google-cloud-platform - 在启用 Config Connector 的情况下对 Google Kubernetes Engine 集群进行地形改造

Question

Google Kubernetes Engine 集群$GKE_CLUSTER_NAME在 Google Cloud Platform (GCP) 项目中运行$GCP_PROJECT_NAME，其中存储了匹配的 Terraform 配置container_cluster.tf，可以通过以下方式检查：

terraform plan

#=>

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.

我希望通过将以下参数添加到以下参数来启用 Config Connector（更多信息在这里）以$GKE_CLUSTER_NAME使用 Terraform container_cluster.tf：

resource "google_container_cluster" ". . ." {
  addons_config {
    config_connector_config {
      enabled = true
    }

  . . .

}

但是当我进行plan此更改时，我遇到以下错误：

terraform plan

#=>

╷
│ Error: Unsupported block type
│
│   on container_cluster.tf line 3, in resource "google_container_cluster" ". . .":
│    3:     config_connector_config {
│
│ Blocks of type "config_connector_config" are not expected here.

尽管在此处找到的官方文档声明该块config_connector_config支持。addons_config

我正在使用最新版本的 Terraform 和google提供程序：

terraform version

#=>

Terraform v1.0.6
on . . .
+ provider registry.terraform.io/hashicorp/google v3.84.0

我需要进行哪些更改才能成功启用 Config Connector 以$GKE_CLUSTER_NAME使用 Terraform？

Answer 1

该config_connector_config参数仍处于Beta 阶段，因此您需要将google-beta提供程序用于$GKE_CLUSTER_NAME：

1. 为每个资源添加provider参数：

   • 使用至少 一个Beta 参数指定google-beta任何资源（例如）：$GKE_CLUSTER_NAME

     resource "google_container_cluster" ". . ." {
     
        . . .
     
        provider        = google-beta
     
        . . .
     
     }
     

   • google为所有其他资源指定：

     resource resource "google_container_node_pool" ". . ." {
     
        . . .
     
        provider       = google
     
        . . .
     
     }
     

   即使是providerarg。在此处的官方参考文档中找不到。google_container_cluster

2. 在文件中找到 的google-beta提供程序旁边添加提供程序：googleproviders.tf

   
   . . .
   
   provider "google" {
     project = ". . ."
   }
   
   provider "google-beta" {
     project = ". . ."
   }
   
   . . .
   
   terraform {
     required_providers {
   
       . . .
   
       google = {
         version = "~> 3.84.0"
       }
       google-beta = {
         version = "~> 3.84.0"
       }
   
       . . .
   
     }
   }
   

   在同一个 Terraform 配置中同时使用和提供者是安全的。更多关于这里。googlegoogle-beta

   注意：在上面的提供程序定义中设置您的 GCP 项目名称允许您在不指定项目的情况下运行import命令（在此处找到）。

3. 迄今为止的尝试plan或您的更改可能会导致以下结果：apply

   terraform plan
   
   #=>
   
   ╷
   │ Error: Could not load plugin
   │
   │
   │ Plugin reinitialization required. Please run "terraform init".
   │
   │ Plugins are external binaries that Terraform uses to . . .
   

   所以你可能不得不init再次：

   terraform init
   
   #=>
   
   Initializing the backend...
   
   Initializing provider plugins...
   - Finding latest version of hashicorp/google-beta...
   - Reusing previous version of hashicorp/google from the dependency lock file
   - Installing hashicorp/google-beta v3.84.0...
   - Installed hashicorp/google-beta v3.84.0 (signed by HashiCorp)
   - Using previously-installed hashicorp/google v3.84.0
   
   Terraform has made some changes to the provider dependency selections recorded
   in the .terraform.lock.hcl file. Review those changes and commit them to your
   version control system if they represent changes you intended to make.
   
   Terraform has been successfully initialized!
   
   You may now begin working with Terraform. . . .
   

   该providers命令现在应该确认google-beta您当前的配置所要求的：

   terraform providers
   
   #=>
   
   Providers required by configuration:
   .
   ├── provider[registry.terraform.io/hashicorp/google] ~> 3.84.0
   └── provider[registry.terraform.io/hashicorp/google-beta] ~> 3.84.0
   
   Providers required by state:
   
       provider[registry.terraform.io/hashicorp/google]
   

4. 运行 aplan以确认 Config Connector 将被启用：

   terraform plan
   
   #=>
   
   . . .
   
   Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
     ~ update in-place
   
   Terraform will perform the following actions:
   
     # google_container_cluster.$GKE_CLUSTER_NAME will be updated in-place
     ~ resource "google_container_cluster" ". . ." {
   
   . . .
   
         ~ addons_config {
   
             + config_connector_config {
                 + enabled = true
               }
   . . .
   
   Plan: 0 to add, 1 to change, 0 to destroy.
   
   . . .
   

   然后apply你的改变：

   terraform apply
   
   #=>
   
   google_container_cluster.. . .: Modifying... [id=projects/$GCP_PROJECT_NAME/locations/$GKE_CLUSTER_ZONE/clusters/$GKE_CLUSTER_NAME]
   
   . . .
   
   google_container_cluster.. . .: Modifications complete after xmxxs [id=projects/$GCP_PROJECT_NAME/locations/$GKE_CLUSTER_ZONE/clusters/$GKE_CLUSTER_NAME]
   
   Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
   

   检查是否为您的集群启用了配置连接器：

    gcloud container clusters describe $GKE_CLUSTER_NAME \
   --format="value(addonsConfig.configConnectorConfig.enabled)" \
   --zone=$GKE_CLUSTER_ZONE
   
   #=>
   
   True
   

想了解更多关于使用google-beta提供商的信息吗？访问这里和这里。