Terraform 0.12使用模板创建入口规则
我想知道这样的东西能不能用上。我有功能代码可以工作,但是随着kubernetes中的pods快速成长,我想转换成模板。这是为每个wordpress站点荚创建每个nginx入口规则的示例。
现在,每个豆荚都有自己的wordpress入口条目:
resource "kubernetes_ingress" "ingress_nginx_siteA" {
metadata {
name = "ingress-nginx-siteA"
namespace = "default"
annotations = { "kubernetes.io/ingress.class" = "nginx", "nginx.ingress.kubernetes.io/configuration-snippet" = "modsecurity_rules '\n SecRuleEngine On\n SecRequestBodyAccess On\n SecAuditEngine RelevantOnly\n SecAuditLogParts ABCIJDEFHZ\n SecAuditLog /var/log/modsec_audit.log\n SecRuleRemoveById 932140\n';\n", "nginx.ingress.kubernetes.io/ssl-passthrough" = "true" }
}
spec {
tls {
hosts = ["siteA.test.com"]
secret_name = "wildcard-test-com"
}
rule {
host = "siteA.test.com"
http {
path {
path = "/"
backend {
service_name = "siteA"
service_port = "80"
}
}
}
}
}
}现在我想分拆成包含整个站点变量的variables.tf、一个模板文件rules.tpl和main.tf来编排这些内容。
variables.tf:
variable "wordpress_site" {
type = map(object({
name = string
url = string
certificate = string
}))
default = {
siteA = {
name = siteA
url = siteA.test.com
certificate = wildcard-test-com
}
siteB = {
name = siteB
url = siteB.test.com
certificate = wildcard-test-com
}
}
} rules.tpl:
%{ for name in wordpress_site.name ~}
resource "kubernetes_ingress" "ingress_nginx_${name}" {
metadata {
name = "ingress-nginx-${name}"
namespace = "default"
annotations = { "kubernetes.io/ingress.class" = "nginx", "nginx.ingress.kubernetes.io/configuration-snippet" = "modsecurity_rules '\n SecRuleEngine On\n SecRequestBodyAccess On\n SecAuditEngine RelevantOnly\n SecAuditLogParts ABCIJDEFHZ\n SecAuditLog /var/log/modsec_audit.log\n SecRuleRemoveById 932140\n';\n", "nginx.ingress.kubernetes.io/ssl-passthrough" = "true" }
}
spec {
tls {
hosts = ["${wordpress_site.url}"]
secret_name = "${wordpress_site.certificate}"
}
rule {
host = "${wordpress_site.url}"
http {
path {
path = "/"
backend {
service_name = "${name}"
service_port = "80"
}
}
}
}
}
}
%{ endfor ~}现在,在main.tf中,什么是最好的混合方式呢?我看到在TF 0.12类templatefile函数中添加了新的功能,但我根本不知道是否可以像这样使用它:
main.tf:
templatefile(${path.module}/rules.tpl, ${module.var.wordpress_site})谢谢大家的支持!
回答 1
Stack Overflow用户
发布于 2020-02-19 16:55:28
templatefile函数用于从模板生成字符串,而不是生成Terraform配置。尽管可以呈现给定的模板以生成包含Terraform配置的字符串,但Terraform将只将结果视为普通字符串,而不是要评估的更多配置。
相反,我们需要获得所需的结果的是resource for_each,它允许基于一个映射值从单个资源创建多个实例。
resource "kubernetes_ingress" "nginx" {
for_each = var.wordpress_site
metadata {
name = "ingress-nginx-${each.value.name}"
namespace = "default"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOT
modsecurity_rules '
SecRuleEngine On
SecRequestBodyAccess On
SecAuditEngine RelevantOnly
SecAuditLogParts ABCIJDEFHZ
SecAuditLog /var/log/modsec_audit.log
SecRuleRemoveById 932140
';
EOT
"nginx.ingress.kubernetes.io/ssl-passthrough" = "true"
}
}
spec {
tls {
hosts = [each.value.url]
secret_name = each.value.certificate
}
rule {
host = each.value.url
http {
path {
path = "/"
backend {
service_name = each.value.name
service_port = "80"
}
}
}
}
}
}当资源具有for_each集时,Terraform将计算给定的参数以获得一个映射,然后为该映射中的每个元素创建一个资源实例,每个实例都由其对应的map键标识。在本例中,假设var.wordpress_site的默认值,您将得到两个具有以下地址的实例:
kubernetes_ingress.nginx["siteA"]kubernetes_ingress.nginx["siteB"]
在resource块中,以each.value开头的引用引用映射中的值,在本例中,映射是描述每个站点的对象。
https://stackoverflow.com/questions/60298733
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号