我是 Terraform 和 Google Cloud 的新手。
我正在尝试创建一个 K8 集群,其中集群内的 pod 可以与同一 VPC 内的 Postgres 服务器通信。
psql但是,当我尝试使用集群内的 ubuntu pod 中的客户端连接到服务器时psql -h <PRIVATE_IP_OF_POSTGRES_SERVER> -U postgresadmin,它会等待很长时间并引发以下超时错误。
psql: could not connect to server: Connection timed out
Is the server running on host "<PRIVATE_IP_OF_POSTGRES_SERVER>" and accepting
TCP/IP connections on port 5432?
我甚至尝试过telnet <PRIVATE_IP_OF_POSTGRES_SERVER>,但还是不行。(PING 也不工作)
以下是用于创建 VPC 和 K8 集群的 Terraform 脚本:
variable "project_id" {
description = "project id"
}
variable "region" {
description = "region"
}
variable "gke_username" {
default = ""
description = "gke username"
}
variable "gke_password" {
default = ""
description = "gke password"
}
variable "gke_num_nodes" {
default = 1
description = "number of gke nodes"
}
provider "google" {
project = var.project_id
region = var.region
}
# VPC
resource "google_compute_network" "vpc" {
name = "${var.project_id}-vpc"
auto_create_subnetworks = "false"
}
# Subnet
resource "google_compute_subnetwork" "subnet" {
name = "${var.project_id}-subnet"
region = var.region
network = google_compute_network.vpc.name
ip_cidr_range = "10.10.0.0/24"
}
# GKE cluster
resource "google_container_cluster" "primary" {
name = "${var.project_id}-gke"
location = var.region
remove_default_node_pool = true
initial_node_count = 1
network = google_compute_network.vpc.name
subnetwork = google_compute_subnetwork.subnet.name
# Create a VPC-native cluster by configuring `ip_allocation_policy`
ip_allocation_policy {
cluster_ipv4_cidr_block = "/16"
services_ipv4_cidr_block = "/22"
}
master_auth {
username = var.gke_username
password = var.gke_password
client_certificate_config {
issue_client_certificate = false
}
}
}
# Separately Managed Node Pool
resource "google_container_node_pool" "primary_nodes" {
name = "${google_container_cluster.primary.name}-node-pool"
location = var.region
cluster = google_container_cluster.primary.name
node_count = var.gke_num_nodes
node_config {
oauth_scopes = [
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
labels = {
env = var.project_id
}
# preemptible = true
machine_type = "n1-standard-1"
tags = ["gke-node", "${var.project_id}-gke"]
metadata = {
disable-legacy-endpoints = "true"
}
}
}
下面是用于创建 Postgres 服务器的 terraform 脚本文件:
variable "project_id" {
description = "project id"
}
variable "region" {
description = "region"
}
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "3.61.0"
}
}
}
data "google_compute_network" "my_network" {
name = "novade-lite-vpc"
}
provider "google" {
project = var.project_id
region = var.region
}
resource "random_id" "db_name_suffix" {
byte_length = 4
}
resource "google_compute_global_address" "private_ip_address" {
name = "private-ip-address"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
network = data.google_compute_network.my_network.self_link
}
resource "google_service_networking_connection" "private_vpc_connection" {
network = data.google_compute_network.my_network.self_link
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
}
resource "google_sql_database_instance" "postgres" {
name = "postgres-instance-${random_id.db_name_suffix.hex}"
database_version = "POSTGRES_11"
depends_on = [google_service_networking_connection.private_vpc_connection]
settings {
tier = "db-f1-micro"
ip_configuration {
ipv4_enabled = false
private_network = data.google_compute_network.my_network.self_link
}
}
}
resource "google_sql_database" "default" {
name = "default"
project = var.project_id
instance = google_sql_database_instance.postgres.name
collation = "en_US.UTF8"
depends_on = [google_sql_database_instance.postgres]
}
resource "google_sql_user" "users" {
name = "postgresadmin"
instance = google_sql_database_instance.postgres.name
password = "password"
depends_on = [google_sql_database_instance.postgres]
}
这是我的变量文件(对于以上两个脚本来说相同):
project_id = "test-project"
region = "europe-west2"
任何帮助深表感谢!