我该如何做到这一点,以便我的节点组模块中的每个实例都使用特定的安全组?
module "self_managed_node_group" {
source = "terraform-aws-modules/eks/aws//modules/self-managed-node-group"
name = "separate-self-mng"
cluster_name = aws_eks_cluster.eks.id
cluster_version = "1.22"
cluster_endpoint = aws_eks_cluster.eks.endpoint
cluster_auth_base64 = aws_eks_cluster.eks.certificate_authority[0].data
vpc_id = module.vpc.vpc_id
subnet_ids = [
module.vpc.private_subnets[0],
module.vpc.private_subnets[1],
module.vpc.private_subnets[2],
]
vpc_security_group_ids = [
aws_security_group.node-sg[0].id,
aws_security_group.node-sg[1].id,
aws_security_group.node-sg[2].id
]
min_size = 3
max_size = 6
desired_size = 3
key_name = aws_key_pair.bastion_auth.id
security_group_name = "node-sg"
launch_template_name = aws_launch_template.node.id
instance_type = "t2.micro"
}
resource "aws_security_group" "node-sg" {
count = var.azs
name = "node-security-group-${count.index}"
vpc_id = module.vpc.vpc_id
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
security_groups = [aws_security_group.bastion-sg[count.index].id]
}
egress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
}
我有3个单独的安全组: node-sg [0] 。 node-sg [1] 和 node-sg [2] 。现在,在我的 self_managed_node_group 模块中,我添加所有3个的唯一方法就是这样:
vpc_security_group_ids = [
aws_security_group.node-sg[0].id,
aws_security_group.node-sg[1].id,
aws_security_group.node-sg[2].id
]
这显然将所有三个安全组分配给部署的每个节点。我想要的是我的第一个节点,可以创建用于使用 node-sg [0] ,我的第二个使用 node-sg [1] 和我的第三个节点要使用 node-sg [2] ,但我不知道如何使该工作
module "self_managed_node_group" {
source = "terraform-aws-modules/eks/aws//modules/self-managed-node-group"
name = "separate-self-mng"
cluster_name = aws_eks_cluster.eks.id
cluster_version = "1.22"
cluster_endpoint = aws_eks_cluster.eks.endpoint
cluster_auth_base64 = aws_eks_cluster.eks.certificate_authority[0].data
vpc_id = module.vpc.vpc_id
subnet_ids = [
module.vpc.private_subnets[0],
module.vpc.private_subnets[1],
module.vpc.private_subnets[2],
]
vpc_security_group_ids = [
aws_security_group.node-sg[0].id,
aws_security_group.node-sg[1].id,
aws_security_group.node-sg[2].id
]
min_size = 3
max_size = 6
desired_size = 3
key_name = aws_key_pair.bastion_auth.id
security_group_name = "node-sg"
launch_template_name = aws_launch_template.node.id
instance_type = "t2.micro"
}
resource "aws_security_group" "node-sg" {
count = var.azs
name = "node-security-group-${count.index}"
vpc_id = module.vpc.vpc_id
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
security_groups = [aws_security_group.bastion-sg[count.index].id]
}
egress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
}
I have 3 separate security groups: node-sg[0]. node-sg[1] and node-sg[2]. Right now in my self_managed_node_group module, the only way I could add all 3 was like-so:
vpc_security_group_ids = [
aws_security_group.node-sg[0].id,
aws_security_group.node-sg[1].id,
aws_security_group.node-sg[2].id
]
This obviously assigns all three security groups to each node that gets deployed. What I want instead, is my first node that gets created to use node-sg[0], my second node to use node-sg[1] and my third node to use node-sg[2] but I can't figure out how to make that work
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
除非您 fork 和手动修改自我管理的节点组模块。
如您所见#l48“ rel =” nofollow noreferrer“>源代码:
没有功能可以迭代
var.vpc_security_group_ids用于单个节点。var.vpc_security_group_ids用作整体列表,整个列表分配给每个节点。You can't do what you want, unless you fork and manually modify self-managed-node-group module.
As you can see in its source code:
there is no functionality to iterate over
var.vpc_security_group_idsfor individual nodes.var.vpc_security_group_idsis used as a whole list, and entire list is assigned to each node.