Jam*_*iew 3 google-compute-engine terraform
我有一些Terraform代码定义的Google Compute Instance.
provider "google" {
credentials = "${file("auth.json")}"
project = "aqueous-depth-189023"
region = "europe-west2"
}
resource "google_project" "website" {
name = "Website"
project_id = "aqueous-depth-189023"
}
resource "google_compute_instance" "default" {
name = "website"
machine_type = "n1-standard-1"
zone = "europe-west1-b"
network_interface {
network = "default"
access_config {
// Ephemeral IP
}
}
metadata {
sshKeys = "james:${file("website.pem.pub")}"
}
boot_disk {
initialize_params {
image = "debian-cloud/debian-8"
}
}
}
默认情况下,Google仅为Google Compute Instances提供端口22和其他一些内容.我是否可以更新我的Terraform代码以实现暴露端口80和其他一些端口,而无需使用Web控制台?我需要添加或编辑哪些Terraform资源?
使用google_compute_firewall.您需要tag使用实例资源的实例并target_tags在防火墙资源上设置.您可以在这里参考这些标签的工作原理.
resource "google_compute_instance" "default" {
name = "website"
machine_type = "n1-standard-1"
zone = "europe-west1-b"
tags = ["web"]
network_interface {
network = "default"
access_config {
// Ephemeral IP
}
}
metadata {
sshKeys = "james:${file("website.pem.pub")}"
}
boot_disk {
initialize_params {
image = "debian-cloud/debian-8"
}
}
}
resource "google_compute_firewall" "default" {
name = "web-firewall"
network = "default"
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["80"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["web"]
}
您还需要定义source_tags或source_ranges,上面的示例使用的源范围0.0.0.0/0是"任何".这可能不适合所有规则.
| 归档时间: |
|
| 查看次数: |
770 次 |
| 最近记录: |