{"id":49046,"date":"2023-05-07T08:22:25","date_gmt":"2022-12-24T22:04:35","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/"},"modified":"2024-04-30T03:01:49","modified_gmt":"2024-04-29T19:01:49","slug":"%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/","title":{"rendered":"\u6211\u4f7f\u7528Terraform\u642d\u5efa\u4e86GKE+ASM\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c"},"content":{"rendered":"

\u9996\u5148<\/h1>\n

\u5927\u5bb6\u597d\u3002\u4e4b\u524d\u6211\u5199\u4e86\u4e00\u7bc7\u6587\u7ae0\uff0c\u4e3b\u9898\u662f\u201c\u4f7f\u7528\u591a\u4e2a\u533a\u57df\u7684 GKE \u96c6\u7fa4\u548c Anthos Service Mesh \u6784\u5efa\u591a\u96c6\u7fa4 Mesh \u73af\u5883\u201d\u3002\u8fd9\u6b21\u6211\u5c1d\u8bd5\u7528 Terraform \u6765\u6784\u5efa\u8fd9\u4e2a\u73af\u5883\u3002\u5982\u679c\u4f60\u4eec\u6b63\u8003\u8651\u4f7f\u7528 Terraform \u6765\u6784\u5efa ASM \u73af\u5883\uff0c\u4e0d\u59a8\u53c2\u8003\u4e00\u4e0b\u3002<\/p>\n

\u5c3d\u7ba1\u5982\u6b64\uff0c\u5728\u64b0\u5199\u672c\u6587\u65f6\uff082022\u5e741\u6708\u5e95\uff09\uff0cTerraform\u5b98\u65b9\u6a21\u5757\u8fd8\u672a\u5bf9ASM\u7684v1.11\u53ca\u66f4\u9ad8\u7248\u672c\u63d0\u4f9b\u652f\u6301\uff0c\u56e0\u6b64\u5b9e\u9645\u4e0a\u65e0\u6cd5\u5f88\u597d\u5730\u4f7f\u7528\uff0c\u5bfc\u81f4\u5b9e\u65bd\u8d77\u6765\u6709\u4e9b\u56f0\u96be\u3002\u8bda\u5b9e\u5730\u8bf4\uff0c\u6211\u4eec\u5efa\u8bae\u5728\u5f15\u5165ASM\u4e4b\u540e\u4f7f\u7528\u9664Terraform\u4e4b\u5916\u7684\u5176\u4ed6\u5de5\u5177\u3002\u4e0d\u8fc7\uff0c\u8fd8\u662f\u5e0c\u671b\u5927\u5bb6\u80fd\u591f\u660e\u786e\uff0c\u672c\u6587\u4ec5\u4f9b\u53c2\u8003\uff0c\u8bf7\u6ce8\u610f\u6b64\u70b9\u3002<\/p>\n

\u5173\u4e8e\u5efa\u6784\u7cfb\u7edf<\/h1>\n

\u4ee5\u4e0b\u56fe\u8868\u6240\u793a\uff0c\u6211\u4eec\u5df2\u7ecf\u9488\u5bf9\u542f\u7528\u4e86\u9650\u5b9a\u516c\u5f00\u7c7b\u7684\u591a\u4e2a\u533a\u57df\u7684GKE\u96c6\u7fa4\u5f15\u5165\u4e86Anthos Service Mesh\uff08\u6258\u7ba1\u63a7\u5236\u5e73\u9762\uff09\u3002\u8bf7\u6ce8\u610f\uff0c\u7531\u4e8e\u901a\u5e38\u60c5\u51b5\u4e0b\u5e94\u7528\u7a0b\u5e8f\u5bb9\u5668\u5728\u57fa\u7840\u67b6\u6784\u4e4b\u5916\u7684\u5b58\u50a8\u5e93\u4e2d\u8fdb\u884c\u7ba1\u7406\uff0c\u6211\u4eec\u5728\u8fd9\u6b21\u8ba8\u8bba\u4e2d\u5c06\u5176\u6392\u9664\u5728\u5916\u3002<\/p>\n

\"01-architecture.png\"<\/div>\n

\u6211\u5199\u4e86\u4e00\u4e2aTerraform\u7684\u793a\u4f8b\u4ee3\u7801\u3002<\/h1>\n

\u73b0\u5728\uff0c\u6211\u60f3\u8981\u4ecb\u7ecd\u4e00\u4e0b\u672c\u6b21\u521b\u5efa\u7684Terraform\u793a\u4f8b\u4ee3\u7801\u3002\u9996\u5148\u662f\u76ee\u5f55\u7ed3\u6784\uff0c\u672c\u6b21\u6211\u4eec\u5c06\u5728environments\u76ee\u5f55\u4e0b\u4e3a\u6bcf\u4e2a\u73af\u5883\u521b\u5efa\u5b50\u76ee\u5f55\uff0c\u800c\u4e0d\u4f7f\u7528Workspace\uff0c\u800c\u662f\u5c06\u5176\u4f5c\u4e3a\u5355\u72ec\u7684\u6587\u4ef6\u8fdb\u884c\u7ba1\u7406\u3002<\/p>\n

.\r\n|-- environments\r\n|   `-- poc\r\n|       |-- backend.tf\r\n|       |-- main.tf\r\n|       `-- variables.tf\r\n`-- modules\r\n    |-- networks\r\n    |   |-- main.tf\r\n    |   |-- variables.tf\r\n    |   `-- outputs.tf\r\n    |-- gke\r\n    |   |-- main.tf\r\n    |   |-- variables.tf\r\n    |   `-- outputs.tf\r\n    `-- asm\r\n        |-- main.tf\r\n        |-- variables.tf\r\n        |-- scripts\r\n        |   |-- install.sh\r\n        |   |-- destroy.sh\r\n        |   `-- create-mesh.sh\r\n        `-- manifests\r\n            |-- istio-ingressgateway-pods\r\n            |   |-- namespace.yaml\r\n            |   |-- deployment.yaml\r\n            |   |-- serviceaccount.yaml\r\n            |   `-- role.yaml\r\n            `-- istio-ingressgateway-services\r\n                |-- multiclusterservice.yaml\r\n                |-- backendconfig.yaml\r\n                `-- multiclusteringress.yaml\r\n<\/code><\/pre>\n
\n
No.\u30d5\u30a1\u30a4\u30eb\u540d\u6982\u89811environments\/poc\/backend.tf<\/a>PoC\u74b0\u5883\u306etfstate\u30d5\u30a1\u30a4\u30eb\u4fdd\u5b58\u5148\u5b9a\u7fa92environments\/poc\/main.tf<\/a>PoC\u74b0\u5883\u306e\u5b9a\u7fa93environments\/pod\/variables.tf<\/a>PoC\u74b0\u5883\u306e\u5916\u90e8\u5909\u6570\u5b9a\u7fa94modules\/networks\/main.tf<\/a>\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8a2d\u5b9a\u7528\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u5b9a\u7fa95modules\/networks\/variables.tf<\/a>\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8a2d\u5b9a\u7528\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u5916\u90e8\u5909\u6570\u5b9a\u7fa96modules\/networks\/outputs.tf<\/a>\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8a2d\u5b9a\u7528\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u30a2\u30a6\u30c8\u30d7\u30c3\u30c8\u5b9a\u7fa97modules\/gke\/main.tf<\/a>GKE\u8a2d\u5b9a\u7528\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u5b9a\u7fa98modules\/gke\/variables.tf<\/a>GKE\u8a2d\u5b9a\u7528\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u5916\u90e8\u5909\u6570\u5b9a\u7fa99modules\/gke\/