Terraform -如何查找Azure Kubernetes AKS vnet ID以进行网络对等

57hvy0tb  于 2023-01-05  发布在  Kubernetes
关注(0)|答案(3)|浏览(235)

我使用一个Terraform脚本来部署AKS和一个应用网关,到目前为止一切都按预期运行,我需要做的最后一件事就是在AKS和应用网关之间配置vnet对等。
根据Terraform的文档,vnet对等需要AKS vnet名称和ID:

# AppGw to AKS
resource "azurerm_virtual_network_peering" "appgw_aks_peering" {
  name                      = "appgw-aks-peer"
  resource_group_name       = "my-appgw-rg"
  virtual_network_name      = azurerm_virtual_network.my_vnet.name
  remote_virtual_network_id = ???
}

# AKS to AppGw
resource "azurerm_virtual_network_peering" "aks_appgw_peering" {
  name                      = "aks-appgw-peer"
  resource_group_name       = "my-aksnode-rg"
  virtual_network_name      = ???
  remote_virtual_network_id = azurerm_virtual_network.my_vnet.id
}

resource "azurerm_kubernetes_cluster" "my_cluster" {
  name                = "my-aks"
  location            = "australiaeast"
  resource_group_name = "my-aks-rg"
  node_resource_group = "my-aksnode-rg"

  addon_profile {
    ingress_application_gateway {
      enabled    = true
      gateway_id = azurerm_application_gateway.my_appgw.id
    }
  }

  default_node_pool {
    name                 = "np01"
    node_count           = 1
    os_disk_size_gb      = 30
    vm_size              = var.aks_np_vm_sku
  }

  ...
}

问题是创建AKS时会自动创建AKS vnet,并且名称或ID都不会导出到任何地方。我找不到使用Terraform获取AKS vnet名称或ID的方法。有人能为我指出正确的方向或建议替代解决方案吗?

yeotifhr

yeotifhr1#

由于无法从AKS群集的资源块获取Vnet ID,您也可以为AKS创建一个vnet和子网,并在默认节点池块中创建群集时使用它,如下所示:

default_node_pool {
    name                 = "np01"
    node_count           = 1
    os_disk_size_gb      = 30
    vm_size              = var.aks_np_vm_sku
    vnet_subnet_id = azurerm_subnet.aks.id
  }

因此,根据您的要求,.tf文件将如下所示:

