如何添加`default-allow-http`

Question

如何将 terraform 脚本中的 default-allow-http 防火墙规则添加到 Google 云计算实例？

provider "google" {
    credentials = file("CREDENTIAL_FILE")
    project = "gitlab-project"
    region = var.region
}

resource "google_compute_instance" "gitlab" {
  name          = var.machine_specs.name
  machine_type  = var.machine_type.emicro
  zone          = var.zone

  boot_disk {
    initialize_params {
        image = var.machine_specs.os
        size = var.machine_specs.size
    }
  }

  network_interface {
    # A default network is created for all GCP projects
    network     = "default"
    access_config {
      nat_ip = google_compute_address.static.address
    }
  }

    // Add the SSH key
    metadata = {
        ssh-keys = "martin:${file("~/.ssh/id_rsa.pub")}"
    }

}

// A variable for extracting the external ip of the instance
output "ip" {
 value = "${google_compute_instance.gitlab.network_interface.0.access_config.0.nat_ip}"
}

resource "google_compute_address" "static" {
  name = "ipv4-address"
  address_type = "EXTERNAL"
  address = "XXX.XXX.XXX.XXX"
}

resource "google_compute_firewall" "allow-http" {
  name = "default-allow-http"
  network = 

  allow{
    protocol = "tcp"
    ports = ["80"]
  }
}

Answer 1

您需要将标签["http-server", "https-server"] 添加到您的资源组google_compute_instance，如下所示：

[...]

resource "google_compute_instance" "gitlab" {
  name          = var.machine_specs.name
  machine_type  = var.machine_type.emicro
  zone          = var.zone

tags = ["http-server", "https-server"]

[...]

Answer 2

只需将标签http-server 和https-server 添加到您的google_cloud_instance 资源组。 标签可以在 GCloud-Console 的防火墙设置中找到。

Answer 3

您可以使用google_compute_instance 资源中提供的tags 参数。

它看起来像：

resource "google_compute_instance" "gitlab" {
  name          = var.machine_specs.name
  machine_type  = var.machine_type.emicro
  zone          = var.zone

  tags = ["http-server"]

http-server 标签用于default-allow-http 防火墙规则。 如果您需要default-allow-https，只需将https-server 附加到标签列表即可。

希望这会有所帮助。