如何使用Terraform创建Azure Redis缓存的私有端点?

huangapple
go评论93阅读模式
英文:

How to create a private endpoint for azure redis cache using terraform?

问题

我已经使用Azure Redis Cache中的Terraform创建了私有端点。

以下是我Terraform代码的相关部分:

  1. terraform {
  2.   required_providers {
  3.     azurerm = {
  4.       source  = "hashicorp/azurerm"
  5.       version = ">=3.0.0"
  6.     }
  7.   }
  8. }
  10. provider "azurerm" {
  11.   features {}
  12. }
  14. locals {
  15.   redis_name      = "my-private-endpoint"
  16.   resource_group = "my-resource-group"
  17.   location       = "eastus"
  18. }
  20. resource "azurerm_private_endpoint" "example" {
  21.   name                = local.redis_name
  22.   location            = local.location
  23.   resource_group_name = local.resource_group
  24.   subnet_id           = data.azurerm_subnet.example.id
  26.   private_service_connection {
  27.     name                           = "akhil-obeliskredis-cache-testing-connection-private"
  28.     private_connection_resource_id = data.azurerm_redis_cache.example.id
  29.     subresource_names              = ["redisCache"]
  30.     is_manual_connection           = false
  31.   }
  33.   private_dns_zone_group {
  34.     name                 = "default"
  35.     private_dns_zone_ids = [azurerm_private_dns_zone.example.id]
  36.   }
  37. }
  39. resource "azurerm_private_dns_zone" "example" {
  40.   name                = "privatelinktest.redis.cache.windows.net"
  41.   resource_group_name = "cvad-int-us-k8s-rg-a"
  42. }
  44. data "azurerm_subnet" "example" {
  45.   name                 = "aks-subnet"
  46.   virtual_network_name = "cvad-int-us-vnet-a"
  47.   resource_group_name  = "cvad-int-us-k8s-rg-a"
  48. }
  50. data "azurerm_redis_cache" "example" {
  51.   name                = "akhil-obeliskredis-cache-testing"
  52.   resource_group_name = "my-resource-group"
  53. }

私有端点创建后,当我在网络上运行netcat时遇到了问题:

  1. nc: getaddrinfo for host "akhil-obeliskredis-cache-testing.redis.cache.windows.net" port 6380: Name or service not known

我看到一个区别。在Terraform创建时,fqdn没有创建,而当我从Azure门户手动创建时,fqdn被创建并且可以正常工作,没有任何错误。

使用Terraform创建:

如何使用Terraform创建Azure Redis缓存的私有端点?

从Azure门户手动创建后:

如何使用Terraform创建Azure Redis缓存的私有端点?

请在我尝试使用Terraform创建Azure Redis Cache的私有端点时可能遗漏了什么方面给我提供指导。

提前致谢!

英文:

I have created the private endpoint using terraform in azure redis cache.

Here's the relevant part of my Terraform code:

  1. terraform {
  2.   required_providers {
  3.     azurerm = {
  4.       source  = "hashicorp/azurerm"
  5.       version = ">=3.0.0"
  6.     }
  7.   }
  8. }
  10. provider "azurerm" {
  11.   features {}
  12. }
  15. locals {
  16.   redis_name = "my-private-endpoint"
  17.   resource_group     = "my-resource-group"
  18.   location = "eastus"
  19. }
  22. resource "azurerm_private_endpoint" "example" {
  23.   name                = local.redis_name
  24.   location            = local.location
  25.   resource_group_name = local.resource_group
  26.   subnet_id           = data.azurerm_subnet.example.id
  28.   private_service_connection {
  29.     name                           = "akhil-obeliskredis-cache-testing-connection-private"
  30.     private_connection_resource_id = data.azurerm_redis_cache.example.id
  31.     subresource_names              = ["redisCache"]
  32.     is_manual_connection           = false
  34.   }
  35.   private_dns_zone_group {
  36.     name                 = "default"
  37.     private_dns_zone_ids = [azurerm_private_dns_zone.example.id]
  38.   }
  40. }
  42. resource "azurerm_private_dns_zone" "example" {
  43.   name                = "privatelinktest.redis.cache.windows.net"
  44.   resource_group_name = "cvad-int-us-k8s-rg-a"
  45. }
  47. data "azurerm_subnet" "example" {
  48.   name                 = "aks-subnet"
  49.   virtual_network_name = "cvad-int-us-vnet-a"
  50.   resource_group_name  = "cvad-int-us-k8s-rg-a"
  51. }
  54. data "azurerm_redis_cache" "example" {
  55.   name                = "akhil-obeliskredis-cache-testing"
  56.   resource_group_name = "my-resource-group"
  57. }

Once private endpoint is created I am facing the issue when I did netcat on the network:

  1. nc: getaddrinfo for host "akhil-obeliskredis-cache-testing.redis.cache.windows.net" port 6380: Name or service not known

I see one difference. In terraform creation fqdn is not creating and when I created manually from azure portal fqdn is creating and it is working with out any error

Using Terraform
如何使用Terraform创建Azure Redis缓存的私有端点?

Manually Creating from azure portal - After that when I p
如何使用Terraform创建Azure Redis缓存的私有端点?

