如何使用证书创建hcloud负载均衡器服务

时间:2020-09-05 19:43:57

标签: terraform hcloud

我正在尝试创建hcloud(hetzner云)负载平衡器,并通过terraform向其添加https服务。 由于某些原因,我无法将证书附加到负载均衡器服务,并且出现以下错误:

Error: Incorrect attribute value type

  on hcloud.tf line 76, in resource "hcloud_load_balancer_service" "web_lb_service":
  76:     certificates     = data.hcloud_certificate.lb_cert.id

Inappropriate value for attribute "certificates": list of number required.

用于负载均衡器服务的我的Terraform配置如下:

resource "hcloud_certificate" "domain_cert" {
    name = var.domain

    private_key = tls_private_key.cert_private_key.private_key_pem
    certificate = acme_certificate.certificate.certificate_pem

    labels = {
        type = "cert"
    }
}

resource "hcloud_load_balancer" "web_lb" {
  name               = "web_lb"
  load_balancer_type = "lb11"
  location           = var.location
  labels = {
    type = "web"
  }

  dynamic "target" {
    for_each = hcloud_server.web
    content {
      type      = "server"
      server_id = target.value["id"]
    }
  }

  algorithm {
    type = "round_robin"
  }
}

data "hcloud_certificate" "lb_cert" {
    id = hcloud_certificate.domain_cert.id
}

resource "hcloud_load_balancer_service" "web_lb_service" {
  load_balancer_id = hcloud_load_balancer.web_lb.id
  protocol         = "https"
  listen_port      = var.https_port
  destination_port = var.https_port
  health_check {
    protocol = var.https_protocol
    port     = var.https_port
    interval = "10"
    timeout  = "10"
    http {
      path         = "/"
      status_codes = ["2??", "3??"]
    }
   }
  http {
    certificates     = data.hcloud_certificate.lb_cert.id
 }
}

resource "hcloud_load_balancer_network" "web_network" {
  load_balancer_id        = hcloud_load_balancer.web_lb.id
  subnet_id               = hcloud_network_subnet.hc_private_subnet.id
  enable_public_interface = "true"
}

有什么想法吗?`

谢谢!

br

1 个答案:

答案 0 :(得分:0)

您需要将certificates作为列表而不是单个参数进行传递。 https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/load_balancer_service

证书-(可选,list [int])来自负载均衡器具有的证书的ID列表。

所以本节应该看起来像

resource "hcloud_load_balancer_service" "web_lb_service" {
  load_balancer_id = hcloud_load_balancer.web_lb.id
  protocol         = "https"
  listen_port      = var.https_port
  destination_port = var.https_port
  health_check {
    protocol = var.https_protocol
    port     = var.https_port
    interval = "10"
    timeout  = "10"
    http {
      path         = "/"
      status_codes = ["2??", "3??"]
    }
   }
  http {
    certificates     = [data.hcloud_certificate.lb_cert.id]
 }
}
相关问题
最新问题