outputs.tf<\/a>GKE\u8a2d\u5b9a\u7528\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u30a2\u30a6\u30c8\u30d7\u30c3\u30c8\u5b9a\u7fa910modules\/asm\/main.tf<\/a>ASM\u8a2d\u5b9a\u7528\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u5b9a\u7fa911modules\/asm\/variables.tf<\/a>ASM\u8a2d\u5b9a\u7528\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u5916\u90e8\u5909\u6570\u5b9a\u7fa912modules\/asm\/scripts\/install.sh<\/a>ASM\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u30b9\u30af\u30ea\u30d7\u30c813modules\/asm\/scripts\/destroy.sh<\/a>ASM\u306e\u30a2\u30f3\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u30b9\u30af\u30ea\u30d7\u30c814modules\/asm\/scripts\/create-mesh.sh<\/a>ASM\u306e\u30de\u30eb\u30c1\u30af\u30e9\u30b9\u30bf\u30e1\u30c3\u30b7\u30e5\u4f5c\u6210\u30b9\u30af\u30ea\u30d7\u30c815modules\/asm\/manifests\/istio-ingressgateway-pods\/*<\/a>Istio IngressGateway\u30b3\u30f3\u30c6\u30ca\u306eKubernetes\u30de\u30cb\u30d5\u30a7\u30b9\u30c8\u30d5\u30a1\u30a4\u30eb\u7fa416modules\/asm\/manifests\/istio-ingressgateway-services\/*<\/a>Istio IngressGateway\u30b5\u30fc\u30d3\u30b9\u306eKubernetes\u30de\u30cb\u30d5\u30a7\u30b9\u30c8\u30d5\u30a1\u30a4\u30eb\u7fa4<\/div>\n<\/div>\n
PoC\u73af\u5883\u7684\u5b9a\u4e49<\/h2>\n
\u73af\u5883\/POC\/\u540e\u7aef.tf<\/h3>\n
\u6211\u6b63\u5728\u5b9a\u4e49\u4e00\u4e2a\u7528\u4e8e\u5728Google Cloud\u5b58\u50a8(GCS)\u4e0a\u7ba1\u7406PoC\u73af\u5883\u7684tfstate\u6587\u4ef6\u7684\u8bbe\u7f6e\u3002<\/p>\n
terraform<\/span> {<\/span>\r\n  backend<\/span> \"gcs\"<\/span> {<\/span>\r\n    bucket<\/span> =<\/span> \"matt-gcs-tfstate\"<\/span>\r\n    prefix<\/span> =<\/span> \"multi-asm-poc\"<\/span>\r\n  }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
\u73af\u5883\/\u9a8c\u8bc1\/main.tf<\/h3>\n
\u6b64\u6587\u4ef6\u4e3b\u8981\u5b9a\u4e49PoC\u73af\u5883\uff0c\u5e76\u5728\u6a21\u5757\u4e2d\u5b9a\u4e49\u5b9e\u9645\u5904\u7406\u3002 \u8fd9\u4e2a\u6587\u4ef6\u4e3b\u8981\u662f\u5b9a\u4e49PoC\u73af\u5883\u7279\u6709\u7684\u8bbe\u7f6e\u503c\u3002<\/p>\n
locals<\/span> {<\/span>\r\n  network<\/span> =<\/span> \"matt-vpc\"<\/span>\r\n\r\n  tokyo_subnet<\/span>          =<\/span> \"matt-tokyo-priv-snet\"<\/span>\r\n  tokyo_subnet_ip_range<\/span> =<\/span> \"172.16.0.0\/16\"<\/span>\r\n  tokyo_router<\/span>          =<\/span> \"matt-tokyo-router\"<\/span>\r\n  tokyo_nat<\/span>             =<\/span> \"matt-tokyo-nat\"<\/span>\r\n\r\n  osaka_subnet<\/span>          =<\/span> \"matt-osaka-priv-snet\"<\/span>\r\n  osaka_subnet_ip_range<\/span> =<\/span> \"172.24.0.0\/16\"<\/span>\r\n  osaka_router<\/span>          =<\/span> \"matt-osaka-router\"<\/span>\r\n  osaka_nat<\/span>             =<\/span> \"matt-osaka-nat\"<\/span>\r\n\r\n  tokyo_cluster<\/span>          =<\/span> \"matt-tokyo-cluster-1\"<\/span>\r\n  tokyo_master_ip_range<\/span>  =<\/span> \"192.168.0.0\/28\"<\/span>\r\n  tokyo_pod_ip_range<\/span>     =<\/span> \"10.16.0.0\/14\"<\/span>\r\n  tokyo_service_ip_range<\/span> =<\/span> \"10.20.0.0\/20\"<\/span>\r\n\r\n  osaka_cluster<\/span>          =<\/span> \"matt-osaka-cluster-1\"<\/span>\r\n  osaka_master_ip_range<\/span>  =<\/span> \"192.168.8.0\/28\"<\/span>\r\n  osaka_pod_ip_range<\/span>     =<\/span> \"10.32.0.0\/14\"<\/span>\r\n  osaka_service_ip_range<\/span> =<\/span> \"10.36.0.0\/20\"<\/span>\r\n}<\/span>\r\n\r\nmodule<\/span> \"networks\"<\/span> {<\/span>\r\n  source<\/span> =<\/span> \"..\/..\/modules\/networks\"<\/span>\r\n\r\n  project_id<\/span> =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  network<\/span>    =<\/span> local<\/span>.<\/span>network<\/span>\r\n\r\n  tokyo_subnet<\/span>                =<\/span> local<\/span>.<\/span>tokyo_subnet<\/span>\r\n  tokyo_subnet_ip_range<\/span>       =<\/span> local<\/span>.<\/span>tokyo_subnet_ip_range<\/span>\r\n  tokyo_subnet_2nd_ip_range_1<\/span> =<\/span> local<\/span>.<\/span>tokyo_pod_ip_range<\/span>\r\n  tokyo_subnet_2nd_ip_range_2<\/span> =<\/span> local<\/span>.<\/span>tokyo_service_ip_range<\/span>\r\n  tokyo_router<\/span>                =<\/span> local<\/span>.<\/span>tokyo_router<\/span>\r\n  tokyo_nat<\/span>                   =<\/span> local<\/span>.<\/span>tokyo_nat<\/span>\r\n\r\n  osaka_subnet<\/span>                =<\/span> local<\/span>.<\/span>osaka_subnet<\/span>\r\n  osaka_subnet_ip_range<\/span>       =<\/span> local<\/span>.<\/span>osaka_subnet_ip_range<\/span>\r\n  osaka_subnet_2nd_ip_range_1<\/span> =<\/span> local<\/span>.<\/span>osaka_pod_ip_range<\/span>\r\n  osaka_subnet_2nd_ip_range_2<\/span> =<\/span> local<\/span>.<\/span>osaka_service_ip_range<\/span>\r\n  osaka_router<\/span>                =<\/span> local<\/span>.<\/span>osaka_router<\/span>\r\n  osaka_nat<\/span>                   =<\/span> local<\/span>.<\/span>osaka_nat<\/span>\r\n}<\/span>\r\n\r\nmodule<\/span> \"gke\"<\/span> {<\/span>\r\n  source<\/span> =<\/span> \"..\/..