无法使用现有 VNET 和子网创建 Azure AKS 群集

时间:2021-06-23 18:37:27

标签: azure terraform azure-aks

我正在尝试使用 Terraform 在 Azure 中构建 AKS 集群。但是,我不希望 AKS 部署到它自己的 VNET 和子网中,我已经在我希望它使用的 vnet 中构建了一个子网。当试图只给它子网 ID 时,我遇到了重叠的 CIDER 问题。我的网络是:

虚拟网络:10.0.0.0/16 子网:10.0.1.0/24、10.0.2.0/24 和 10.0.3.0/24。我需要 AKS 才能在此 VNET 中使用 10.0.1.0./24 子网。但是,我的 Terraform 配置试图使用 10.0.0.0/16 的 CIDR,这是一个明显的冲突。我不知道如何在 Terraform 内部解决这个问题,通过门户我可以为 AKS 选择 vnet/子网。以下是我生成错误的 Terraform 配置:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=2.46.0"
    }
  }
}

# Configure the Microsoft Azure Provider
provider "azurerm" {
  features {}

  subscription_id = "####"
  tenant_id       = "####"
}

locals {
  azure_location = "East US"
  azure_location_short = "eastus"
}

resource "azurerm_resource_group" "primary_vnet_resource_group" {
  name     = "vnet-prod-002-eastus-001"
  location = local.azure_location
}

resource "azurerm_virtual_network" "primary_vnet_virtual_network" {
  name                = "vnet_primary_eastus-001"
  location            = local.azure_location
  resource_group_name = azurerm_resource_group.primary_vnet_resource_group.name
  address_space       = ["10.0.0.0/16"]
}

resource "azurerm_subnet" "aks-subnet" {
  name           = "snet-aks-prod-002-eastus-001"
#  location = local.azure_location
  virtual_network_name = azurerm_virtual_network.primary_vnet_virtual_network.name
  resource_group_name = azurerm_resource_group.primary_vnet_resource_group.name
  address_prefixes = ["10.0.1.0/24"]
 }

output "aks_subnet_id" {
  value = azurerm_subnet.aks-subnet.id
}

resource "azurerm_subnet" "application-subnet" {
  name           = "snet-app-prod-002-eastus-001"
#  location            = local.azure_location
  virtual_network_name = azurerm_virtual_network.primary_vnet_virtual_network.name
  resource_group_name = azurerm_resource_group.primary_vnet_resource_group.name
  address_prefixes = ["10.0.2.0/24"]
 }

resource "azurerm_subnet" "postgres-subnet" {
  name           = "snet-postgres-prod-002-eastus-001"
#  location            = local.azure_location
  virtual_network_name = azurerm_virtual_network.primary_vnet_virtual_network.name
  resource_group_name = azurerm_resource_group.primary_vnet_resource_group.name
  address_prefixes = ["10.0.3.0/24"]
 }

output "postgres_subnet_id" {
  value = azurerm_subnet.postgres-subnet.id
}

resource "azurerm_kubernetes_cluster" "aks-prod-002-eastus-001" {
  name                = "aks-prod-002-eastus-001"
  location            = local.azure_location
  resource_group_name = azurerm_resource_group.primary_vnet_resource_group.name
  dns_prefix          = "aks-prod-002-eastus-001"


  default_node_pool {
    name       = "default"
    node_count = 1
    vm_size    = "Standard_DS2_v2"
    vnet_subnet_id = azurerm_subnet.aks-subnet.id

  }

  network_profile {
    network_plugin = "azure"
  }

  identity {
    type = "SystemAssigned"
  }

  addon_profile {
    aci_connector_linux {
      enabled = false
    }

    azure_policy {
      enabled = false
    }

    http_application_routing {
      enabled = false
    }

    oms_agent {
      enabled = false
    }
  }
}

我不是 Terraform 专家,如果有人知道如何做到这一点,我真的需要帮助。我一直在查看文档,我可以找到一种指定子网 ID 的方法,但这就是我所能做的。如果我不指定子网 ID,那么一切都会被构建,但会创建一个新的 vnet,这是我不想要的。

提前致谢

1 个答案:

答案 0 :(得分:0)

找到解决方案,在network_profile下:

network_plugin = "azure"
network_policy = "azure"
service_cidr = "10.0.4.0/24"
dns_service_ip = "10.0.4.10"
docker_bridge_cidr = "172.17.0.1/16"

遗漏了这些,我希望这可以帮助遇到与我类似问题的任何人。

相关问题
最新问题