Terraform 地形EKS标记
我遇到了Terraform EKS标记问题,似乎没有找到在创建新集群时标记所有VPC子网的可行解决方案 提供一些上下文:我们有一个AWS VPC,在其中我们将几个EKS集群部署到子网中。我们不创建VPC,子网是EKS群集创建的一部分。因此,创建集群的地形代码无法标记现有子网和VPC。虽然EKS将添加所需的标签,但下次我们在VPC上运行terraform apply时,这些标签将自动删除 我的解决办法是在VPC内提供一个terraform.tfvars文件,如下所示:Terraform 地形EKS标记,terraform,terraform-provider-aws,amazon-eks,Terraform,Terraform Provider Aws,Amazon Eks,我遇到了Terraform EKS标记问题,似乎没有找到在创建新集群时标记所有VPC子网的可行解决方案 提供一些上下文:我们有一个AWS VPC,在其中我们将几个EKS集群部署到子网中。我们不创建VPC,子网是EKS群集创建的一部分。因此,创建集群的地形代码无法标记现有子网和VPC。虽然EKS将添加所需的标签,但下次我们在VPC上运行terraform apply时,这些标签将自动删除 我的解决办法是在VPC内提供一个terraform.tfvars文件,如下所示: eks_tags = [
eks_tags =
[
"kubernetes.io/cluster/${var.cluster-1}", "shared",
"kubernetes.io/cluster/${var.cluster-2}", "shared",
"kubernetes.io/cluster/${var.cluster-2}", "shared",
]
resource "aws_vpc" "demo" {
cidr_block = "10.0.0.0/16"
tags = "${
map(
${var.eks_tags}
)
}"
}
我们总是为每个EKS集群创建新的VPC和子网的想法是错误的。显然,必须是一种使用Terraform标记现有VPC和子网资源的方法?当有两段具有不同状态文件的代码试图作用于同一资源时,此问题始终存在 解决此问题的一种方法是,每次应用EKS地形代码时,都将VPC资源重新导入到VPC状态文件中。这也将导入您的标记。子网也是如此,但从长远来看,这是一个手动且繁琐的过程
terraform导入aws_vpc.test_vpc vpc-a01106c2干杯 在我们的例子中,我们有单独的脚本来提供VPC和网络资源,我们没有添加EKS特定的标签 对于EKS群集配置,我们有单独的脚本,可以自动更新/添加群集上的标记 因此,在provider.tf文件中的VPC脚本上,我们添加了以下条件,以便脚本不会删除这些标记,并且一切正常
provider "aws" {
region = "us-east-1"
ignore_tags {
key_prefixes = ["kubernetes.io/cluster/"]
}
}
您现在可以使用aws provider
ignore_tagsaws_ec2_tag/*
Start of resource tagging logic to update the provided vpc and its subnets with the necessary tags for eks to work
The toset() function is actually multiplexing the resource block, one for every item in the set. It is what allows
for setting a tag on each of the subnets in the vpc.
*/
resource "aws_ec2_tag" "vpc_tag" {
resource_id = data.terraform_remote_state.vpc.outputs.vpc_id
key = "kubernetes.io/cluster/${var.cluster_name}"
value = "shared"
}
resource "aws_ec2_tag" "private_subnet_tag" {
for_each = toset(data.terraform_remote_state.vpc.outputs.private_subnets)
resource_id = each.value
key = "kubernetes.io/role/elb"
value = "1"
}
resource "aws_ec2_tag" "private_subnet_cluster_tag" {
for_each = toset(data.terraform_remote_state.vpc.outputs.private_subnets)
resource_id = each.value
key = "kubernetes.io/cluster/${var.cluster_name}"
value = "shared"
}
resource "aws_ec2_tag" "public_subnet_tag" {
for_each = toset(data.terraform_remote_state.vpc.outputs.public_subnets)
resource_id = each.value
key = "kubernetes.io/role/elb"
value = "1"
}
resource "aws_ec2_tag" "public_subnet_cluster_tag" {
for_each = toset(data.terraform_remote_state.vpc.outputs.public_subnets)
resource_id = each.value
key = "kubernetes.io/cluster/${var.cluster_name}"
value = "shared"
}
provider "aws" {
profile = "terraform"
region = "us-west-1"
// This is necessary so that tags required for eks can be applied to the vpc without changes to the vpc wiping them out.
// https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/resource-tagging
ignore_tags {
key_prefixes = ["kubernetes.io/"]
}
}
aws_ec2_标签/*
Start of resource tagging logic to update the provided vpc and its subnets with the necessary tags for eks to work
The toset() function is actually multiplexing the resource block, one for every item in the set. It is what allows
for setting a tag on each of the subnets in the vpc.
*/
resource "aws_ec2_tag" "vpc_tag" {
resource_id = data.terraform_remote_state.vpc.outputs.vpc_id
key = "kubernetes.io/cluster/${var.cluster_name}"
value = "shared"
}
resource "aws_ec2_tag" "private_subnet_tag" {
for_each = toset(data.terraform_remote_state.vpc.outputs.private_subnets)
resource_id = each.value
key = "kubernetes.io/role/elb"
value = "1"
}
resource "aws_ec2_tag" "private_subnet_cluster_tag" {
for_each = toset(data.terraform_remote_state.vpc.outputs.private_subnets)
resource_id = each.value
key = "kubernetes.io/cluster/${var.cluster_name}"
value = "shared"
}
resource "aws_ec2_tag" "public_subnet_tag" {
for_each = toset(data.terraform_remote_state.vpc.outputs.public_subnets)
resource_id = each.value
key = "kubernetes.io/role/elb"
value = "1"
}
resource "aws_ec2_tag" "public_subnet_cluster_tag" {
for_each = toset(data.terraform_remote_state.vpc.outputs.public_subnets)
resource_id = each.value
key = "kubernetes.io/cluster/${var.cluster_name}"
value = "shared"
}
@有那么一会儿,我认为上面的方法会奏效。但是,问题是我的子网资源是在一个模块中创建的,Terraform需要根模块中的定义(见下文):
Terraform导入aws_subnet.public-cluster-c-subnet-02ed*******1b6b错误:资源地址“aws_subnet.public-cluster-c-subnet”配置中不存在。导入此资源之前,请在根模块中创建其配置。例如:资源“aws#u subnet”“public-cluster-c-subnet”{#(资源参数)}terraform import module.some_module.module.some_other_module.aws_vpc.test_vpc-12341234terraform平面图的输出中可见。