Google cloud platform Terraform 0.12使用模板创建入口规则
我想知道这样的东西是否可以用。我有功能代码在工作,但由于kubernetes中的pod将快速成长,我想转换为模板。这是为每个wordpress站点pod创建每个nginx入口规则的示例 现在,每个pod都有其wordpress入口条目:Google cloud platform Terraform 0.12使用模板创建入口规则,google-cloud-platform,terraform,Google Cloud Platform,Terraform,我想知道这样的东西是否可以用。我有功能代码在工作,但由于kubernetes中的pod将快速成长,我想转换为模板。这是为每个wordpress站点pod创建每个nginx入口规则的示例 现在,每个pod都有其wordpress入口条目: resource "kubernetes_ingress" "ingress_nginx_siteA" { metadata { name = "ingress-nginx-siteA" namespace = "defau
resource "kubernetes_ingress" "ingress_nginx_siteA" {
metadata {
name = "ingress-nginx-siteA"
namespace = "default"
annotations = { "kubernetes.io/ingress.class" = "nginx", "nginx.ingress.kubernetes.io/configuration-snippet" = "modsecurity_rules '\n SecRuleEngine On\n SecRequestBodyAccess On\n SecAuditEngine RelevantOnly\n SecAuditLogParts ABCIJDEFHZ\n SecAuditLog /var/log/modsec_audit.log\n SecRuleRemoveById 932140\n';\n", "nginx.ingress.kubernetes.io/ssl-passthrough" = "true" }
}
spec {
tls {
hosts = ["siteA.test.com"]
secret_name = "wildcard-test-com"
}
rule {
host = "siteA.test.com"
http {
path {
path = "/"
backend {
service_name = "siteA"
service_port = "80"
}
}
}
}
}
}
variable "wordpress_site" {
type = map(object({
name = string
url = string
certificate = string
}))
default = {
siteA = {
name = siteA
url = siteA.test.com
certificate = wildcard-test-com
}
siteB = {
name = siteB
url = siteB.test.com
certificate = wildcard-test-com
}
}
}
%{ for name in wordpress_site.name ~}
resource "kubernetes_ingress" "ingress_nginx_${name}" {
metadata {
name = "ingress-nginx-${name}"
namespace = "default"
annotations = { "kubernetes.io/ingress.class" = "nginx", "nginx.ingress.kubernetes.io/configuration-snippet" = "modsecurity_rules '\n SecRuleEngine On\n SecRequestBodyAccess On\n SecAuditEngine RelevantOnly\n SecAuditLogParts ABCIJDEFHZ\n SecAuditLog /var/log/modsec_audit.log\n SecRuleRemoveById 932140\n';\n", "nginx.ingress.kubernetes.io/ssl-passthrough" = "true" }
}
spec {
tls {
hosts = ["${wordpress_site.url}"]
secret_name = "${wordpress_site.certificate}"
}
rule {
host = "${wordpress_site.url}"
http {
path {
path = "/"
backend {
service_name = "${name}"
service_port = "80"
}
}
}
}
}
}
%{ endfor ~}
templatefile(${path.module}/rules.tpl, ${module.var.wordpress_site})
谢谢大家的支持 templatefile函数用于从模板生成字符串,而不是生成地形配置。虽然可以呈现给定模板以生成包含Terraform配置的字符串,但Terraform只会将结果视为普通字符串,而不是要评估的更多配置 相反,我们需要得到期望的结果,这允许基于映射值从单个资源创建多个实例
resource "kubernetes_ingress" "nginx" {
for_each = var.wordpress_site
metadata {
name = "ingress-nginx-${each.value.name}"
namespace = "default"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOT
modsecurity_rules '
SecRuleEngine On
SecRequestBodyAccess On
SecAuditEngine RelevantOnly
SecAuditLogParts ABCIJDEFHZ
SecAuditLog /var/log/modsec_audit.log
SecRuleRemoveById 932140
';
EOT
"nginx.ingress.kubernetes.io/ssl-passthrough" = "true"
}
}
spec {
tls {
hosts = [each.value.url]
secret_name = each.value.certificate
}
rule {
host = each.value.url
http {
path {
path = "/"
backend {
service_name = each.value.name
service_port = "80"
}
}
}
}
}
}
资源“kubernetes\u ingress”“nginx”{
for_each=var.wordpress_站点
元数据{
name=“ingress nginx-${each.value.name}”
namespace=“默认”
注释={
“kubernetes.io/ingres.class”=“nginx”
“nginx.ingres.kubernetes.io/configuration snippet”=非常感谢@martin atkins!我将修改代码并进行测试。我将返回结果。