[英]How to reuse SSH tunnel in Terraform
I have to create a k8s job via Terraform and somehow organize the mechanism of waiting for this job to be completed (since Terraform fails to do this https://github.com/terraform-providers/terraform-provider-kubernetes/issues/534 )。 我發現沒有什么比使用 null 資源和等待 k8s 作業的命令(即kubectl wait
)更好的了。 這些東西將在 CI 上的 Docker 容器中執行。 此外,我需要通過堡壘 go 才能到達 k8s 集群。 我為此使用 SSH 隧道:
provider "ssh" {
port = ....
}
provider "kubernetes" {
config_context = "..."
config_context_cluster = "..."
host = "api.${k8s_host}:${data.ssh_tunnel.k8s.port}"
}
data "ssh_tunnel" "k8s" {
host = "bastion.....com"
local_address = "localhost:0"
remote_address = "api.${k8s_host}:443"
}
所有 k8s 資源都成功創建,所以我假設 SSH 隧道工作正常。 但是如何將它用於 null 資源? 就這個:
resource "null_resource" "wait" {
provisioner "local-exec" {
connection {
type = "ssh"
bastion_host = data.ssh_tunnel.k8s.host
bastion_private_key = file("~/.ssh/id_rsa")
bastion_port = data.ssh_tunnel.k8s.port
host = "api.${k8s_host}"
port = 443
}
command = "kubectl wait ...."
}
triggers = {
job_ids = join(", ", kubernetes_job.a-job.*.id)
}
}
但運氣不好,我得到“與服務器 api.${k8s_host} 的連接被拒絕 - 你指定了正確的主機或端口嗎?”
所以有兩個問題:1.如何以不同的方式等待工作2.如果1是不可能的(我確定是)如何以正確的方式重用SSH隧道。
PS 是的,我閱讀了文檔https://www.terraform.io/docs/provisioners/connection.html但我肯定做錯了。
我想出了如何重用由 Terraform 打開的 SSH 隧道:
resource "null_resource" "wait" {
provisioner "local-exec" {
command = "kubectl wait --server=https://api.${k8s_host}:${data.ssh_tunnel.k8s.port} --for=condition=complete --timeout=3000s job/a-job"
}
triggers = {
job_ids = join(", ", kubernetes_job.a-job.*.id)
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.