可以对此模板进行哪些更改,以便该模板适用于所有场景。对于 1 个可用区和私有(private)子网:False,对于 1 个可用区和私有(private)子网:True,对于 2 个可用区和私有(private)子网:False,对于可用区和私有(private)子网:True
---
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Amazon EKS Sample VPC - Private and Public subnets'
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: "Worker Network Configuration"
Parameters:
- VpcCidr
- PublicSubnet01Block
- PublicSubnet02Block
- PrivateSubnet01Block
- PrivateSubnet02Block
- NumberOfAZs
- PrivateSubnets
Parameters:
PrivateSubnets:
Type: String
AllowedValues:
- True
- False
Default: True
Description: Do you want to create private subnets in addition to public subnets?
NumberOfAZs:
Type: Number
AllowedValues:
- 1
- 2
- 3
Default: 1
Description: How many Availability Zones do you wish to utilize?
VpcCidr:
Type: String
Default: 192.168.0.0/16
AllowedValues:
- 10.0.0.0/16
- 192.168.0.0/16
Description: The CIDR range for the VPC. This should be a valid private (RFC 1918) CIDR range.
Conditions:
BuildPublic02: !Not [ !Equals [ !Ref NumberOfAZs, 1 ]]
BuildPrivateSubnets: !Equals [ !Ref PrivateSubnets, True ]
BuildPrivate01: !Equals [ !Ref PrivateSubnets, True ] # Can't determine how to build a condition from a separate single condition
BuildPrivate02: !And [ Condition: BuildPrivateSubnets, Condition: BuildPublic02 ]
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnableDnsSupport: true
EnableDnsHostnames: true
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-VPC'
InternetGateway:
Type: "AWS::EC2::InternetGateway"
VPCGatewayAttachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public Subnets
- Key: Network
Value: Public
PrivateRouteTable01:
Type: AWS::EC2::RouteTable
Condition: BuildPrivate01
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Private Subnet AZ1
- Key: Network
Value: Private01
PrivateRouteTable02:
Type: AWS::EC2::RouteTable
Condition: BuildPrivate02
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Private Subnet AZ2
- Key: Network
Value: Private02
PublicRoute:
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PrivateRoute01:
Condition: BuildPrivate01
DependsOn:
- VPCGatewayAttachment
- NatGateway01
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable01
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway01
PrivateRoute02:
Condition: BuildPrivate02
DependsOn:
- VPCGatewayAttachment
- NatGateway02
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable02
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway02
NatGateway01:
Condition: BuildPrivate01
DependsOn:
- NatGatewayEIP1
- PublicSubnet01
- VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt 'NatGatewayEIP1.AllocationId'
SubnetId: !Ref PublicSubnet01
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-NatGatewayAZ1'
NatGateway02:
Condition: BuildPrivate02
DependsOn:
- NatGatewayEIP2
- PublicSubnet02
- VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt 'NatGatewayEIP2.AllocationId'
SubnetId: !Ref PublicSubnet02
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-NatGatewayAZ2'
NatGatewayEIP1:
Condition: BuildPrivate01
DependsOn:
- VPCGatewayAttachment
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
NatGatewayEIP2:
Condition: BuildPrivate02
DependsOn:
- VPCGatewayAttachment
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
PublicSubnet01:
Type: AWS::EC2::Subnet
Metadata:
Comment: Subnet 01
Properties:
MapPublicIpOnLaunch: true
AvailabilityZone:
Fn::Select:
- '0'
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: !Select [ 0, !Cidr [ !GetAtt VPC.CidrBlock, 4, 12 ]]
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PublicSubnet01"
- Key: kubernetes.io/role/elb
Value: 1
PublicSubnet02:
Type: AWS::EC2::Subnet
Condition: BuildPublic02
Metadata:
Comment: Subnet 02
Properties:
MapPublicIpOnLaunch: true
AvailabilityZone:
Fn::Select:
- '1'
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: !Select [ 1, !Cidr [ !GetAtt VPC.CidrBlock, 4, 12 ]]