\/modules\/gke\"<\/span>\r\n\r\n  project_id<\/span> =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  network<\/span>    =<\/span> module<\/span>.<\/span>networks<\/span>.<\/span>network<\/span>\r\n\r\n  tokyo_cluster<\/span>         =<\/span> local<\/span>.<\/span>tokyo_cluster<\/span>\r\n  tokyo_subnet<\/span>          =<\/span> local<\/span>.<\/span>tokyo_subnet<\/span>\r\n  tokyo_master_ip_range<\/span> =<\/span> local<\/span>.<\/span>tokyo_master_ip_range<\/span>\r\n\r\n  osaka_cluster<\/span>         =<\/span> local<\/span>.<\/span>osaka_cluster<\/span>\r\n  osaka_subnet<\/span>          =<\/span> local<\/span>.<\/span>osaka_subnet<\/span>\r\n  osaka_master_ip_range<\/span> =<\/span> local<\/span>.<\/span>osaka_master_ip_range<\/span>\r\n}<\/span>\r\n\r\nmodule<\/span> \"asm\"<\/span> {<\/span>\r\n  source<\/span> =<\/span> \"..\/..\/modules\/asm\"<\/span>\r\n\r\n  project_id<\/span> =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  network<\/span>    =<\/span> module<\/span>.<\/span>networks<\/span>.<\/span>network<\/span>\r\n\r\n  tokyo_cluster<\/span>      =<\/span> module<\/span>.<\/span>gke<\/span>.<\/span>tokyo_cluster<\/span>\r\n  tokyo_pod_ip_range<\/span> =<\/span> local<\/span>.<\/span>tokyo_pod_ip_range<\/span>\r\n\r\n  osaka_cluster<\/span>      =<\/span> module<\/span>.<\/span>gke<\/span>.<\/span>osaka_cluster<\/span>\r\n  osaka_pod_ip_range<\/span> =<\/span> local<\/span>.<\/span>osaka_pod_ip_range<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
\u73af\u5883\/\u5bb9\u5668\/\u53d8\u91cf.tf<\/h3>\n
\u5728\u6267\u884cterraform plan\/apply\u547d\u4ee4\u65f6\uff0c\u901a\u8fc7\u7c7b\u4f3c\u4e8e”-var=”project_id=${PROJECT_ID}”\u7684\u65b9\u5f0f\u5b9a\u4e49\u5916\u90e8\u63d0\u4f9b\u7684\u53d8\u91cf\u3002<\/p>\n
variable<\/span> \"project_id\"<\/span> {}<\/span>\r\n<\/code><\/pre>\n
\u7f51\u7edc\u6a21\u5757\u5b9a\u4e49<\/h2>\n
\u4e3b\u8981\u7f51\u7edc\u6a21\u5757\u7684\u914d\u7f6e\u6587\u4ef6\u4e3a main.tf\u3002<\/h3>\n
\u8fd9\u91cc\u5b9a\u4e49\u4e86VPC\u548cCloud NAT\u4f5c\u4e3a\u7f51\u7edc\u8bbe\u7f6e\u3002\u5728\u672c\u4f8b\u4e2d\uff0c\u6211\u4eec\u5c1d\u8bd5\u5229\u7528Terraform\u5b98\u65b9\u6a21\u5757\u3002<\/p>\n
module<\/span> \"vpc\"<\/span> {<\/span>\r\n  source<\/span>      =<\/span> \"terraform-google-modules\/network\/google\"<\/span>\r\n  version<\/span>     =<\/span> \"4.1.0\"<\/span>\r\n  description<\/span> =<\/span> \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/network\/google\/4.1.0\"<\/span>\r\n\r\n  project_id<\/span>      =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  network_name<\/span>    =<\/span> var<\/span>.<\/span>network<\/span>\r\n  shared_vpc_host<\/span> =<\/span> false<\/span>\r\n\r\n  subnets<\/span> =<\/span> [<\/span>\r\n    {<\/span>\r\n      subnet_name<\/span>           =<\/span> var<\/span>.<\/span>tokyo_subnet<\/span>\r\n      subnet_ip<\/span>             =<\/span> var<\/span>.<\/span>tokyo_subnet_ip_range<\/span>\r\n      subnet_region<\/span>         =<\/span> \"asia-northeast1\"<\/span>\r\n      subnet_private_access<\/span> =<\/span> true<\/span>\r\n    },<\/span>\r\n    {<\/span>\r\n      subnet_name<\/span>           =<\/span> var<\/span>.<\/span>osaka_subnet<\/span>\r\n      subnet_ip<\/span>             =<\/span> var<\/span>.<\/span>osaka_subnet_ip_range<\/span>\r\n      subnet_region<\/span>         =<\/span> \"asia-northeast2\"<\/span>\r\n      subnet_private_access<\/span> =<\/span> true<\/span>\r\n    }<\/span>\r\n  ]<\/span>\r\n\r\n  secondary_ranges<\/span> =<\/span> {<\/span>\r\n    (<\/span>var<\/span>.<\/span>tokyo_subnet<\/span>)<\/span> =<\/span> [<\/span>\r\n      {<\/span>\r\n        range_name<\/span>    =<\/span> \"<\/span>${<\/span>var<\/span>.<\/span>tokyo_subnet<\/span>}<\/span>-pods\"<\/span>\r\n        ip_cidr_range<\/span> =<\/span> var<\/span>.<\/span>tokyo_subnet_2nd_ip_range_1<\/span>\r\n      },<\/span>\r\n      {<\/span>\r\n        range_name<\/span>    =<\/span> \"<\/span>${<\/span>var<\/span>.<\/span>tokyo_subnet<\/span>}<\/span>-services\"<\/span>\r\n        ip_cidr_range<\/span> =<\/span> var<\/span>.<\/span>tokyo_subnet_2nd_ip_range_2<\/span>\r\n      },<\/span>\r\n    ]<\/span>\r\n\r\n    (<\/span>var<\/span>.<\/span>osaka_subnet<\/span>)<\/span> =<\/span> [<\/span>\r\n      {<\/span>\r\n        range_name<\/span>    =<\/span> \"<\/span>${<\/span>var<\/span>.<\/span>osaka_subnet<\/span>}<\/span>-pods\"<\/span>\r\n        ip_cidr_range<\/span> =<\/span> var<\/span>.<\/span>osaka_subnet_2nd_ip_range_1<\/span>\r\n      },<\/span>\r\n      {<\/span>\r\n        range_name<\/span>    =<\/span> \"<\/span>${<\/span>var<\/span>.<\/span>osaka_subnet<\/span>}<\/span>-services\"<\/span>\r\n        ip_cidr_range<\/span> =<\/span> var<\/span>.<\/span>osaka_subnet_2nd_ip_range_2<\/span>\r\n      },<\/span>\r\n    ]<\/span>\r\n  }<\/span>\r\n}<\/span>\r\n\r\nmodule<\/span> \"cloud_router_tokyo\"<\/span> {<\/span>\r\n  source<\/span>      =<\/span> \"terraform-google-modules\/cloud-router\/google\"<\/span>\r\n  version<\/span>     =<\/span> \"1.3.0\"<\/span>\r\n  description<\/span> =<\/span> \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/cloud-router\/google\/1.3.0\"<\/span>\r\n\r\n  name<\/span>    =<\/span> var<\/span>.