Please guide me on what might be missing when I try to create a private endpoint for Azure Redis Cache using Terraform.

Thanks in Advance

答案1

得分: 1

以下是翻译好的部分:

  • 私有终结点
  • 私有 DNS 区域
  • DNS 区域组
  • VNet 链接

你的虚拟网络是否已链接到私有 DNS 区域?我在你的代码中没有看到 VNet 链接资源。

"azurerm_private_dns_zone_virtual_network_link" 使得可以在 Azure 虚拟网络内启用 DNS 解析和注册,使用 Azure 私有 DNS。

参考链接:https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link

英文:

There are several resources that needs to be configured correctly for this to work:

  • Private Endpoint
  • Private DNS Zone
  • DNS Zone Group
  • VNet Link

Is your Vnet linked to the private DNS zone? I don't see a Vnet link resource in your code.

"azurerm_private_dns_zone_virtual_network_link" enable DNS resolution and registration inside Azure Virtual Networks using Azure Private DNS.

<!-- begin snippet -->

  1. resource &quot;azurerm_private_dns_zone_virtual_network_link&quot; &quot;example&quot; {
  2.   name                  = &quot;test&quot;
  3.   resource_group_name   = azurerm_resource_group.example.name
  4.   private_dns_zone_name = azurerm_private_dns_zone.example.name
  5.   virtual_network_id    = azurerm_virtual_network.example.id
  6. }

<!-- end snippet -->

Refer: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_dns_zone_virtual_network_link

答案2

得分: 0

我正在使用以下方法来使用Redis缓存的私有端点:

  1. module "redis_cache" {
  2.   source = "../shared/redis"
  4.   env_config = local.env_config
  5.   config     = local.redis_config
  6. }
  8. module "redis_cache_endpoint" {
  9.   source = "../shared/network/private_endpoint"
  11.   depends_on = [
  12.     module.redis_cache,
  13.     data.azurerm_subnet.bkend
  14.   ]
  16.   env_config = local.env_config
  18.   config = {
  19.     connected_resource      = module.redis_cache.redis_config.id
  20.     endpoint_name           = "${module.redis_cache.redis_config.redis_cache_name}-pep"
  21.     service_connection_name = "${module.redis_cache.redis_config.redis_cache_name}-sc"
  22.     subnet_id               = data.azurerm_subnet.bkend.id
  23.     subresource_names       = ["redisCache"]
  24.   }
  25. }
  27. module "redis_cache_private_network_a_record" {
  28.   source = "../shared/private_dns/private_dns_a_record"
  30.   depends_on = [
  31.     module.redis_cache,
  32.     module.redis_cache_endpoint
  33.   ]
  35.   providers = {
  36.     azurerm = azurerm.hubdns
  37.   }
  39.   env_config = local.env_config
  41.   config = {
  42.     a_record_name         = module.redis_cache.redis_config.redis_cache_name
  43.     private_dns_zone_name = "privatelink.redis.cache.windows.net"
  44.     private_ip_address    = [module.redis_cache_endpoint.config.private_ip_address]
  45.     ttl                   = 3600
  46.   }
  47. }

我已经将所有配置都进行了驱动,并且对我来说正常工作。

英文:

I am using the following approach to use Private Endpoint with Redis Cache:

  1. module &quot;redis_cache&quot; {
  2.   source = &quot;../shared/redis&quot;
  4.   env_config = local.env_config
  5.   config     = local.redis_config
  6. }
  8. module &quot;redis_cache_endpoint&quot; {
  9.   source = &quot;../shared/network/private_endpoint&quot;
  11.   depends_on = [
  12.     module.redis_cache,
  13.     data.azurerm_subnet.bkend
  14.   ]
  16.   env_config = local.env_config
  18.   config = {
  19.     connected_resource      = module.redis_cache.redis_config.id
  20.     endpoint_name           = &quot;${module.redis_cache.redis_config.redis_cache_name}-pep&quot;
  21.     service_connection_name = &quot;${module.redis_cache.redis_config.redis_cache_name}-sc&quot;
  22.     subnet_id               = data.azurerm_subnet.bkend.id
  23.     subresource_names       = [&quot;redisCache&quot;]
  24.   }
  25. }
  27. module &quot;redis_cache_private_network_a_record&quot; {
  28.   source = &quot;../shared/private_dns/private_dns_a_record&quot;
  30.   depends_on = [
  31.     module.redis_cache,
  32.     module.redis_cache_endpoint
  33.   ]
  35.   providers = {
  36.     azurerm = azurerm.hubdns
  37.   }
  39.   env_config = local.env_config
  41.   config = {
  42.     a_record_name         = module.redis_cache.redis_config.redis_cache_name
  43.     private_dns_zone_name = &quot;privatelink.redis.cache.windows.net&quot;
  44.     private_ip_address    = [module.redis_cache_endpoint.config.private_ip_address]
  45.     ttl                   = 3600
  46.   }
  47. }

I have everything config driven and it is working fine for me.

huangapple
  • 本文由 发表于 2023年6月5日 20:45:01
  • 转载请务必保留本文链接:https://go.coder-hub.com/76406553.html
  • azure
  • redis
  • terraform
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定