我有以下集群,它创建得很好。但我还想添加 kubernetes_namespace 资源,以便在重新创建私有(private)集群后创建命名空间。但是,如何让 terraform 在创建后真正连接到私有(private)集群?
resource "azurerm_kubernetes_cluster" "aks_cluster" {
for_each = var.aks_clusters
name = "aks-${each.key}-${var.env}-001"
location = azurerm_resource_group.aks_rg.location
resource_group_name = azurerm_resource_group.aks_rg.name
dns_prefix = "test-${each.key}-aks-cluster"
kubernetes_version = data.azurerm_kubernetes_service_versions.current.latest_version
private_cluster_enabled = true #false until networking is complete
private_cluster_public_fqdn_enabled = true
#
# - Name must start with a lowercase letter, have max length of 12,
# and only have characters a-z0-9.
#
default_node_pool {
name = substr("test${each.key}",0,12)
vm_size = var.aks_cluster_vm_size
os_disk_size_gb = var.aks_cluster_os_size_gb
orchestrator_version = data.azurerm_kubernetes_service_versions.current.latest_version
availability_zones = [1, 2]
enable_auto_scaling = true
max_count = var.node_max_count
min_count = var.node_min_count
node_count = var.node_count
type = "VirtualMachineScaleSets"
vnet_subnet_id = var.aks_subnets[each.key].id
node_labels = {
"type" = each.key
"environment" = var.env
}
tags = {
"type" = each.key
"environment" = var.env
}
}
network_profile {
network_plugin = "kubenet"
pod_cidr = var.aks_subnets[each.key].pcidr
service_cidr = var.aks_subnets[each.key].scidr
docker_bridge_cidr = var.aks_subnets[each.key].dockcidr
dns_service_ip = var.aks_subnets[each.key].dnsip
}
service_principal {
client_id = var.aks_app_id
client_secret = var.aks_password
}
role_based_access_control {
enabled = true
}
tags = local.resource_tags
}最佳答案
使用同一 VNet 或对等 VNet 中的私有(private)构建代理。 Terraform 状态应该存储在 blob 容器中或任何您想要的位置,但不能存储在本地。
关于azure - 如何获取 terraform 计划以在集群内创建私有(private) AKS 集群和命名空间?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/69291703/