<\/span>tokyo_router<\/span>\r\n  project<\/span> =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  region<\/span>  =<\/span> \"asia-northeast1\"<\/span>\r\n  network<\/span> =<\/span> module<\/span>.<\/span>vpc<\/span>.<\/span>network_name<\/span>\r\n\r\n  nats<\/span> =<\/span> [{<\/span>\r\n    name<\/span> =<\/span> var<\/span>.<\/span>tokyo_nat<\/span>\r\n  }]<\/span>\r\n}<\/span>\r\n\r\nmodule<\/span> \"cloud_router_osaka\"<\/span> {<\/span>\r\n  source<\/span>      =<\/span> \"terraform-google-modules\/cloud-router\/google\"<\/span>\r\n  version<\/span>     =<\/span> \"1.3.0\"<\/span>\r\n  description<\/span> =<\/span> \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/cloud-router\/google\/1.3.0\"<\/span>\r\n\r\n  name<\/span>    =<\/span> var<\/span>.<\/span>osaka_router<\/span>\r\n  project<\/span> =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  region<\/span>  =<\/span> \"asia-northeast2\"<\/span>\r\n  network<\/span> =<\/span> module<\/span>.<\/span>vpc<\/span>.<\/span>network_name<\/span>\r\n\r\n  nats<\/span> =<\/span> [{<\/span>\r\n    name<\/span> =<\/span> var<\/span>.<\/span>osaka_nat<\/span>\r\n  }]<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
\u6a21\u5757\/\u7f51\u7edc\/\u53d8\u91cf.tf<\/h3>\n
\u6211\u6b63\u5728\u5b9a\u4e49\u7f51\u7edc\u6a21\u5757\u7684\u5916\u90e8\u53d8\u91cf\u3002<\/p>\n
variable<\/span> \"project_id\"<\/span> {}<\/span>\r\nvariable<\/span> \"network\"<\/span> {}<\/span>\r\n\r\nvariable<\/span> \"tokyo_subnet\"<\/span> {}<\/span>\r\nvariable<\/span> \"tokyo_subnet_ip_range\"<\/span> {}<\/span>\r\nvariable<\/span> \"tokyo_subnet_2nd_ip_range_1\"<\/span> {}<\/span>\r\nvariable<\/span> \"tokyo_subnet_2nd_ip_range_2\"<\/span> {}<\/span>\r\nvariable<\/span> \"tokyo_router\"<\/span> {}<\/span>\r\nvariable<\/span> \"tokyo_nat\"<\/span> {}<\/span>\r\n\r\nvariable<\/span> \"osaka_subnet\"<\/span> {}<\/span>\r\nvariable<\/span> \"osaka_subnet_ip_range\"<\/span> {}<\/span>\r\nvariable<\/span> \"osaka_subnet_2nd_ip_range_1\"<\/span> {}<\/span>\r\nvariable<\/span> \"osaka_subnet_2nd_ip_range_2\"<\/span> {}<\/span>\r\nvariable<\/span> \"osaka_router\"<\/span> {}<\/span>\r\nvariable<\/span> \"osaka_nat\"<\/span> {}<\/span>\r\n<\/code><\/pre>\n
\u6a21\u5757\/\u7f51\u7edc\/\u8f93\u51fa.tf<\/h3>\n
\u6b63\u5728\u5b9a\u4e49\u7f51\u7edc\u6a21\u5757\u7684\u8f93\u51fa\u53d8\u91cf\u3002<\/p>\n
output<\/span> \"network\"<\/span> {<\/span>\r\n  value<\/span> =<\/span> module<\/span>.<\/span>vpc<\/span>.<\/span>network_name<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
GKE \u6a21\u5757\u5b9a\u4e49<\/h2>\n
\u6a21\u5757\/ gke \/ main.tf<\/h3>\n
\u6211\u5728\u4e1c\u4eac\/\u5927\u962a\u5730\u533a\u5b9a\u4e49\u4e86\u4e00\u4e2aGKE\u96c6\u7fa4\u3002\u6211\u8fd8\u5c1d\u8bd5\u4e86\u4f7f\u7528Terraform\u5b98\u65b9\u6a21\u5757\u6765\u521b\u5efa\u7f51\u7edc\u6a21\u5757\u3002<\/p>\n
\u622a\u81f32022\u5e741\u6708\u5e95\uff0c\u7531\u4e8eTerraform\u5b98\u65b9private-cluster\u6a21\u5757v19.0.0\uff08\u6700\u65b0\u7248\uff09\u4e2d\u6ca1\u6709\u542f\u7528\u5168\u7403\u63a7\u5236\u5e73\u9762\u8bbf\u95ee\u7684\u9009\u9879\uff0c\u6240\u4ee5\u6211\u4eec\u4f7f\u7528\u4e86Terraform\u5b98\u65b9beta-private-cluster\u6a21\u5757v19.0.0\uff08\u6700\u65b0\u7248\uff09\u6765\u5b9e\u73b0\u3002<\/div>\n
module<\/span> \"gke_tokyo\"<\/span> {<\/span>\r\n  source<\/span>      =<\/span> \"terraform-google-modules\/kubernetes-engine\/google\/\/modules\/beta-private-cluster\"<\/span>\r\n  version<\/span>     =<\/span> \"19.0.0\"<\/span>\r\n  description<\/span> =<\/span> \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/kubernetes-engine\/google\/19.0.0\/submodules\/beta-private-cluster\"<\/span>\r\n\r\n  project_id<\/span>                   =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  name<\/span>                         =<\/span> var<\/span>.<\/span>tokyo_cluster<\/span>\r\n  region<\/span>                       =<\/span> \"asia-northeast1\"<\/span>\r\n  network<\/span>                      =<\/span> var<\/span>.<\/span>network<\/span>\r\n  subnetwork<\/span>                   =<\/span> var<\/span>.<\/span>tokyo_subnet<\/span>\r\n  ip_range_pods<\/span>                =<\/span> \"<\/span>${<\/span>var<\/span>.<\/span>tokyo_subnet<\/span>}<\/span>-pods\"<\/span>\r\n  ip_range_services<\/span>            =<\/span> \"<\/span>${<\/span>var<\/span>.<\/span>tokyo_subnet<\/span>}<\/span>-services\"<\/span>\r\n  enable_private_endpoint<\/span>      =<\/span> false<\/span>\r\n  enable_private_nodes<\/span>         =<\/span> true<\/span>\r\n  master_global_access_enabled<\/span> =<\/span> true<\/span>\r\n  master_ipv4_cidr_block<\/span>       =<\/span> var<\/span>.