我正在使用terraform来创建我的环境。
作为流程的一部分,我将创建gke集群和后端服务(负载均衡器的一部分)。
当应用需要“集群销毁”的更改(例如更改gke机器类型)时,terraform会失败,因为集群取决于后端服务。
我希望terraform能够识别这种依赖性,并销毁并重新创建后端服务。
有没有办法实现这种行为,还是我必须进行彻底的销毁并在这种情况下适用?
示例:
resource "google_container_cluster" "cluster" {
provider = google-beta
name = "my-cluster"
location = "europe-west1-b"
min_master_version = "1.15"
networking_mode = "VPC_NATIVE"
ip_allocation_policy {}
node_pool {
name = "default-pool"
node_count = 1
node_config {
preemptible = true
machine_type = "n1-standard-4"
disk_size_gb = 20
oauth_scopes = [
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
"https://www.googleapis.com/auth/service.management.readonly",
"https://www.googleapis.com/auth/servicecontrol",
"https://www.googleapis.com/auth/trace.append",
"https://www.googleapis.com/auth/compute",
]
metadata = {
disable-legacy-endpoints = "true"
}
}
}
network_policy {
enabled = true
}
master_auth {
client_certificate_config {
issue_client_certificate = false
}
}
addons_config {
istio_config {
disabled = false
auth = "AUTH_MUTUAL_TLS"
}
}
}
resource "google_compute_health_check" "tcp-health-check" {
name = "${google_container_cluster.cluster.name}-istioingress-healthcheck"
tcp_health_check {
port = "12345"
port_specification = "USE_FIXED_PORT"
}
}
resource "google_compute_backend_service" "backend-service" {
name = "${google_container_cluster.cluster.name}-https-backend"
health_checks = [google_compute_health_check.tcp-health-check.id]
protocol = "HTTPS"
port_name = "port-12345"
connection_draining_timeout_sec = 0
backend {
balancing_mode = "UTILIZATION"
max_utilization = 0.8
capacity_scaler = 1
group = google_container_cluster.cluster.instance_group_urls.0
}
}
更新集群machine_type时,出现以下错误:
错误:删除群集时出错:googleapi:错误409:群集具有必须首先删除的相关资源:https://www.googleapis.com/compute/v1/projects/tufin-securecloud-dev/global/backendServices/my-cluster-https-backend.,已经存在