Terraform - 如何查找用于网络对等互连的 Azure Kubernetes AKS vnet ID

Question

我正在使用单个 Terraform 脚本来部署 AKS 和应用程序网关。到目前为止，一切都按预期工作，我需要做的最后一件事是在 AKS 和应用程序网关之间配置 vnet 对等互连。

根据 Terraform 的文档，vnet 对等需要 AKS vnet 名称和 ID：

# AppGw to AKS
resource "azurerm_virtual_network_peering" "appgw_aks_peering" {
  name                      = "appgw-aks-peer"
  resource_group_name       = "my-appgw-rg"
  virtual_network_name      = azurerm_virtual_network.my_vnet.name
  remote_virtual_network_id = ???
}

# AKS to AppGw
resource "azurerm_virtual_network_peering" "aks_appgw_peering" {
  name                      = "aks-appgw-peer"
  resource_group_name       = "my-aksnode-rg"
  virtual_network_name      = ???
  remote_virtual_network_id = azurerm_virtual_network.my_vnet.id
}

resource "azurerm_kubernetes_cluster" "my_cluster" {
  name                = "my-aks"
  location            = "australiaeast"
  resource_group_name = "my-aks-rg"
  node_resource_group = "my-aksnode-rg"

  addon_profile {
    ingress_application_gateway {
      enabled    = true
      gateway_id = azurerm_application_gateway.my_appgw.id
    }
  }

  default_node_pool {
    name                 = "np01"
    node_count           = 1
    os_disk_size_gb      = 30
    vm_size              = var.aks_np_vm_sku
  }

  ...
}

我遇到的问题是创建 AKS 时会自动创建 AKS vnet，并且名称或 ID 都不会导出到任何地方。我找不到使用 Terraform 获取 AKS vnet 名称或 ID 的方法。有人可以指出我正确的方向或建议替代解决方案吗？

Answer 1

AFAIK 只能从 kubernetes 资源中获取子网 ID。最好的方法是使用 terraform 创建一个 vnet 和一个子网，并将您的 kubernetes 分配给这个子网。然后您可以添加对等互连。

# AppGw to AKS
resource "azurerm_virtual_network_peering" "appgw_aks_peering" {
  name                      = "appgw-aks-peer"
  resource_group_name       = "my-appgw-rg"
  virtual_network_name      = azurerm_virtual_network.my_vnet.name
  remote_virtual_network_id = azurerm_virtual_network.aks.id
}

# AKS to AppGw
resource "azurerm_virtual_network_peering" "aks_appgw_peering" {
  name                      = "aks-appgw-peer"
  resource_group_name       = "my-aksnode-rg"
  virtual_network_name      = azurerm_virtual_network.aks.name
  remote_virtual_network_id = azurerm_virtual_network.my_vnet.id
}

Answer 2

由于无法从 AKS 集群的资源块中获取 Vnet ID，您也可以为 AKS 创建一个 vnet 和子网，并在默认节点池块中创建集群时使用它，如下所示：

default_node_pool {
    name                 = "np01"
    node_count           = 1
    os_disk_size_gb      = 30
    vm_size              = var.aks_np_vm_sku
    vnet_subnet_id = azurerm_subnet.aks.id
  }

因此，根据您的要求，.tf 文件将如下所示：

provider "azurerm" {
    features{}
}
data "azurerm_resource_group" "name" {
  name = "resourcegroupname"
}
resource "azurerm_virtual_network" "aks" {
  name                = "aks-vnet"
  location            = data.azurerm_resource_group.name.location
  resource_group_name = data.azurerm_resource_group.name.name
  address_space       = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "aks" {
  name                 = "aks-subnet"
  resource_group_name  = data.azurerm_resource_group.name.name
  virtual_network_name = data.azurerm_resource_group.name.location
  address_prefixes     = ["10.0.1.0/24"]
}
resource "azurerm_virtual_network" "appgw" {
  name                = "appgw-vnet"
  location            = data.azurerm_resource_group.name.location
  resource_group_name = data.azurerm_resource_group.name.name
  address_space       = ["10.254.0.0/16"]
}
resource "azurerm_subnet" "frontend" {
  name                 = "frontend"
  resource_group_name  = data.azurerm_resource_group.name.name
  virtual_network_name = azurerm_virtual_network.appgw.name
  address_prefixes     = ["10.254.0.0/24"]
}
resource "azurerm_subnet" "backend" {
  name                 = "backend"
  resource_group_name  = data.azurerm_resource_group.name.name
  virtual_network_name = azurerm_virtual_network.appgw.name
  address_prefixes     = ["10.254.2.0/24"]
}
resource "azurerm_public_ip" "example" {
  name                = "example-pip"
  resource_group_name = data.azurerm_resource_group.name.name
  location            = data.azurerm_resource_group.name.location
  allocation_method   = "Dynamic"
}
# since these variables are re-used - a locals block makes this more maintainable
locals {
  backend_address_pool_name      = "${azurerm_virtual_network.appgw.name}-beap"
  frontend_port_name             = "${azurerm_virtual_network.appgw.name}-feport"
  frontend_ip_configuration_name = "${azurerm_virtual_network.appgw.name}-feip"
  http_setting_name              = "${azurerm_virtual_network.appgw.name}-be-htst"
  listener_name                  = "${azurerm_virtual_network.appgw.name}-httplstn"
  request_routing_rule_name      = "${azurerm_virtual_network.appgw.name}-rqrt"
  redirect_configuration_name    = "${azurerm_virtual_network.appgw.name}-rdrcfg"
}
resource "azurerm_application_gateway" "network" {
  name                = "example-appgateway"
  resource_group_name = data.azurerm_resource_group.name.name
  location            = data.azurerm_resource_group.name.location
  sku {
    name     = "Standard_Small"
    tier     = "Standard"
    capacity = 2
  }
  gateway_ip_configuration {
    name      = "my-gateway-ip-configuration"
    subnet_id = azurerm_subnet.frontend.id
  }
  frontend_port {
    name = local.frontend_port_name
    port = 80
  }
  frontend_ip_configuration {
    name                 = local.frontend_ip_configuration_name
    public_ip_address_id = azurerm_public_ip.example.id
  }
  backend_address_pool {
    name = local.backend_address_pool_name
  }
  backend_http_settings {
    name                  = local.http_setting_name
    cookie_based_affinity = "Disabled"
    path                  = "/path1/"
    port                  = 80
    protocol              = "Http"
    request_timeout       = 60
  }
  http_listener {
    name                           = local.listener_name
    frontend_ip_configuration_name = local.frontend_ip_configuration_name
    frontend_port_name             = local.frontend_port_name
    protocol                       = "Http"
  }
  request_routing_rule {
    name                       = local.request_routing_rule_name
    rule_type                  = "Basic"
    http_listener_name         = local.listener_name
    backend_address_pool_name  = local.backend_address_pool_name
    backend_http_settings_name = local.http_setting_name
  }
}
resource "azurerm_virtual_network_peering" "appgw_aks_peering" {
  name                      = "appgw-aks-peer"
  resource_group_name       = data.azurerm_resource_group.name.name
  virtual_network_name      = azurerm_virtual_network.appgw.id
  remote_virtual_network_id = azurerm_virtual_network.aks.id
}
# AKS to AppGw
resource "azurerm_virtual_network_peering" "aks_appgw_peering" {
  name                      = "aks-appgw-peer"
  resource_group_name       = data.azurerm_resource_group.name.name
  virtual_network_name      = azurerm_virtual_network.aks.id
  remote_virtual_network_id = azurerm_virtual_network.appgw.id
}
resource "azurerm_kubernetes_cluster" "my_cluster" {
  name                = "my-aks"
  location            = data.azurerm_resource_group.name.location
  resource_group_name = data.azurerm_resource_group.name.name
   dns_prefix              = "dns-myaks"
  addon_profile {
    ingress_application_gateway {
      enabled    = true
      gateway_id = azurerm_application_gateway.network.id
    }
  }
  default_node_pool {
    name                 = "np01"
    node_count           = 1
    os_disk_size_gb      = 30
    vm_size              = "Standard_D2_v2"
    vnet_subnet_id = azurerm_subnet.aks.id
  }
    identity {
    type = "SystemAssigned"
  }
}

输出：