创建 ForwardingRule 时出错,在与转发规则相同的区域和 VPC 中需要保留和活动的子网
Error creating ForwardingRule, A reserved and active subnetwork is required in the same region and VPC as the forwarding rule
我正在尝试使用 terrafrom 创建区域负载平衡器,但我无法创建转发规则和区域 HTTP(s) 代理。
resource "google_compute_region_ssl_certificate" "ssl-crt" {
project = "proyecto-pegachucho"
name_prefix = "my-certificate-"
region = var.lb_region
private_key = file("lb_http/certificate/privateKey.key")
certificate = file("lb_http/certificate/certificate.crt")
lifecycle {
create_before_destroy = true
}
}
resource "google_compute_forwarding_rule" "lb-front-HTTP" {
name = var.lb_front_name
load_balancing_scheme = "INTERNAL_MANAGED"
port_range = var.lb_front_port_range
target = google_compute_region_target_http_proxy.lb-proxy-http.self_link
region = var.lb_region
network = var.lb_network
subnetwork = var.lb_subnetwork
ip_address = "10.10.30.5"
}
resource "google_compute_forwarding_rule" "lb-front-HTTPS" {
name = "lb-https-front"
port_range = "443"
load_balancing_scheme = "INTERNAL_MANAGED"
ip_address = "10.10.30.6"
target = google_compute_region_target_https_proxy.lb-proxy-https.self_link
region = var.lb_region
network = var.lb_network
subnetwork = var.lb_subnetwork
}
resource "google_compute_region_target_http_proxy" "lb-proxy-http" {
name = var.lb_proxy_name
region = var.lb_region
project = "proyecto-pegachucho"
url_map = google_compute_region_url_map.lb_url_map.self_link
}
resource "google_compute_region_target_https_proxy" "lb-proxy-https" {
name = "test-proxy"
region = var.lb_region
project = "proyecto-pegachucho"
url_map = google_compute_region_url_map.lb_url_map.self_link
ssl_certificates = [google_compute_region_ssl_certificate.ssl-crt.id]
}
resource "google_compute_region_url_map" "lb_url_map" {
name = var.url_map_name
region = var.lb_region
default_service = google_compute_region_backend_service.lb-backend.self_link
}
resource "google_compute_region_backend_service" "lb-backend" {
name = var.lb_backend_name
region = var.lb_region
project = "proyecto-pegachucho"
load_balancing_scheme = "INTERNAL_MANAGED"
port_name = var.lb_backend_port_name
protocol = var.lb_backend_protocol
timeout_sec = var.lb_backend_timeout
health_checks = [var.healthcheck_output]
locality_lb_policy = "ROUND_ROBIN"
backend {
group = var.ig_id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
}
这将引发以下错误:
Error: Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/proyecto-pegachucho/regions/us-central1/targetHttpProxies/lb-proxy'. A reserved and active subnetwork is required in the same region and VPC as the forwarding rule., invalid
on lb_http\lb_http.tf line 13, in resource "google_compute_forwarding_rule" "lb-front-HTTP":
13: resource "google_compute_forwarding_rule" "lb-front-HTTP" {
Error: Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/proyecto-pegachucho/regions/us-central1/targetHttpsProxies/test-proxy'. A reserved and active subnetwork is required in the same region and VPC as the forwarding rule., invalid
on lb_http\lb_http.tf line 24, in resource "google_compute_forwarding_rule" "lb-front-HTTPS":
24: resource "google_compute_forwarding_rule" "lb-front-HTTPS" {
我尝试使用 google 测试版提供商,但似乎我没有权限,而我对我的 Terraform 服务帐户拥有所有者权限。
Error: Error creating RegionSslCertificate: googleapi: Error 403: Required 'compute.regionSslCertificates.create' permission for 'projects/proyecto-pegachucho/regions/us-central1/sslCertificates/my-certificate-20210628014206664300000001', forbidden