<\/span>tokyo_master_ip_range<\/span>\r\n  release_channel<\/span>              =<\/span> var<\/span>.<\/span>release_channel<\/span>\r\n\r\n  node_pools<\/span> =<\/span> [{<\/span>\r\n    name<\/span>               =<\/span> \"default-tokyo-pool\"<\/span>\r\n    machine_type<\/span>       =<\/span> \"e2-standard-4\"<\/span>\r\n    min_count<\/span>          =<\/span> 1<\/span>\r\n    max_count<\/span>          =<\/span> 3<\/span>\r\n    initial_node_count<\/span> =<\/span> 1<\/span>\r\n  }]<\/span>\r\n  remove_default_node_pool<\/span> =<\/span> true<\/span>\r\n\r\n}<\/span>\r\n\r\nmodule<\/span> \"gke_osaka\"<\/span> {<\/span>\r\n  source<\/span>      =<\/span> \"terraform-google-modules\/kubernetes-engine\/google\/\/modules\/beta-private-cluster\"<\/span>\r\n  version<\/span>     =<\/span> \"19.0.0\"<\/span>\r\n  description<\/span> =<\/span> \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/kubernetes-engine\/google\/19.0.0\/submodules\/beta-private-cluster\"<\/span>\r\n\r\n  project_id<\/span>                   =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  name<\/span>                         =<\/span> var<\/span>.<\/span>osaka_cluster<\/span>\r\n  region<\/span>                       =<\/span> \"asia-northeast2\"<\/span>\r\n  network<\/span>                      =<\/span> var<\/span>.<\/span>network<\/span>\r\n  subnetwork<\/span>                   =<\/span> var<\/span>.<\/span>osaka_subnet<\/span>\r\n  ip_range_pods<\/span>                =<\/span> \"<\/span>${<\/span>var<\/span>.<\/span>osaka_subnet<\/span>}<\/span>-pods\"<\/span>\r\n  ip_range_services<\/span>            =<\/span> \"<\/span>${<\/span>var<\/span>.<\/span>osaka_subnet<\/span>}<\/span>-services\"<\/span>\r\n  enable_private_endpoint<\/span>      =<\/span> false<\/span>\r\n  enable_private_nodes<\/span>         =<\/span> true<\/span>\r\n  master_global_access_enabled<\/span> =<\/span> true<\/span>\r\n  master_ipv4_cidr_block<\/span>       =<\/span> var<\/span>.<\/span>osaka_master_ip_range<\/span>\r\n  release_channel<\/span>              =<\/span> var<\/span>.<\/span>release_channel<\/span>\r\n\r\n  node_pools<\/span> =<\/span> [{<\/span>\r\n    name<\/span>               =<\/span> \"default-osaka-pool\"<\/span>\r\n    machine_type<\/span>       =<\/span> \"e2-standard-4\"<\/span>\r\n    min_count<\/span>          =<\/span> 1<\/span>\r\n    max_count<\/span>          =<\/span> 3<\/span>\r\n    initial_node_count<\/span> =<\/span> 1<\/span>\r\n  }]<\/span>\r\n  remove_default_node_pool<\/span> =<\/span> true<\/span>\r\n\r\n}<\/span>\r\n<\/code><\/pre>\n
\u6a21\u5757\/gke\/variables.tf<\/h3>\n
\u6211\u6b63\u5728\u5b9a\u4e49GKE\u6a21\u5757\u7684\u5916\u90e8\u53d8\u91cf\u3002<\/p>\n
variable<\/span> \"project_id\"<\/span> {}<\/span>\r\nvariable<\/span> \"network\"<\/span> {}<\/span>\r\n\r\nvariable<\/span> \"tokyo_cluster\"<\/span> {}<\/span>\r\nvariable<\/span> \"tokyo_subnet\"<\/span> {}<\/span>\r\nvariable<\/span> \"tokyo_master_ip_range\"<\/span> {}<\/span>\r\n\r\nvariable<\/span> \"osaka_cluster\"<\/span> {}<\/span>\r\nvariable<\/span> \"osaka_subnet\"<\/span> {}<\/span>\r\nvariable<\/span> \"osaka_master_ip_range\"<\/span> {}<\/span>\r\n\r\nvariable<\/span> \"release_channel\"<\/span> {<\/span>\r\n  default<\/span> =<\/span> \"STABLE\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
\u6a21\u5757\/\u8c37\u6b4c\u4e91\u5f15\u64ce\/\u8f93\u51fa.tf<\/h3>\n
\u5728\u6b64\u5b9a\u4e49\u4e86GKE\u6a21\u5757\u7684\u8f93\u51fa\u53d8\u91cf\u3002<\/p>\n
output<\/span> \"tokyo_cluster\"<\/span> {<\/span>\r\n  value<\/span> =<\/span> module<\/span>.<\/span>gke_tokyo<\/span>.<\/span>name<\/span>\r\n}<\/span>\r\noutput<\/span> \"osaka_cluster\"<\/span> {<\/span>\r\n  value<\/span> =<\/span> module<\/span>.<\/span>gke_osaka<\/span>.<\/span>name<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
ASM\u6a21\u5757\u5b9a\u4e49<\/h2>\n
\u8fd9\u91cc\u662f\u4e3b Terraform \u6587\u4ef6\u7684\u6a21\u5757\/asm\/main.tf\u3002<\/h3>\n
\u6211\u5728\u4e1c\u4eac\/\u5927\u962a\u5730\u533a\u7684GKE\u96c6\u7fa4\u4e2d\u5b9a\u4e49\u4e86ASM\u5b89\u88c5\u3001\u591a\u96c6\u7fa4\u670d\u52a1\u7f51\u683c\u521b\u5efa\u548cIngress\u7f51\u5173\u90e8\u7f72\u7684\u6b65\u9aa4\u3002\u7136\u800c\uff0c\u7531\u4e8e\u5199\u793a\u4f8b\u4ee3\u7801\u53d8\u5f97\u975e\u5e38\u56f0\u96be\uff0c\u6211\u4e2a\u4eba\u8ba4\u4e3a\u76ee\u524d\u4f7f\u7528\u9664\u4e86Terraform\u4ee5\u5916\u7684\u5176\u4ed6\u65b9\u6cd5\u53ef\u80fd\u66f4\u597d^^;<\/p>\n
\u622a\u81f3\u6587\u7ae0\u64b0\u5199\u65f6\u70b9\uff082022\u5e741\u6708\u5e95\uff09\uff0c\u7531\u4e8eTerraform\u5b98\u65b9asm\u5b50\u6a21\u5757v19.0.0\uff08\u6700\u65b0\u7248\uff09\u65e0\u6cd5\u517c\u5bb9ASM v11.0\u53ca\u66f4\u9ad8\u7248\u672c\uff0c\u56e0\u6b64\u6211\u4eec\u4f7f\u7528\u4e86Terraform\u5b98\u65b9gcloud\u6a21\u5757\u548ckubectl-wrapper\u5b50\u6a21\u5757v3.1.0\uff08\u6700\u65b0\u7248\uff09\uff0c\u901a\u8fc7Shell\u811a\u672c\u6765\u8fdb\u884c\u7e41\u7410\u7684\u5b9e\u73b0\uff0c\u7ed3\u679c\u53d8\u5f97\u975e\u5e38\u5fae\u5999\u3002<\/div>\n
