我正在使用 Terraform 在 AWS 上构建 ALB。ALB 应将多个端口转发到实例,但文档指定:
port -(必需)负载均衡器正在侦听的端口。
我是否必须为每个端口添加单独的 ALB 侦听器,或者是否有办法为每个侦听器指定多个端口?
我正在尝试使用GKE 的 Terraform 模块,但我不确定如何配置属性ip_range_pods和ip_range_services.
具体来说,我不确定他们是如何得出这些值的:
ip_range_pods = "us-central1-01-gke-01-pods"
ip_range_services = "us-central1-01-gke-01-services"
我尝试使用 terraform 在 AWS 上创建 RDS 实例,并收到以下错误
这段代码可以吗?
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}
resource "aws_subnet" "private-subnet1" {
vpc_id = "${aws_vpc.main.id}"
cidr_block = "10.0.1.0/24"
}
resource "aws_subnet" "private-subnet2" {
vpc_id = "${aws_vpc.main.id}"
cidr_block = "10.0.2.0/24"
}
resource "aws_db_subnet_group" "db-subnet" {
name = "DB subnet group"
subnet_ids = ["${aws_subnet.private-subnet1.id}", "${aws_subnet.private-subnet2.id}"]
}
resource "aws_db_instance" "db" {
allocated_storage = "20"
storage_type = "gp2"
engine = "mysql"
engine_version = "5.7.22"
instance_class = "db.t2.micro"
name = "mydb"
username = "admin"
password = "admin" …我尝试使用 Remote-exec 配置程序来检查新 AWS ec2 实例上的用户数据是否已完成,但我不断收到权限被拒绝的错误。
错误是。
bash: /tmp/terraform_409380328.sh: Permission denied
我们使用 Terraform 版本 10.8
有人可以帮忙吗?
provisioner "remote-exec" {
inline = [
"set -x",
"chmod +x /tmp/*sh",
"/bin/bash -c \"timeout 300 sed '/finished-user-data/q' <(tail /var/lib/cloud/data/result.json)\"",
]
connection {
type = "ssh"
user = "${var.user}"
private_key = "${file("${var.private_key}")}"
agent = false
}
}
我正在运行测试,我的容器不希望有硬内存限制,因为我以编程方式将虚拟机交换为更大尺寸的虚拟机,并且需要容器能够自动利用 CPU 和内存的增量。我想探索内存预留,因为它是软限制,并且如果虚拟机的内存不低,则允许容器扩展。不幸的是,这个参数似乎在任务定义中不起作用。有任何想法吗?
resource "aws_ecs_task_definition" "quorum" {
family = "quorum-${var.consensus_mechanism}-${var.tx_privacy_engine}-${var.network_name}"
container_definitions = "${replace(element(compact(local.container_definitions), 0), "/\"(true|false|[0-9]+)\"/", "$1")}"
requires_compatibilities = ["${var.ecs_mode}"]
# cpu = "4096"
# memory = "81920"
memoryReservation = "8192"
network_mode = "${var.ecs_network_mode}"
task_role_arn = "${aws_iam_role.ecs_task.arn}"
execution_role_arn = "${aws_iam_role.ecs_task.arn}"
volume {
name = "${local.shared_volume_name}"
}
volume {
name = "docker_socket"
host_path = "/var/run/docker.sock"
}
}
[FINAL] Summary execution:
Wrote summarry output to: .mjolnir//output.log
2 errors occurred:
* aws_ecs_service.quorum: 5 errors occurred:
* aws_ecs_service.quorum[3]: Resource 'aws_ecs_task_definition.quorum' not found for …我正在尝试探索 terraform 在 AWS 中创建自动化基础设施。我不清楚如何将安全组附加到 terraform 中的 aws 实例。
例如,是否有任何属性可以指定安全组,如下所示
resource "aws_instance" "web" {
ami = "ami-a1b2c3d4"
instance_type = "t2.micro"
}
**resource "aws_iam_role" "eks_role" {
name = "eks_role"
assume_role_policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
POLICY
}
resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
role = "aws_iam_role.eks_role.name"
}
resource "aws_iam_role_policy_attachment" "AmazonEKSServicePolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
role = "aws_iam_role.eks_role.name"
}
resource "aws_eks_cluster" "t3_eks" {
name = "t3_eks"
role_arn = "aws_iam_role.eks_role.arn"
vpc_config {
security_group_ids = var.sg
subnet_ids = var.subnets
endpoint_private_access = false
endpoint_public_access = true
}
depends_on = [ …我需要创建 GKE 集群,然后创建命名空间并通过 helm 将 db 安装到该命名空间。现在我有 gke-cluster.tf,它使用节点池和 helm.tf 创建集群,它具有 kubernetes provider 和 helm_release 资源。它首先创建集群,然后尝试安装 db 但命名空间尚不存在,所以我必须terraform apply再次运行才能正常工作。我想避免使用多个文件夹的场景并且terraform apply只运行一次。像这样的情景有什么好的做法?感谢您的回答。
google-cloud-platform kubernetes google-kubernetes-engine terraform
假设我*.tf在 terraform 项目中有多个文件。当我执行 aterraform apply我想知道:
是否可以打开运行时创建的文件terraform plan -out?
我已经运行terraform plan -out samplefile.txt并想仔细阅读文件的内容,但我找不到能够打开它的文本编辑器。
不知道是不是字符编码问题。