Terraform:EKS - 仅使用私有子网创建集群

【问题标题】:Terraform:EKS -Cluster creation with ONLY Private SubnetsTerraform:EKS - 仅使用私有子网创建集群
【发布时间】:2021-12-27 20:06:33
【问题描述】:

要求:是通过 Terraform 创建只有私有子网的 EKS 集群

     Error: error waiting for EKS Node Group (eks-dev-cluster:ng_2) to create: unexpected state 'CREATE_FAILED',
     wanted target 'ACTIVE'. last error: 1 error occurred:
        │   * subnet-******, subnet-******e5, subnet-******4: Ec2SubnetInvalidConfiguration: One or more Amazon EC2 Subnets of [subnet-*****, subnet-*****, subnet-*****] for node group ng_2 does not automatically assign public IP addresses to instances launched into it. 
If you want your instances to be assigned a public IP address, then you need to enable auto-assign public IP address for the subnet.
See IP addressing in VPC guide: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html#subnet-public-ip
        │
        │   with aws_eks_node_group.eks_nodegroup["ng_2"],
        │   on eks-workers.tf line 9, in resource "aws_eks_node_group" "EKS_NG":
        │    9: resource "aws_eks_node_group" "eks_nodegroup" {

我给了map_public_ip_on_launch = false如下

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "3.11.0"
  create_vpc = var.create_vpc
  name = var.vpc_name
  cidr = var.vpc_cidr

  azs             = slice(data.aws_availability_zones.available.names, 0, 3)
  private_subnets = var.private_subnets
  public_subnets  = var.public_subnets
  map_public_ip_on_launch = false
  enable_nat_gateway = var.enable_nat_gateway
  single_nat_gateway = var.single_nat_gateway
  enable_vpn_gateway = var.enable_vpn_gateway

  tags = {
    Name                                      = var.vpc_name
    Environment                               = terraform.workspace
    "kubernetes.io/cluster/${var.cluster-name}" = "shared"
  }
}

在文件下面运行时也出现错误

eks-workers.tf
locals{
private_subnet_ids = var.create_vpc? module.vpc.private_subnets : tolist(data.aws_subnet_ids.private[0].ids)
}

# creating node groups

resource "aws_eks_node_group" "EKS_NG" {
  for_each = var.eks_node_groups
  cluster_name = aws_eks_cluster.ds-eks-airflow.name
  node_group_name =  each.key
  node_role_arn = var.create_role? aws_iam_role.ds-eks-airflow-node[0].arn : var.node_rolearn
  subnet_ids = local.private_subnet_ids
  instance_types = [each.value.instance_type]
  capacity_type =  each.value.capacity_type
  scaling_config {
    desired_size = each.value.desired_size
    max_size     = each.value.max_size
    min_size     = each.value.min_size
  }
  
  remote_access {
     ec2_ssh_key = each.value.ec2_ssh_key
     source_security_group_ids = [ aws_security_group.ds-eks-airflow-node.id ]
  }
 
  tags = each.value.tags
  labels = each.value.labels
  # Ensure that IAM Role permissions are created before EKS Node Group handling.

  depends_on = [
    aws_iam_role_policy_attachment.AmazonEKSWorkerNodePolicy,
    aws_iam_role_policy_attachment.AmazonEKS_CNI_Policy,
    aws_iam_role_policy_attachment.AmazonEC2ContainerRegistryReadOnly,
    aws_eks_cluster.ds-eks-airflow,
    aws_security_group.ds-eks-airflow-node
  ]
}

【问题讨论】:

    标签: terraform amazon-eks terraform-provider-azure


    【解决方案1】:

    对于您的情况,仅将私有子网分配给节点组,否则公共子网应将 EKS 的 mapPublicIpOnLaunch 设置为 true。

    如果将自管节点部署到公共子网,则该子网必须 配置为自动分配公共 IP 地址。

    如果托管节点部署到公共子网,则该子网必须是 配置为自动分配公共 IP 地址。

    Details.

    【讨论】:

    • 我已经提到map_public_ip_on_launch = false
    • 查看更新后的答案。
    • 您是说我们需要公共子网和私有子网吗?
    • 不,尝试考虑完全私有子网中的 EC2。
    猜你喜欢
    • 2020-03-03
    • 2020-12-09
    • 2020-01-30
    • 2019-01-20
    • 2018-10-19
    • 2021-08-12
    • 2021-09-07
    • 2020-12-15
    • 2021-04-11
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode