我试图部署一个托管实例组与负载均衡器,这将运行一个web服务器容器。容器存储在google articat注册表中。
如果我手动创建一个虚拟机并定义容器的使用情况,它可以成功地拉出并激活容器。
当我尝试通过terraform创建托管实例组时,VM不拉也不激活容器。当我ssh到VM并尝试手动拉容器时,我得到以下错误:
Error response from daemon: Get https://us-docker.pkg.dev/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
我手动创建的虚拟机与terraform创建的虚拟机之间唯一显著的区别是手动创建的虚拟机有一个外部IP地址。不确定这是否重要,也不确定如何添加一个到地形文件。
下面是我的主要。tf文件。谁能告诉我我哪里做错了?
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "3.53.0"
}
google-beta = {
source = "hashicorp/google-beta"
version = "~> 4.0"
}
}
}
provider "google" {
credentials = file("compute_lab2-347808-dab33a244827.json")
project = "lab2-347808"
region = "us-central1"
zone = "us-central1-f"
}
locals {
google_load_balancer_ip_ranges = [
"130.211.0.0/22",
"35.191.0.0/16",
]
}
module "gce-container" {
source = "terraform-google-modules/container-vm/google"
version = "~> 2.0"
cos_image_name = "cos-stable-77-12371-89-0"
container = {
image = "us-docker.pkg.dev/lab2-347808/web-server-repo/web-server-image"
volumeMounts = [
{
mountPath = "/cache"
name = "tempfs-0"
readOnly = false
},
]
}
volumes = [
{
name = "tempfs-0"
emptyDir = {
medium = "Memory"
}
},
]
restart_policy = "Always"
}
resource "google_compute_firewall" "rules" {
project = "lab2-347808"
name = "allow-web-ports"
network = "default"
description = "Opens the relevant ports for the web server"
allow {
protocol = "tcp"
ports = ["80", "8080", "5432", "5000", "443"]
}
source_ranges = ["0.0.0.0/0"]
#source_ranges = local.google_load_balancer_ip_ranges
target_tags = ["web-server-ports"]
}
resource "google_compute_autoscaler" "default" {
name = "web-autoscaler"
zone = "us-central1-f"
target = google_compute_instance_group_manager.default.id
autoscaling_policy {
max_replicas = 10
min_replicas = 1
cooldown_period = 60
cpu_utilization {
target = 0.5
}
}
}
resource "google_compute_instance_template" "default" {
name = "my-web-server-template"
machine_type = "e2-medium"
can_ip_forward = false
tags = ["ssh", "http-server", "https-server", "web-server-ports"]
disk {
#source_image = "cos-cloud/cos-73-11647-217-0"
source_image = module.gce-container.source_image
}
network_interface {
network = "default"
}
service_account {
#scopes = ["userinfo-email", "compute-ro", "storage-ro"]
scopes = ["cloud-platform"]
}
metadata = {
gce-container-declaration = module.gce-container.metadata_value
}
}
resource "google_compute_target_pool" "default" {
name = "web-server-target-pool"
}
resource "google_compute_instance_group_manager" "default" {
name = "web-server-igm"
zone = "us-central1-f"
version {
instance_template = google_compute_instance_template.default.id
name = "primary"
}
target_pools = [google_compute_target_pool.default.id]
base_instance_name = "web-server-instance"
}
您的虚拟机模板没有公共IP,因此无法访问公共IP。
然而,你有三种方法来解决这个问题:
- 在虚拟机模板上添加公网IP(坏主意)
- 在虚拟机私有IP范围内添加云NAT,以允许传出流量到互联网(好主意)
- 在虚拟机私有iP范围所在子网内激活Google私有访问。它在没有公共IP的情况下创建了一个访问谷歌服务的桥梁(我更喜欢的想法)->https://cloud.google.com/vpc/docs/configure-private-google-access
显然,我在google_compute_instance_template的network_interface中缺少以下acecss_config:
network_interface {
network = "default"
access_config {
network_tier = "PREMIUM"
}