\u6211\u4e2a\u4eba\u8ba4\u4e3a\uff0c\u5728\u8fd9\u4e2a\u4f8b\u5b50\u4e2d\uff0c\u867d\u7136\u6211\u4eec\u4f7f\u7528\u4e86Terraform\u5b98\u65b9\u7684firewall-rules\u5b50\u6a21\u5757v4.1.0(latest)\u6765\u5b9a\u4e49\u9632\u706b\u5899\u89c4\u5219\uff0c\u4f46\u7531\u4e8e\u65e0\u6cd5\u7701\u7565rules\u5185\u7684\u53d8\u91cf\u5b9a\u4e49\uff0c\u4f7f\u7528\u8d77\u6765\u5e76\u4e0d\u65b9\u4fbf\u3002\u6240\u4ee5\u6211\u4e2a\u4eba\u89c9\u5f97\u76f4\u63a5\u5b9a\u4e49google_compute_firewall\u8d44\u6e90\u4f1a\u66f4\u597d\u3002<\/div>\n
module<\/span> \"asm_tokyo\"<\/span> {<\/span>\r\n  source<\/span>  =<\/span> \"terraform-google-modules\/gcloud\/google\/\/modules\/kubectl-wrapper\"<\/span>\r\n  version<\/span> =<\/span> \"3.1.0\"<\/span>\r\n  #description = \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/gcloud\/google\/3.1.0\/submodules\/kubectl-wrapper\"<\/span>\r\n\r\n  project_id<\/span>              =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  cluster_name<\/span>            =<\/span> var<\/span>.<\/span>tokyo_cluster<\/span>\r\n  cluster_location<\/span>        =<\/span> var<\/span>.<\/span>tokyo_location<\/span>\r\n  kubectl_create_command<\/span>  =<\/span> \"<\/span>${<\/span>path<\/span>.<\/span>module}<\/span>\/scripts\/install.sh <\/span>${<\/span>var<\/span>.<\/span>project_id<\/span>}<\/span> ${<\/span>var<\/span>.<\/span>tokyo_cluster<\/span>}<\/span> ${<\/span>var<\/span>.<\/span>tokyo_location<\/span>}<\/span> ${<\/span>var<\/span>.<\/span>release_channel<\/span>}<\/span>\"<\/span>\r\n  kubectl_destroy_command<\/span> =<\/span> \"<\/span>${<\/span>path<\/span>.<\/span>module}<\/span>\/scripts\/destroy.sh <\/span>${<\/span>var<\/span>.<\/span>project_id<\/span>}<\/span> ${<\/span>var<\/span>.<\/span>tokyo_cluster<\/span>}<\/span> ${<\/span>var<\/span>.<\/span>tokyo_location<\/span>}<\/span>\"<\/span>\r\n}<\/span>\r\n\r\nmodule<\/span> \"asm_osaka\"<\/span> {<\/span>\r\n  source<\/span>  =<\/span> \"terraform-google-modules\/gcloud\/google\/\/modules\/kubectl-wrapper\"<\/span>\r\n  version<\/span> =<\/span> \"3.1.0\"<\/span>\r\n  #description = \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/gcloud\/google\/3.1.0\/submodules\/kubectl-wrapper\"<\/span>\r\n\r\n  project_id<\/span>              =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  cluster_name<\/span>            =<\/span> var<\/span>.<\/span>osaka_cluster<\/span>\r\n  cluster_location<\/span>        =<\/span> var<\/span>.<\/span>osaka_location<\/span>\r\n  kubectl_create_command<\/span>  =<\/span> \"<\/span>${<\/span>path<\/span>.<\/span>module}<\/span>\/scripts\/install.sh <\/span>${<\/span>var<\/span>.<\/span>project_id<\/span>}<\/span> ${<\/span>var<\/span>.<\/span>osaka_cluster<\/span>}<\/span> ${<\/span>var<\/span>.<\/span>osaka_location<\/span>}<\/span> ${<\/span>var<\/span>.<\/span>release_channel<\/span>}<\/span>\"<\/span>\r\n  kubectl_destroy_command<\/span> =<\/span> \"<\/span>${<\/span>path<\/span>.<\/span>module}<\/span>\/scripts\/destroy.sh <\/span>${<\/span>var<\/span>.<\/span>project_id<\/span>}<\/span> ${<\/span>var<\/span>.<\/span>osaka_cluster<\/span>}<\/span> ${<\/span>var<\/span>.<\/span>osaka_location<\/span>}<\/span>\"<\/span>\r\n\r\n  module_depends_on<\/span> =<\/span> [<\/span>module<\/span>.<\/span>asm_tokyo<\/span>.<\/span>wait<\/span>]<\/span>\r\n}<\/span>\r\n\r\nmodule<\/span> \"asm_firewall_rules\"<\/span> {<\/span>\r\n  source<\/span>  =<\/span> \"terraform-google-modules\/network\/google\/\/modules\/firewall-rules\"<\/span>\r\n  version<\/span> =<\/span> \"4.1.0\"<\/span>\r\n  #description = \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/network\/google\/4.1.0\/submodules\/firewall-rules\"<\/span>\r\n\r\n  project_id<\/span>   =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  network_name<\/span> =<\/span> var<\/span>.<\/span>network<\/span>\r\n\r\n  rules<\/span> =<\/span> [{<\/span>\r\n    name<\/span>                    =<\/span> \"<\/span>${<\/span>var<\/span>.<\/span>network<\/span>}<\/span>-istio-multicluster-pods\"<\/span>\r\n    description<\/span>             =<\/span> null<\/span>\r\n    direction<\/span>               =<\/span> \"INGRESS\"<\/span>\r\n    priority<\/span>                =<\/span> 900<\/span>\r\n    ranges<\/span>                  =<\/span> [<\/span>\"<\/span>${<\/span>var<\/span>.<\/span>tokyo_pod_ip_range<\/span>}<\/span>\"<\/span>,<\/span> \"<\/span>${<\/span>var<\/span>.<\/span>osaka_pod_ip_range<\/span>}<\/span>\"<\/span>]<\/span>\r\n    source_tags<\/span>             =<\/span> null<\/span>\r\n    source_service_accounts<\/span> =<\/span> null<\/span>\r\n    target_tags<\/span>             =<\/span> [<\/span>\"gke-<\/span>${<\/span>var<\/span>.<\/span>tokyo_cluster<\/span>}<\/span>\"<\/span>,<\/span> \"gke-<\/span>${<\/span>var<\/span>.