在Kubernetes中通过ConfigMap tp TargetGroupBinding传递ARN

elcex8rz  于 2023-05-28  发布在  Kubernetes
关注(0)|答案(2)|浏览(153)

我需要在AWS中执行目标组绑定。我正在使用Terraform创建几乎所有的资源(EKS集群,节点,其他AWS服务)。最重要的是,我有一个Kubernetes集群,当然还有用K8s yamls编写的代码。
我正在创建一个像f.e.这样的服务。nginx代理,这意味着它的代理工作。
我想实现的是绑定代理服务

kind: Service
metadata:
  name: nginx-proxy-service
  namespace: nginx-proxy
spec:
  selector:
    app: nginx-proxy
  ports:
    - protocol: TCP
      port: 443
      targetPort: 443

在Terraform中创建的目标组

resource "aws_lb_target_group" "nginx-proxy" {
  name        = "${var.environment}-proxy-tg"
  port        = 443
  protocol    = "HTTPS"
  vpc_id      = var.vpc_id
  target_type = "ip"
}

有一个CRD TargetGroupBinding可用于此目的,但我需要将TargetGroup ARN传递给它

apiVersion: elbv2.k8s.aws/v1beta1
kind: TargetGroupBinding
metadata:
  name: nginx-proxy-tgb
  namespace: nginx-proxy
spec:
  serviceRef:
    name: nginx-proxy-service
    port: 443
  targetGroupARN: $(TARGETGROUP_ARN)

首先,我认为我可以使用ConfigMap,但TargetGroupBinding不理解ConfigMap。然后我想我可以使用Kustomize,但我不知道如何(如果可能的话)从包含该值的ConfigMap传递值,

$ kubectl describe configmap proxy-cm
Name:         proxy-cm
Namespace:    nginx-proxy
Labels:       <none>
Annotations:  <none>

Data
====
targetgroup_arn:
----
arn:aws:elasticloadbalancing:eu-west-1:<somevaluehere>:targetgroup/beta-proxy-tg/<somevaluethere>

BinaryData
====

Events:  <none>

到Kustomize,然后Kustomize可以使用它并替换我的TargetGroupBinding中的适当字段。
你知道我怎么才能把这两样东西结合起来吗?看起来很常见的模式,但作为一个新手在Terraform和K8s我不能弄清楚。

o75abkj4

o75abkj41#

如果我理解了这个问题,就需要将CRD应用到集群中,其中一个参数应该由创建的另一个资源提供的值填充。为此,可以使用hashicorp/kubernetes提供程序,即它的kubernetes_manifest resource。根据问题,它可能看起来像下面这样:

resource "aws_lb_target_group" "nginx-proxy" {
  name        = "${var.environment}-proxy-tg"
  port        = 443
  protocol    = "HTTPS"
  vpc_id      = var.vpc_id
  target_type = "ip"
}

resource "kubernetes_manifest" "target_group_binding_crd" {
  manifest = {
    apiVersion = "elbv2.k8s.aws/v1beta1"
    kind       = "TargetGroupBinding"

    metadata = {
      name      = "nginx-proxy-tgb"
      namespace = "nginx-proxy"
    }

    spec = {
      serviceRef = {
        name = "nginx-proxy-service"
        port = 443
      }
      targetGroupARN = aws_lb_target_group.nginx-proxy.arn
    }
  }
}

其中目标组ARN将使用隐式依赖性(即,targetGroupARN = aws_lb_target_group.nginx-proxy.arn)被传递到kubernetes_manifest资源。

ttcibm8c

ttcibm8c2#

我想使用Terraform创建基础设施对象(EKS集群,节点,负载均衡器,目标组等)。我想使用kubernetes/Kustomize/Helm代码来创建K8s对象,如deployments,services,statefulsets等。我几乎已经用 Helm 图的方法做到了
Terraform对象创建:

resource "aws_lb_target_group" "nginx-proxy" {
  name        = "${var.environment}-proxy-tg"
  port        = 443
  protocol    = "HTTPS"
  vpc_id      = var.vpc_id
  target_type = "ip"
}

resource "kubernetes_config_map" "proxy_configmap" {
  metadata {
    name      = "proxy-cm"
    namespace = "nginx-proxy"
  }
  data = {
    targetgroup_arn  = "${aws_lb_target_group.nginx-proxy.arn}"
    lb-name = "${aws_lb.eks_alb.name}"
  }
  depends_on = [kubernetes_namespace.nginx-proxy-namespace]
}

_helpers.tpl

{{- define "awsLBTargetGroupArn" -}}
{{- (lookup "v1" "ConfigMap" "nginx-proxy" "proxy-cm").data.targetgroup_arn }}
{{- end -}}

Helm模板:

apiVersion: v1
kind: Service
metadata:
  name: nginx-proxy-service
  namespace: nginx-proxy
spec:
  selector:
    app: nginx-proxy
  ports:
    - protocol: TCP
      port: 443
      targetPort: 443

apiVersion: elbv2.k8s.aws/v1beta1
kind: TargetGroupBinding
metadata:
  name: nginx-proxy-tgb
  namespace: nginx-proxy
spec:
  serviceRef:
    name: nginx-proxy-service
    port: 443
  targetGroupARN: {{ include "awsLBTargetGroupArn" . }}

我可以看到kubectl显示它正在绑定

✗ kubectl describe TargetGroupBinding nginx-proxy-tgb
Name:         nginx-proxy-tgb
Namespace:    nginx-proxy
Labels:       app.kubernetes.io/managed-by=Helm
Annotations:  meta.helm.sh/release-name: nginx-proxy
              meta.helm.sh/release-namespace: nginx-proxy
API Version:  elbv2.k8s.aws/v1beta1
Kind:         TargetGroupBinding
(...)


Ip Address Type:  ipv4
  Service Ref:
    Name:            nginx-proxy-service
    Port:            443
  Target Group ARN:  arn:aws:elasticloadbalancing:eu-west-1:<somenumbershere>:targetgroup/beta-proxy-tg/bba0b9519459370e
  Target Type:       ip
Status:
  Observed Generation:  1
Events:
  Type    Reason                  Age                From                Message
  ----    ------                  ----               ----                -------
  Normal  SuccessfullyReconciled  48m (x3 over 83m)  targetGroupBinding  Successfully reconciled

但我看不到连接的节点

✗ aws elbv2 describe-target-health  --target-group-arn arn:aws:elasticloadbalancing:eu-west-1:<somenumbershere>:targetgroup/beta-proxy-tg/bba0b9519459370e
----------------------
|DescribeTargetHealth|
+--------------------+

相关问题