcegroupname"
}
resource "azurerm_virtual_network" "aks" {
name = "aks-vnet"
location = data.azurerm_resource_group.name.location
resource_group_name = data.azurerm_resource_group.name.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "aks" {
name = "aks-subnet"
resource_group_name = data.azurerm_resource_group.name.name
virtual_network_name = data.azurerm_resource_group.name.location
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_virtual_network" "appgw" {
name = "appgw-vnet"
location = data.azurerm_resource_group.name.location
resource_group_name = data.azurerm_resource_group.name.name
address_space = ["10.254.0.0/16"]
}
resource "azurerm_subnet" "frontend" {
name = "frontend"
resource_group_name = data.azurerm_resource_group.name.name
virtual_network_name = azurerm_virtual_network.appgw.name
address_prefixes = ["10.254.0.0/24"]
}
resource "azurerm_subnet" "backend" {
name = "backend"
resource_group_name = data.azurerm_resource_group.name.name
virtual_network_name = azurerm_virtual_network.appgw.name
address_prefixes = ["10.254.2.0/24"]
}
resource "azurerm_public_ip" "example" {
name = "example-pip"
resource_group_name = data.azurerm_resource_group.name.name
location = data.azurerm_resource_group.name.location
allocation_method = "Dynamic"
}
# since these variables are re-used - a locals block makes this more maintainable
locals {
backend_address_pool_name = "${azurerm_virtual_network.appgw.name}-beap"
frontend_port_name = "${azurerm_virtual_network.appgw.name}-feport"
frontend_ip_configuration_name = "${azurerm_virtual_network.appgw.name}-feip"
http_setting_name = "${azurerm_virtual_network.appgw.name}-be-htst"
listener_name = "${azurerm_virtual_network.appgw.name}-httplstn"
request_routing_rule_name = "${azurerm_virtual_network.appgw.name}-rqrt"
redirect_configuration_name = "${azurerm_virtual_network.appgw.name}-rdrcfg"
}
resource "azurerm_application_gateway" "network" {
name = "example-appgateway"
resource_group_name = data.azurerm_resource_group.name.name
location = data.azurerm_resource_group.name.location
sku {
name = "Standard_Small"
tier = "Standard"
capacity = 2
}
gateway_ip_configuration {
name = "my-gateway-ip-configuration"
subnet_id = azurerm_subnet.frontend.id
}
frontend_port {
name = local.frontend_port_name
port = 80
}
frontend_ip_configuration {
name = local.frontend_ip_configuration_name
public_ip_address_id = azurerm_public_ip.example.id
}
backend_address_pool {
name = local.backend_address_pool_name
}
backend_http_settings {
name = local.http_setting_name
cookie_based_affinity = "Disabled"
path = "/path1/"
port = 80
protocol = "Http"
request_timeout = 60
}
http_listener {
name = local.listener_name
frontend_ip_configuration_name = local.frontend_ip_configuration_name
frontend_port_name = local.frontend_port_name
protocol = "Http"
}
request_routing_rule {
name = local.request_routing_rule_name
rule_type = "Basic"
http_listener_name = local.listener_name
backend_address_pool_name = local.backend_address_pool_name
backend_http_settings_name = local.http_setting_name
}
}
resource "azurerm_virtual_network_peering" "appgw_aks_peering" {
name = "appgw-aks-peer"
resource_group_name = data.azurerm_resource_group.name.name
virtual_network_name = azurerm_virtual_network.appgw.id
remote_virtual_network_id = azurerm_virtual_network.aks.id
}
# AKS to AppGw
resource "azurerm_virtual_network_peering" "aks_appgw_peering" {
name = "aks-appgw-peer"
resource_group_name = data.azurerm_resource_group.name.name
virtual_network_name = azurerm_virtual_network.aks.id
remote_virtual_network_id = azurerm_virtual_network.appgw.id
}
resource "azurerm_kubernetes_cluster" "my_cluster" {
name = "my-aks"
location = data.azurerm_resource_group.name.location
resource_group_name = data.azurerm_resource_group.name.name
dns_prefix = "dns-myaks"
addon_profile {
ingress_application_gateway {
enabled = true
gateway_id = azurerm_application_gateway.network.id
}
}
default_node_pool {
name = "np01"
node_count = 1
os_disk_size_gb = 30
vm_size = "Standard_D2_v2"
vnet_subnet_id = azurerm_subnet.aks.id
}
identity {
type = "SystemAssigned"
}
}
输出:
推荐阅读
- python - 用返回覆盖保存模型 Django 保存方法
- date - 在 Excel 表单上设置日期格式
- javascript - 在引导程序中使用 mx-auto 时,Img 标签未以 col 为中心
- wordpress - ACF:在主循环之外显示值
- ios - 如何从相机胶卷中获取仅使用设备相机(前后)拍摄的图像?(iOS)
- azure-data-factory - 使用 Azure 数据工厂将 Web 活动输出加载到 SQL 表中
- javascript - 如何从 JSON 动态创建 Bootstrap 表
- python - 使用 OMPython 在 OpenModelica 中进行参数化扫描
- javascript - 仅显示 Google App Script 中的最后 12 行
- java - 合并来自单个流的 Kafka 记录值