on lb_http\lb_http.tf line 1, in resource "google_compute_region_ssl_certificate" "ssl-crt":
1: resource "google_compute_region_ssl_certificate" "ssl-crt" {
Error: Error creating RegionBackendService: googleapi: Error 403: Required 'compute.regionBackendServices.create' permission for 'projects/proyecto-pegachucho/regions/us-central1/backendServices/lb-backend'
More details:
Reason: forbidden, Message: Required 'compute.regionBackendServices.create' permission for 'projects/proyecto-pegachucho/regions/us-central1/backendServices/lb-backend'
Reason: forbidden, Message: Required 'compute.healthChecks.useReadOnly' permission for 'projects/proyecto-pegachucho/global/healthChecks/hsbc-healthcheck-dev'
Reason: forbidden, Message: Required 'compute.instanceGroups.use' permission for 'projects/proyecto-pegachucho/zones/us-central1-b/instanceGroups/tomcats-ig'
on lb_http\lb_http.tf line 59, in resource "google_compute_region_backend_service" "lb-backend":
59: resource "google_compute_region_backend_service" "lb-backend" {
在为内部 HTTP(S) 负载平衡器创建转发规则之前,您必须创建一个仅代理子网。您在其中使用内部 HTTP(S) 负载平衡器的虚拟专用网络 (VPC) 的每个区域都必须具有仅代理子网。
显示的错误消息在最后一句话中描述了它:
Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/proyecto-pegachucho/regions/us-central1/targetHttpProxies/lb-proxy'. A reserved and active subnetwork is required in the same region and VPC as the forwarding rule.
要解决这个问题,您可以手动 create said proxy-only subnet through the gcloud compute networks subnets create command or use the terraform variant through google_compute_subnetwork where all the same fields are available, you can use the documentation in create 作为指导,然后将其全部侵入到 terraform。
请注意,这必须在为您的内部 HTTP(S) LB 创建转发规则之前完成
希望提供的解决方案对您有所帮助!
我正在尝试使用 terrafrom 创建区域负载平衡器,但我无法创建转发规则和区域 HTTP(s) 代理。
resource "google_compute_region_ssl_certificate" "ssl-crt" {
project = "proyecto-pegachucho"
name_prefix = "my-certificate-"
region = var.lb_region
private_key = file("lb_http/certificate/privateKey.key")
certificate = file("lb_http/certificate/certificate.crt")
lifecycle {
create_before_destroy = true
}
}
resource "google_compute_forwarding_rule" "lb-front-HTTP" {
name = var.lb_front_name
load_balancing_scheme = "INTERNAL_MANAGED"
port_range = var.lb_front_port_range
target = google_compute_region_target_http_proxy.lb-proxy-http.self_link
region = var.lb_region
network = var.lb_network
subnetwork = var.lb_subnetwork
ip_address = "10.10.30.5"
}
resource "google_compute_forwarding_rule" "lb-front-HTTPS" {
name = "lb-https-front"
port_range = "443"
load_balancing_scheme = "INTERNAL_MANAGED"
ip_address = "10.10.30.6"
target = google_compute_region_target_https_proxy.lb-proxy-https.self_link
region = var.lb_region
network = var.lb_network
subnetwork = var.lb_subnetwork
}
resource "google_compute_region_target_http_proxy" "lb-proxy-http" {
name = var.lb_proxy_name
region = var.lb_region
project = "proyecto-pegachucho"
url_map = google_compute_region_url_map.lb_url_map.self_link
}
resource "google_compute_region_target_https_proxy" "lb-proxy-https" {
name = "test-proxy"
region = var.lb_region
project = "proyecto-pegachucho"
url_map = google_compute_region_url_map.lb_url_map.self_link
ssl_certificates = [google_compute_region_ssl_certificate.ssl-crt.id]
}
resource "google_compute_region_url_map" "lb_url_map" {
name = var.url_map_name
region = var.lb_region
