Terraform - 重用现有子网在 GCP 上创建云 sql 实例 [英] Terraform - re-use an existing subnetwork to create a cloud sql instance on GCP
问题描述
我正在尝试使用 terraform 在 GCP 上创建云 sql 实例.我想使用在前面步骤中创建的现有 VPC 子网,但似乎没有办法引用它.相反,所有示例似乎都需要设置新的 IP 范围.这是我当前创建新 IP 范围的代码:
I am attempting to create a cloud sql instance on GCP using terraform. I want to use an existing VPC subnetwork created in an earlier step but there does not seem to be a way to refer to it. Instead all examples seem to require a new IP range to be setup. This is my current code that creates the new IP range:
provider = google-beta
project = "project_name"
name = "private_range"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 18
network = "projects/project_name/global/networks/vpc_name"
address = "192.168.128.0"
}
resource "google_service_networking_connection" "private_vpc_connection" {
provider = google-beta
network = "projects/project_name/global/networks/vpc_name"
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
}
resource "google_sql_database_instance" "instance" {
provider = google-beta
project = "project_name"
name = "db-instance10"
region = "us-east1"
database_version = "MYSQL_5_7"
depends_on = [google_service_networking_connection.private_vpc_connection]
settings {
tier = "db-f1-micro"
ip_configuration {
ipv4_enabled = false
private_network = "projects/project_name/global/networks/vpc_name"
}
}
}
provider "google-beta" {
region = "us-east1"
zone = "us-east1-c"
}
当我指定与现有子网完全相同的 IP 范围时.我收到错误:
When I specify the exact same IP range as the existing subnet. I receive the error:
错误:等待创建 GlobalAddress 时出错:等待创建 GlobalAddress 时出错:请求的范围与其他资源冲突:提供的 IP 范围与现有的子网 IP 范围重叠.
Error: Error waiting to create GlobalAddress: Error waiting for Creating GlobalAddress: Requested range conflicts with other resources: The provided IP range overlaps with existing subnetwork IP range.
似乎没有任何明显的方式来引用现有子网资源,因为 reserved_peering_ranges 参数似乎只接受 IP 地址范围资源的名称.
There does not seem to be any obvious way to refer to the existing subnetwork resource as the reserved_peering_ranges parameter only seems to accept the name of an IP address range resource.
这是现有子网的资源规范:
Here is the resource specification for the existing subnetwork:
creation_timestamp = "2020-06-03T07:28:05.762-07:00"
enable_flow_logs = true
fingerprint = "ied1TiEZjgc="
gateway_address = "192.168.128.1"
id = "us-east1/vpc_subnet_name"
ip_cidr_range = "192.168.128.0/18"
name = "vpc_subnet_name"
network = "https://www.googleapis.com/compute/v1/projects/project_name/global/networks/vpc_name"
private_ip_google_access = true
project = "project_name"
region = "us-east1"
secondary_ip_range = []
self_link = "https://www.googleapis.com/compute/v1/projects/project_name/regions/us-east1/subnetworks/vpc_subnet_name"
log_config {
aggregation_interval = "INTERVAL_5_SEC"
flow_sampling = 0.5
metadata = "INCLUDE_ALL_METADATA"
}
}
推荐答案
通过 私有IP 需要配置私有服务访问,使用 分配的 IP 地址范围不得与任何现有 VPC 子网重叠.
Connecting to a Cloud sql instance through a private IP requires configuring private service access that uses an allocated IP address range that must not overlap with any existing VPC subnet.
专用连接将您的 VPC 网络与服务的 VPC 网络链接起来.此连接允许 VPC 网络中的 VM 实例使用内部 IP 地址访问服务资源,例如具有内部 IP 地址的 Cloud sql 实例.
The private connection links your VPC network with the service's VPC network. This connection allows VM instances in your VPC network to use internal IP addresses to reach the service resources, for example a Cloud sql instance that has internal IP addresses.
创建后,分配的 IP 地址范围和连接可以与其他服务重复使用.
Once created, the allocated IP address range and the connection can then be reused with other services.
这篇关于Terraform - 重用现有子网在 GCP 上创建云 sql 实例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