<\/span>osaka_cluster<\/span>}<\/span>\"<\/span>]<\/span>\r\n    target_service_accounts<\/span> =<\/span> null<\/span>\r\n    allow<\/span> =<\/span> [<\/span>\r\n      {<\/span>\r\n        protocol<\/span> =<\/span> \"tcp\"<\/span>\r\n        ports<\/span>    =<\/span> null<\/span>\r\n      },<\/span>\r\n      {<\/span>\r\n        protocol<\/span> =<\/span> \"udp\"<\/span>\r\n        ports<\/span>    =<\/span> null<\/span>\r\n      },<\/span>\r\n      {<\/span>\r\n        protocol<\/span> =<\/span> \"icmp\"<\/span>\r\n        ports<\/span>    =<\/span> null<\/span>\r\n      },<\/span>\r\n      {<\/span>\r\n        protocol<\/span> =<\/span> \"esp\"<\/span>\r\n        ports<\/span>    =<\/span> null<\/span>\r\n      },<\/span>\r\n      {<\/span>\r\n        protocol<\/span> =<\/span> \"ah\"<\/span>\r\n        ports<\/span>    =<\/span> null<\/span>\r\n      },<\/span>\r\n      {<\/span>\r\n        protocol<\/span> =<\/span> \"sctp\"<\/span>\r\n        ports<\/span>    =<\/span> null<\/span>\r\n      }<\/span>\r\n    ]<\/span>\r\n    deny<\/span> =<\/span> []<\/span>\r\n    log_config<\/span> =<\/span> {<\/span>\r\n      metadata<\/span> =<\/span> \"EXCLUDE_ALL_METADATA\"<\/span>\r\n    }<\/span>\r\n  }]<\/span>\r\n}<\/span>\r\n\r\nmodule<\/span> \"asm_multi_mesh\"<\/span> {<\/span>\r\n  source<\/span>  =<\/span> \"terraform-google-modules\/gcloud\/google\"<\/span>\r\n  version<\/span> =<\/span> \"3.1.0\"<\/span>\r\n  #description = \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/gcloud\/google\/3.1.0\"<\/span>\r\n\r\n  platform<\/span>              =<\/span> \"linux\"<\/span>\r\n  additional_components<\/span> =<\/span> [<\/span>\"kubectl\"<\/span>,<\/span> \"beta\"<\/span>]<\/span>\r\n\r\n  create_cmd_entrypoint<\/span> =<\/span> \"<\/span>${<\/span>path<\/span>.<\/span>module}<\/span>\/scripts\/create-mesh.sh\"<\/span>\r\n  create_cmd_body<\/span>       =<\/span> \"<\/span>${<\/span>var<\/span>.<\/span>project_id<\/span>}<\/span> ${<\/span>var<\/span>.<\/span>project_id<\/span>}<\/span>\/<\/span>${<\/span>var<\/span>.<\/span>tokyo_location<\/span>}<\/span>\/<\/span>${<\/span>var<\/span>.<\/span>tokyo_cluster<\/span>}<\/span> ${<\/span>var<\/span>.<\/span>project_id<\/span>}<\/span>\/<\/span>${<\/span>var<\/span>.<\/span>osaka_location<\/span>}<\/span>\/<\/span>${<\/span>var<\/span>.<\/span>osaka_cluster<\/span>}<\/span>\"<\/span>\r\n\r\n  module_depends_on<\/span> =<\/span> [<\/span>module<\/span>.<\/span>asm_osaka<\/span>.<\/span>wait<\/span>]<\/span>\r\n}<\/span>\r\n\r\nmodule<\/span> \"asm_mcs_api\"<\/span> {<\/span>\r\n  source<\/span>  =<\/span> \"terraform-google-modules\/gcloud\/google\"<\/span>\r\n  version<\/span> =<\/span> \"3.1.0\"<\/span>\r\n  #description = \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/gcloud\/google\/3.1.0\"<\/span>\r\n\r\n  platform<\/span>              =<\/span> \"linux\"<\/span>\r\n  additional_components<\/span> =<\/span> [<\/span>\"kubectl\"<\/span>,<\/span> \"beta\"<\/span>]<\/span>\r\n\r\n  create_cmd_entrypoint<\/span>  =<\/span> \"gcloud\"<\/span>\r\n  create_cmd_body<\/span>        =<\/span> \"container hub ingress enable --config-membership=<\/span>${<\/span>var<\/span>.<\/span>tokyo_cluster<\/span>}<\/span>\"<\/span>\r\n  destroy_cmd_entrypoint<\/span> =<\/span> \"gcloud\"<\/span>\r\n  destroy_cmd_body<\/span>       =<\/span> \"container hub ingress disable\"<\/span>\r\n\r\n  module_depends_on<\/span> =<\/span> [<\/span>module<\/span>.<\/span>asm_multi_mesh<\/span>.<\/span>wait<\/span>]<\/span>\r\n}<\/span>\r\n\r\nmodule<\/span> \"asm_tokyo_ingressgateway\"<\/span> {<\/span>\r\n  source<\/span>  =<\/span> \"terraform-google-modules\/gcloud\/google\/\/modules\/kubectl-wrapper\"<\/span>\r\n  version<\/span> =<\/span> \"3.1.0\"<\/span>\r\n  #description = \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/gcloud\/google\/3.1.0\/submodules\/kubectl-wrapper\"<\/span>\r\n\r\n  project_id<\/span>              =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  cluster_name<\/span>            =<\/span> var<\/span>.<\/span>tokyo_cluster<\/span>\r\n  cluster_location<\/span>        =<\/span> var<\/span>.<\/span>tokyo_location<\/span>\r\n  kubectl_create_command<\/span>  =<\/span> \"kubectl apply -f <\/span>${<\/span>path<\/span>.<\/span>module}<\/span>\/manifests\/istio-ingressgateway-pods\"<\/span>\r\n  kubectl_destroy_command<\/span> =<\/span> \"kubectl delete ns istio-system --ignore-not-found\"<\/span>\r\n\r\n  module_depends_on<\/span> =<\/span> [<\/span>module<\/span>.<\/span>asm_mcs_api<\/span>.<\/span>wait<\/span>]<\/span>\r\n}<\/span>\r\n\r\nmodule<\/span> \"asm_osaka_ingressgateway\"<\/span> {<\/span>\r\n  source<\/span>  =<\/span> \"terraform-google-modules\/gcloud\/google\/\/modules\/kubectl-wrapper\"<\/span>\r\n  version<\/span> =<\/span> \"3.1.0\"<\/span>\r\n  #description = \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/gcloud\/google\/3.1.0\/submodules\/kubectl-wrapper\"<\/span>\r\n\r\n  project_id<\/span>              =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  cluster_name<\/span>            =<\/span> var<\/span>.