default_service = google_compute_region_backend_service.lb-backend.self_link
}
resource "google_compute_region_backend_service" "lb-backend" {
name = var.lb_backend_name
region = var.lb_region
project = "proyecto-pegachucho"
load_balancing_scheme = "INTERNAL_MANAGED"
port_name = var.lb_backend_port_name
protocol = var.lb_backend_protocol
timeout_sec = var.lb_backend_timeout
health_checks = [var.healthcheck_output]
locality_lb_policy = "ROUND_ROBIN"
backend {
group = var.ig_id
balancing_mode = "UTILIZATION"
capacity_scaler = 1.0
}
}
这将引发以下错误:
Error: Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/proyecto-pegachucho/regions/us-central1/targetHttpProxies/lb-proxy'. A reserved and active subnetwork is required in the same region and VPC as the forwarding rule., invalid
on lb_http\lb_http.tf line 13, in resource "google_compute_forwarding_rule" "lb-front-HTTP":
13: resource "google_compute_forwarding_rule" "lb-front-HTTP" {
Error: Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/proyecto-pegachucho/regions/us-central1/targetHttpsProxies/test-proxy'. A reserved and active subnetwork is required in the same region and VPC as the forwarding rule., invalid
on lb_http\lb_http.tf line 24, in resource "google_compute_forwarding_rule" "lb-front-HTTPS":
24: resource "google_compute_forwarding_rule" "lb-front-HTTPS" {
我尝试使用 google 测试版提供商,但似乎我没有权限,而我对我的 Terraform 服务帐户拥有所有者权限。
Error: Error creating RegionSslCertificate: googleapi: Error 403: Required 'compute.regionSslCertificates.create' permission for 'projects/proyecto-pegachucho/regions/us-central1/sslCertificates/my-certificate-20210628014206664300000001', forbidden
on lb_http\lb_http.tf line 1, in resource "google_compute_region_ssl_certificate" "ssl-crt":
1: resource "google_compute_region_ssl_certificate" "ssl-crt" {
Error: Error creating RegionBackendService: googleapi: Error 403: Required 'compute.regionBackendServices.create' permission for 'projects/proyecto-pegachucho/regions/us-central1/backendServices/lb-backend'
More details:
Reason: forbidden, Message: Required 'compute.regionBackendServices.create' permission for 'projects/proyecto-pegachucho/regions/us-central1/backendServices/lb-backend'
Reason: forbidden, Message: Required 'compute.healthChecks.useReadOnly' permission for 'projects/proyecto-pegachucho/global/healthChecks/hsbc-healthcheck-dev'
Reason: forbidden, Message: Required 'compute.instanceGroups.use' permission for 'projects/proyecto-pegachucho/zones/us-central1-b/instanceGroups/tomcats-ig'
on lb_http\lb_http.tf line 59, in resource "google_compute_region_backend_service" "lb-backend":
59: resource "google_compute_region_backend_service" "lb-backend" {
在为内部 HTTP(S) 负载平衡器创建转发规则之前,您必须创建一个仅代理子网。您在其中使用内部 HTTP(S) 负载平衡器的虚拟专用网络 (VPC) 的每个区域都必须具有仅代理子网。
显示的错误消息在最后一句话中描述了它:
Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.target': 'https://www.googleapis.com/compute/v1/projects/proyecto-pegachucho/regions/us-central1/targetHttpProxies/lb-proxy'. A reserved and active subnetwork is required in the same region and VPC as the forwarding rule.
要解决这个问题,您可以手动 create said proxy-only subnet through the gcloud compute networks subnets create command or use the terraform variant through google_compute_subnetwork where all the same fields are available, you can use the documentation in create 作为指导,然后将其全部侵入到 terraform。
请注意,这必须在为您的内部 HTTP(S) LB 创建转发规则之前完成
希望提供的解决方案对您有所帮助!