Terraform 变量:如何以更扁平的方式重构 vnets/subnets/nsgs 的 Terraform 变量数据结构?
Terraform variables: How can I restructure my terraform variables data-structure for vnets/subnets/nsgs in a more flatter way?
我正在使用的以下 variables.vnet 数据结构在即将使用 count/for_each 和动态创建 subnets/vnets 方面造成了太多的复杂性。我想要一个更简单的解决方案。我仍然希望能够在各自的 vnet 中对相关子网进行分组,但也许可以摆脱过多的地图列表?
有人可以帮我制定更好的结构吗?
variable "vnets" {
default = [
{
vnet_name = "first-vnet"
address_space = "10.250.0.0"
network_size = 16
subnets = [
{
name = "test1-subnet"
bitmask = 24
netnum = 1
service_endponts_enabled = false
network_security_group = "test1-nsg"
security_group_rules = [
{
name = "test1-sg"
priority = 100
direction = "inbound"
access = "allow"
protocol = "tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "172.16.2.0/24"
},
]
},
{
name = "test2-subnet"
bitmask = 24
netnum = 2
service_endponts_enabled = false
network_security_group = "test2-nsg"
security_group_rules = [
{
name = "test2-sg"
priority = 100
direction = "inbound"
access = "allow"
protocol = "tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "172.16.0.0/24"
destination_address_prefix = "172.16.4.0/24"
},
]
},
{
name = "test3-subnet"
bitmask = 24
netnum = 3
service_endponts_enabled = true
network_security_group = "test3-nsg"
security_group_rules = [
{
name = "test3-sg"
priority = 100
direction = "inbound"
access = "allow"
protocol = "tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "172.16.2.0/24"
destination_address_prefix = "172.16.8.0/22"
},
]
}
]
},
{
vnet_name = "second-vnet"
address_space = "10.251.0.0"
network_size = 16
subnets = []
},
{
vnet_name = "third-vnet"
address_space = "10.252.0.0"
network_size = 16
subnets = []
}
]
}
variables.vnet数据结构很好,除了NSG规则外,没必要把规则放在子网属性里面。要知道,一个子网只能附加一个 NSG。所以你只需要设置哪个 NSG 将附加到子网。您可以单独为 NSG 和规则使用另一个变量。
例如,对于子网,它可能会点击:
...
subnets = [
{
name = "test1-subnet"
bitmask = 24
netnum = 1
service_endponts_enabled = false
network_security_group = "test1-nsg"
},
...
]
我正在使用的以下 variables.vnet 数据结构在即将使用 count/for_each 和动态创建 subnets/vnets 方面造成了太多的复杂性。我想要一个更简单的解决方案。我仍然希望能够在各自的 vnet 中对相关子网进行分组,但也许可以摆脱过多的地图列表?
有人可以帮我制定更好的结构吗?
variable "vnets" {
default = [
{
vnet_name = "first-vnet"
address_space = "10.250.0.0"
network_size = 16
subnets = [
{
name = "test1-subnet"
bitmask = 24
netnum = 1
service_endponts_enabled = false
network_security_group = "test1-nsg"
security_group_rules = [
{
name = "test1-sg"
priority = 100
direction = "inbound"
access = "allow"
protocol = "tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "172.16.2.0/24"
},
]
},
{
name = "test2-subnet"
bitmask = 24
netnum = 2
service_endponts_enabled = false
network_security_group = "test2-nsg"
security_group_rules = [
{
name = "test2-sg"
priority = 100
direction = "inbound"
access = "allow"
protocol = "tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "172.16.0.0/24"
destination_address_prefix = "172.16.4.0/24"
},
]
},
{
name = "test3-subnet"
bitmask = 24
netnum = 3
service_endponts_enabled = true
network_security_group = "test3-nsg"
security_group_rules = [
{
name = "test3-sg"
priority = 100
direction = "inbound"
access = "allow"
protocol = "tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "172.16.2.0/24"
destination_address_prefix = "172.16.8.0/22"
},
]
}
]
},
{
vnet_name = "second-vnet"
address_space = "10.251.0.0"
network_size = 16
subnets = []
},
{
vnet_name = "third-vnet"
address_space = "10.252.0.0"
network_size = 16
subnets = []
}
]
}
variables.vnet数据结构很好,除了NSG规则外,没必要把规则放在子网属性里面。要知道,一个子网只能附加一个 NSG。所以你只需要设置哪个 NSG 将附加到子网。您可以单独为 NSG 和规则使用另一个变量。
例如,对于子网,它可能会点击:
...
subnets = [
{
name = "test1-subnet"
bitmask = 24
netnum = 1
service_endponts_enabled = false
network_security_group = "test1-nsg"
},
...
]