GCP Terraform cloud_router 模块——如何在 nat 配置中引用单个子网的 self_link?
我已经为此苦苦挣扎了几个小时,但无法使其发挥作用。 我在 main.tf 中使用外部模块来部署具有公共和私有子网的 GCP VPC,并且我想为其中一个子网(私有子网)配置 NAT。
我的 VPC 配置如下:
module "vpc" {
source = "github.com/terraform-google-modules/terraform-google-network"
project_id = var.project_id
network_name = var.network_name
routing_mode = "REGIONAL"
subnets = [
{
subnet_name = var.pub_subnet
subnet_ip = var.pub_cidr
subnet_region = var.region
},
{
subnet_name = var.priv_subnet
subnet_ip = var.priv_cidr
subnet_region = var.region
subnet_private_access = true
subnet_flow_logs = true
},
]
routes = [
{
name = "egress-internet"
description = "route through IGW to access internet"
destination_range = "0.0.0.0/0"
tags = "egress-inet"
next_hop_internet = "true"
},
]
}
在 VPC 模块块之后,我有一个“cloud_router”块,旨在为私有子网配置 NAT,但我无法获得正确的“名称”值。从我读到的文档来看,这是在寻找子网的 self_link 。我怎样才能让它发挥作用?
module "cloud_router" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 0.4"
name = var.cloud_router
project = var.project_id
region = var.region
network = module.vpc.network_self_link
nats = [{
name = var.cloud_nat
source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
subnetwork = {
name = "${module.vpc.subnets_self_links[0]}"
// <self_link>
// {{API base url}}/projects/{{your project}}/{{location type}}/{{location}}/{{resource type}}/{{name}}
source_ip_ranges_to_nat = ["ALL_IP_RANGES"]
}
}]
}
I have been struggling with this for hours and can't make it work.
I am using external modules in my main.tf to deploy a GCP VPC with a public and private subnet, and I want to configure NAT for one of the subnets (the private one).
My VPC is configured like this:
module "vpc" {
source = "github.com/terraform-google-modules/terraform-google-network"
project_id = var.project_id
network_name = var.network_name
routing_mode = "REGIONAL"
subnets = [
{
subnet_name = var.pub_subnet
subnet_ip = var.pub_cidr
subnet_region = var.region
},
{
subnet_name = var.priv_subnet
subnet_ip = var.priv_cidr
subnet_region = var.region
subnet_private_access = true
subnet_flow_logs = true
},
]
routes = [
{
name = "egress-internet"
description = "route through IGW to access internet"
destination_range = "0.0.0.0/0"
tags = "egress-inet"
next_hop_internet = "true"
},
]
}
Ater the VPC module block, I have a "cloud_router" block that is meant to configure NAT for the private subnet, but I cannot get the "name" value correct. From the docs I read, this is looking for the self_link of the subnetwork. How can I get this working?
module "cloud_router" {
source = "terraform-google-modules/cloud-router/google"
version = "~> 0.4"
name = var.cloud_router
project = var.project_id
region = var.region
network = module.vpc.network_self_link
nats = [{
name = var.cloud_nat
source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
subnetwork = {
name = "${module.vpc.subnets_self_links[0]}"
// <self_link>
// {{API base url}}/projects/{{your project}}/{{location type}}/{{location}}/{{resource type}}/{{name}}
source_ip_ranges_to_nat = ["ALL_IP_RANGES"]
}
}]
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
通过将 nat 配置移动到“资源”定义中而不是将其嵌套在“cloud_router”模块中,可以解决此问题:
This was resolved by moving the nat configuration into a 'resource' definition instead of nesting it inside the 'cloud_router' module: