[英]How to describe a shared VPC and define its subnets in GCP via terraform
我为我的组织创建了两个共享 VPC,一个用于生产,一个用于非生产。
对于这些共享 VPC,我想创建描述并定义子网,但在 terraform 中找不到这些元素的正确条目。
即以下是我如何定义资源块以指定宿主项目(并创建共享 VPC):
resource "google_compute_shared_vpc_host_project" "dev-shared-shared-vpc-host" {
provider = google.as_network_admin
project = google_project.dev-shared-vpc-host.project_id
}
现在,当我尝试创建子网时:
resource "google_compute_subnetwork" "dev-subnetwork" {
provider = google.as_network_admin
name = var.vpc_and_subnet_info.for_dev_env.subnetwork.name
ip_cidr_range = var.vpc_and_subnet_info.for_dev_env.subnetwork.ip_cidr_range
region = var.region
secondary_ip_range {
range_name = var.vpc_and_subnet_info.for_dev_env.subnetwork.secondary_ip_range.name
ip_cidr_range = var.vpc_and_subnet_info.for_dev_env.subnetwork.secondary_ip_range.ip_cidr_range
}
network = google_compute_shared_vpc_host_project.dev-shared-shared-vpc-host.id
project = google_project.dev-shared-vpc-host.id
}
我收到一个错误,例如
╷
│ Error: Error creating Subnetwork: googleapi: Error 400: Invalid value for field 'resource.network': 'projects/projects/<redacted_project_id>/global/networks/<redacted_project_id>'. The URL is malformed., invalid
│
│ with google_compute_subnetwork.dev-subnetwork,
│ on networking.tf line 5, in resource "google_compute_subnetwork" "dev-subnetwork":
│ 5: resource "google_compute_subnetwork" "dev-subnetwork" {
│
显然projects/projects/..弄乱了网络参数,但是在google_compute_shared_vpc_host_project 的文档中,除了id之外没有任何其他 output 。 对于输入 arguments 没有description 。 但是,当我尝试手动创建共享 VPC 时,我可以输入描述并创建子网。
请注意,创建常规 VPC 的google_compute_network有很好的文档记录,并且我在上面定义的子网可以很好地使用它。
编辑:
将project参数固定为project = google_project.dev-shared-vpc-host.project_id而不是id会删除projects/projects/...网络错误,但会给出此错误:
╷
│ Error: Error creating Subnetwork: googleapi: Error 404: The resource 'projects/<redacted_project_id>/global/networks/<redacted_project_id>' was not found, notFound
│
│ with google_compute_subnetwork.dev-subnetwork,
│ on networking.tf line 5, in resource "google_compute_subnetwork" "dev-subnetwork":
│ 5: resource "google_compute_subnetwork" "dev-subnetwork" {
│
╵
我似乎误解了通过google_compute_shared_vpc_host_project创建共享 VPC,这不会创建vpc 本身,而只是将项目指定为宿主项目,因此共享必须事先存在的 vpc。
因此,我应该事先创建一个google_compute_network ,这是实现我在问题中想要的所需的 HCL:
resource "google_compute_network" "dev-vpc-network" {
provider = google.as_network_admin
name = var.vpc_and_subnet_info.for_dev_env.vpc.name
auto_create_subnetworks = var.vpc_and_subnet_info.for_dev_env.vpc.auto_create_subnetworks
project = google_project.dev-shared-vpc-host.project_id
description = var.vpc_and_subnet_info.for_dev_env.vpc.description
}
resource "google_compute_shared_vpc_host_project" "dev-shared-shared-vpc-host" {
provider = google.as_network_admin
project = google_project.dev-shared-vpc-host.project_id
}
resource "google_compute_subnetwork" "dev-subnetwork" {
provider = google.as_network_admin
name = var.vpc_and_subnet_info.for_dev_env.subnetwork.name
ip_cidr_range = var.vpc_and_subnet_info.for_dev_env.subnetwork.ip_cidr_range
region = var.region
secondary_ip_range {
range_name = var.vpc_and_subnet_info.for_dev_env.subnetwork.secondary_ip_range.name
ip_cidr_range = var.vpc_and_subnet_info.for_dev_env.subnetwork.secondary_ip_range.ip_cidr_range
}
network = google_compute_network.dev-vpc-network.id
project = google_project.dev-shared-vpc-host.project_id
}
当然,在这些示例中,我使用.tfvars中声明的变量来填写名称,以及资源块中所需的其他 arguments。
Terraform 和 GCP - 在现有的共享 VPC 和子网中创建新的计算 VM
[英]Terraform and GCP - Create new Compute VM in existing Shared VPC and Subnet
使用 terraform 使用现有的共享 vpc 网络创建 gke 集群
[英]Create gke cluster with existing shared vpc network using terraform
如何通过 terraform 在 GCP Cloud 中禁用 GKE 服务中的日志记录和监控服务
[英]How to disable logging and monitoring service in GKE service in GCP Cloud via terraform
在 GCP 中,如何创建防火墙规则以按 IP 范围隔离子网?
[英]In GCP, how to create firewall rules to isolate subnets by their IP ranges?
如何在Terraform中的route_table_association中引用多个su.net?
[英]How to take the reference of multiple subnets in route_table_association in Terraform?
如何使用 terraform 创建具有公共和私有 su.net 的 EKS 集群?
[英]How to create an EKS cluster with public and private subnets using terraform?
如何使用内部 IP 在同一 VPC 但不同的 su.net(区域)内通信 2 个实例
[英]how to communicate 2 instances inside the same VPC but different subnets (regions) using internal IP
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.