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PublicSubnet02"
- Key: kubernetes.io/role/elb
Value: 1
PrivateSubnet01:
Type: AWS::EC2::Subnet
Condition: BuildPrivate01
Metadata:
Comment: Subnet 01
Properties:
AvailabilityZone:
Fn::Select:
- '0'
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: !Select [ 2, !Cidr [ !GetAtt VPC.CidrBlock, 4, 12 ]]
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PrivateSubnet01"
- Key: kubernetes.io/role/internal-elb
Value: 1
PrivateSubnet02:
Type: AWS::EC2::Subnet
Condition: BuildPrivate02
Metadata:
Comment: Private Subnet 02
Properties:
AvailabilityZone:
Fn::Select:
- '1'
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: !Select [ 3, !Cidr [ !GetAtt VPC.CidrBlock, 4, 12 ]]
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-PrivateSubnet02"
- Key: kubernetes.io/role/internal-elb
Value: 1
PublicSubnet01RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Properties:
SubnetId: !Ref PublicSubnet01
RouteTableId: !Ref PublicRouteTable
PublicSubnet02RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Condition: BuildPublic02
Properties:
SubnetId: !Ref PublicSubnet02
RouteTableId: !Ref PublicRouteTable
PrivateSubnet01RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Condition: BuildPrivate01
Properties:
SubnetId: !Ref PrivateSubnet01
RouteTableId: !Ref PrivateRouteTable01
PrivateSubnet02RouteTableAssociation:
Type: AWS::EC2::SubnetRouteTableAssociation
Condition: BuildPrivate02
Properties:
SubnetId: !Ref PrivateSubnet02
RouteTableId: !Ref PrivateRouteTable02
ControlPlaneSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Cluster communication with worker nodes
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 0
ToPort: 65535
CidrIp: 0.0.0.0/0
VpcId: !Ref VPC
Outputs:
SubnetIds:
Description: Private Subnets IDs in the VPC
Condition: BuildPublic02
Condition: BuildPrivateSubnets
Condition: BuildPrivate01
Condition: BuildPrivate02
Value: !Join [ ",", [ !Ref PublicSubnet01, !Ref PublicSubnet02, !Ref PrivateSubnet01, !Ref PrivateSubnet02 ] ]
PublicSubnetIds:
Condition: BuildPublic02
Description: Public Subnets IDs in the VPC
Value: !Join [ ",", [ !Ref PublicSubnet01, !Ref PublicSubnet02 ] ]
PrivateSubnetIds:
Description: Public Subnets IDs in the VPC
Condition: BuildPrivateSubnets
Condition: BuildPrivate01
Condition: BuildPrivate02
Value: !Join [ ",", [ !Ref PrivateSubnet01, !Ref PrivateSubnet02 ] ]
SecurityGroups:
Description: Security group for the cluster control plane communication with worker nodes
Value: !Join [ ",", [ !Ref ControlPlaneSecurityGroup ] ]
VpcId:
Description: The VPC Id
Value: !Ref VPC
当选择的参数为 2AZ 和 PrivateSubnets: True 时,此模板工作正常,而对于其他参数,此模板无法正常工作,未按预期生成输出。 可以进行哪些必要的更改才能使其适用于所有类型的参数?
最佳答案
Output 部分应如下所示。另请注意,您的模板仅适用于 1 个和 2 个可用区,而不适用于 NumberOfAZs 参数中的 3 个可用区。所以你也可以改变它:
NumberOfAZs:
Type: Number
AllowedValues: [1,2]
Default: 1
Description: How many Availability Zones do you wish to utilize?
和输出:
Outputs:
SubnetIds:
Description: All Subnets IDs in the VPC
Value:
!Join
- ","
- - !Ref PublicSubnet01
- !If [BuildPublic02, !Ref PublicSubnet02, !Ref "AWS::NoValue"]
- !If [BuildPrivate01, !Ref PrivateSubnet01, !Ref "AWS::NoValue"]
- !If [BuildPrivate02, !Ref PrivateSubnet02, !Ref "AWS::NoValue"]
PublicSubnetIds:
Description: Public Subnets IDs in the VPC
Value:
!Join
- ","
- - !Ref PublicSubnet01
- !If [BuildPublic02, !Ref PublicSubnet02, !Ref "AWS::NoValue"]
PrivateSubnetIds:
Description: Private Subnets IDs in the VPC
Condition: BuildPrivateSubnets
Value:
!Join
- ","
- - !Ref PrivateSubnet01
- !If [BuildPrivate02, !Ref PrivateSubnet02, !Ref "AWS::NoValue"]
SecurityGroups:
Description: Security group for the cluster control plane communication with worker nodes
Value: !Join [ ",", [ !Ref ControlPlaneSecurityGroup ] ]
VpcId:
Description: The VPC Id
Value: !Ref VPC
关于amazon-web-services - 在 yaml 模板中未获得正确的输出,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65948700/