provider "azurerm" {
    features{}
}
data "azurerm_resource_group" "name" {
  name = "resourcegroupname"
}
resource "azurerm_virtual_network" "aks" {
  name                = "aks-vnet"
  location            = data.azurerm_resource_group.name.location
  resource_group_name = data.azurerm_resource_group.name.name
  address_space       = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "aks" {
  name                 = "aks-subnet"
  resource_group_name  = data.azurerm_resource_group.name.name
  virtual_network_name = data.azurerm_resource_group.name.location
  address_prefixes     = ["10.0.1.0/24"]
}
resource "azurerm_virtual_network" "appgw" {
  name                = "appgw-vnet"
  location            = data.azurerm_resource_group.name.location
  resource_group_name = data.azurerm_resource_group.name.name
  address_space       = ["10.254.0.0/16"]
}
resource "azurerm_subnet" "frontend" {
  name                 = "frontend"
  resource_group_name  = data.azurerm_resource_group.name.name
  virtual_network_name = azurerm_virtual_network.appgw.name
  address_prefixes     = ["10.254.0.0/24"]
}
resource "azurerm_subnet" "backend" {
  name                 = "backend"
  resource_group_name  = data.azurerm_resource_group.name.name
  virtual_network_name = azurerm_virtual_network.appgw.name
  address_prefixes     = ["10.254.2.0/24"]
}
resource "azurerm_public_ip" "example" {
  name                = "example-pip"
  resource_group_name = data.azurerm_resource_group.name.name
  location            = data.azurerm_resource_group.name.location
  allocation_method   = "Dynamic"
}
# since these variables are re-used - a locals block makes this more maintainable
locals {
  backend_address_pool_name      = "${azurerm_virtual_network.appgw.name}-beap"
  frontend_port_name             = "${azurerm_virtual_network.appgw.name}-feport"
  frontend_ip_configuration_name = "${azurerm_virtual_network.appgw.name}-feip"
  http_setting_name              = "${azurerm_virtual_network.appgw.name}-be-htst"
  listener_name                  = "${azurerm_virtual_network.appgw.name}-httplstn"
  request_routing_rule_name      = "${azurerm_virtual_network.appgw.name}-rqrt"
  redirect_configuration_name    = "${azurerm_virtual_network.appgw.name}-rdrcfg"
}
resource "azurerm_application_gateway" "network" {
  name                = "example-appgateway"
  resource_group_name = data.azurerm_resource_group.name.name
  location            = data.azurerm_resource_group.name.location
  sku {
    name     = "Standard_Small"
    tier     = "Standard"
    capacity = 2
  }
  gateway_ip_configuration {
    name      = "my-gateway-ip-configuration"
    subnet_id = azurerm_subnet.frontend.id
  }
  frontend_port {
    name = local.frontend_port_name
    port = 80
  }
  frontend_ip_configuration {
    name                 = local.frontend_ip_configuration_name
    public_ip_address_id = azurerm_public_ip.example.id
  }
  backend_address_pool {
    name = local.backend_address_pool_name
  }
  backend_http_settings {
    name                  = local.http_setting_name
    cookie_based_affinity = "Disabled"
    path                  = "/path1/"
    port                  = 80
    protocol              = "Http"
    request_timeout       = 60
  }
  http_listener {
    name                           = local.listener_name
    frontend_ip_configuration_name = local.frontend_ip_configuration_name
    frontend_port_name             = local.frontend_port_name
    protocol                       = "Http"
  }
  request_routing_rule {
    name                       = local.request_routing_rule_name
    rule_type                  = "Basic"
    http_listener_name         = local.listener_name
    backend_address_pool_name  = local.backend_address_pool_name
    backend_http_settings_name = local.http_setting_name
  }
}
resource "azurerm_virtual_network_peering" "appgw_aks_peering" {
  name                      = "appgw-aks-peer"
  resource_group_name       = data.azurerm_resource_group.name.name
  virtual_network_name      = azurerm_virtual_network.appgw.id
  remote_virtual_network_id = azurerm_virtual_network.aks.id
}
# AKS to AppGw
resource "azurerm_virtual_network_peering" "aks_appgw_peering" {
  name                      = "aks-appgw-peer"
  resource_group_name       = data.azurerm_resource_group.name.name
  virtual_network_name      = azurerm_virtual_network.aks.id
  remote_virtual_network_id = azurerm_virtual_network.appgw.id
}
resource "azurerm_kubernetes_cluster" "my_cluster" {
  name                = "my-aks"
  location            = data.azurerm_resource_group.name.location
  resource_group_name = data.azurerm_resource_group.name.name
   dns_prefix              = "dns-myaks"
  addon_profile {
    ingress_application_gateway {
      enabled    = true
      gateway_id = azurerm_application_gateway.network.id
    }
  }
  default_node_pool {
    name                 = "np01"
    node_count           = 1
    os_disk_size_gb      = 30
    vm_size              = "Standard_D2_v2"
    vnet_subnet_id = azurerm_subnet.aks.id
  }
    identity {
    type = "SystemAssigned"
  }
}

输出:

yruzcnhs

yruzcnhs2#

答:只能从Kubernetes资源中获取子网ID。最好的方法是使用Terraform创建一个vnet和一个子网,并将您的Kubernetes分配到该子网。然后您可以添加对等。

# AppGw to AKS
resource "azurerm_virtual_network_peering" "appgw_aks_peering" {
  name                      = "appgw-aks-peer"
  resource_group_name       = "my-appgw-rg"
  virtual_network_name      = azurerm_virtual_network.my_vnet.name
  remote_virtual_network_id = azurerm_virtual_network.aks.id
}

# AKS to AppGw
resource "azurerm_virtual_network_peering" "aks_appgw_peering" {
  name                      = "aks-appgw-peer"
  resource_group_name       = "my-aksnode-rg"
  virtual_network_name      = azurerm_virtual_network.aks.name
  remote_virtual_network_id = azurerm_virtual_network.my_vnet.id
}
6kkfgxo0

6kkfgxo03#

这是为那些想知道你的AKS集群属于哪个虚拟网络的读者准备的。
运行此命令,
az aks show -g portal-eu -n myhsmportaldevstage,然后在返回的JSON中查找networkProfile.vnetSubnetId
希望这能帮上忙。

相关问题