<\/span>osaka_cluster<\/span>\r\n  cluster_location<\/span>        =<\/span> var<\/span>.<\/span>osaka_location<\/span>\r\n  kubectl_create_command<\/span>  =<\/span> \"kubectl apply -f <\/span>${<\/span>path<\/span>.<\/span>module}<\/span>\/manifests\/istio-ingressgateway-pods\"<\/span>\r\n  kubectl_destroy_command<\/span> =<\/span> \"kubectl delete ns istio-system --ignore-not-found\"<\/span>\r\n\r\n  module_depends_on<\/span> =<\/span> [<\/span>module<\/span>.<\/span>asm_tokyo_ingressgateway<\/span>.<\/span>wait<\/span>]<\/span>\r\n}<\/span>\r\n\r\nmodule<\/span> \"asm_mcs_ingressgateway\"<\/span> {<\/span>\r\n  source<\/span>  =<\/span> \"terraform-google-modules\/gcloud\/google\/\/modules\/kubectl-wrapper\"<\/span>\r\n  version<\/span> =<\/span> \"3.1.0\"<\/span>\r\n  #description = \"https:\/\/registry.terraform.io\/modules\/terraform-google-modules\/gcloud\/google\/3.1.0\/submodules\/kubectl-wrapper\"<\/span>\r\n\r\n  project_id<\/span>              =<\/span> var<\/span>.<\/span>project_id<\/span>\r\n  cluster_name<\/span>            =<\/span> var<\/span>.<\/span>tokyo_cluster<\/span>\r\n  cluster_location<\/span>        =<\/span> var<\/span>.<\/span>tokyo_location<\/span>\r\n  kubectl_create_command<\/span>  =<\/span> \"kubectl apply -f <\/span>${<\/span>path<\/span>.<\/span>module}<\/span>\/manifests\/istio-ingressgateway-services\"<\/span>\r\n  kubectl_destroy_command<\/span> =<\/span> \"kubectl delete -f <\/span>${<\/span>path<\/span>.<\/span>module}<\/span>\/manifests\/istio-ingressgateway-services --ignore-not-found\"<\/span>\r\n\r\n  module_depends_on<\/span> =<\/span> [<\/span>module<\/span>.<\/span>asm_osaka_ingressgateway<\/span>.<\/span>wait<\/span>]<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
\u6a21\u5757\/\u6c47\u7f16\/\u53d8\u91cf. tf<\/h3>\n
\u6211\u6b63\u5728\u5b9a\u4e49ASM\u6a21\u5757\u7684\u5916\u90e8\u53d8\u91cf\u3002<\/p>\n
variable<\/span> \"project_id\"<\/span> {}<\/span>\r\nvariable<\/span> \"network\"<\/span> {}<\/span>\r\n\r\nvariable<\/span> \"tokyo_cluster\"<\/span> {}<\/span>\r\nvariable<\/span> \"tokyo_location\"<\/span> {<\/span>\r\n  default<\/span> =<\/span> \"asia-northeast1\"<\/span>\r\n}<\/span>\r\nvariable<\/span> \"tokyo_pod_ip_range\"<\/span> {}<\/span>\r\n\r\nvariable<\/span> \"osaka_cluster\"<\/span> {}<\/span>\r\nvariable<\/span> \"osaka_location\"<\/span> {<\/span>\r\n  default<\/span> =<\/span> \"asia-northeast2\"<\/span>\r\n}<\/span>\r\nvariable<\/span> \"osaka_pod_ip_range\"<\/span> {}<\/span>\r\n\r\nvariable<\/span> \"release_channel\"<\/span> {<\/span>\r\n  default<\/span> =<\/span> \"STABLE\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n
\u6a21\u5757\/\u6c47\u7f16\/\u811a\u672c\/\u5b89\u88c5.sh<\/h3>\n
\u8fd9\u662f\u4e00\u4e2a\u5b9a\u4e49\u4e86ASM\u5b89\u88c5\u8fc7\u7a0b\u7684\u811a\u672c\u6587\u4ef6\u3002\u6211\u4eec\u4f7f\u7528\u4e86ASM v11.0\u4e2d\u6b63\u5f0f\u542f\u7528\u7684asmcli\u547d\u4ee4\u6765\u521b\u5efa\u6258\u7ba1\u63a7\u5236\u5e73\u9762\u914d\u7f6e\u3002<\/p>\n
#!\/usr\/bin\/env bash<\/span>\r\n\r\nset<\/span> -e<\/span>\r\n\r\nPROJECT_ID<\/span>=<\/span>${<\/span>1<\/span>}<\/span>\r\nCLUSTER_NAME<\/span>=<\/span>${<\/span>2<\/span>}<\/span>\r\nCLUSTER_LOCATION<\/span>=<\/span>${<\/span>3<\/span>}<\/span>\r\nRELEASE_CHANNEL<\/span>=<\/span>${<\/span>4<\/span>}<\/span>\r\n\r\ncurl https:\/\/storage.googleapis.com\/csm-artifacts\/asm\/asmcli ><\/span> asmcli\r\nchmod<\/span> +x asmcli\r\n\r\n.\/asmcli install<\/span> \\<\/span>\r\n    --project_id<\/span> ${<\/span>PROJECT_ID<\/span>}<\/span> \\<\/span>\r\n    --cluster_name<\/span> ${<\/span>CLUSTER_NAME<\/span>}<\/span> \\<\/span>\r\n    --cluster_location<\/span> ${<\/span>CLUSTER_LOCATION<\/span>}<\/span> \\<\/span>\r\n    --managed<\/span> \\<\/span>\r\n    --channel<\/span> ${<\/span>RELEASE_CHANNEL<\/span>}<\/span> \\<\/span>\r\n    --enable-all<\/span>\r\n<\/code><\/pre>\n
\u6a21\u5757\/asm\/\u811a\u672c\/destroy.sh<\/h3>\n
\u8fd9\u662f\u4e00\u4e2a\u5b9a\u4e49\u4e86ASM\u5220\u9664\u5904\u7406\u7684\u811a\u672c\u6587\u4ef6\u3002\u5b83\u4f1a\u5220\u9664\u4e0eASM\u76f8\u5173\u7684\u547d\u540d\u7a7a\u95f4\uff0c\u5e76\u6267\u884c\u4eceAnthos\u96c6\u7fa4\u4e2d\u53d6\u6d88\u6ce8\u518c\u7684\u64cd\u4f5c\u3002<\/p>\n
#!\/usr\/bin\/env bash<\/span>\r\n\r\nset<\/span> -e<\/span>\r\n\r\nPROJECT_ID<\/span>=<\/span>${<\/span>1<\/span>}<\/span>\r\nCLUSTER_NAME<\/span>=<\/span>${<\/span>2<\/span>}<\/span>\r\nCLUSTER_LOCATION<\/span>=<\/span>${<\/span>3<\/span>}<\/span>\r\n\r\nkubectl delete ns asm-system istio-system --ignore-not-found<\/span>\r\n\r\ngcloud container hub memberships unregister ${<\/span>CLUSTER_NAME<\/span>}<\/span> \\<\/span>\r\n  --project<\/span>=<\/span>${<\/span>PROJECT_ID<\/span>}<\/span> \\<\/span>\r\n  --gke-cluster<\/span>=<\/span>${<\/span>CLUSTER_LOCATION<\/span>}<\/span>\/${<\/span>CLUSTER_NAME<\/span>}<\/span>\r\n<\/code><\/pre>\n
\u6a21\u5757\/\u6c47\u7f16\u8bed\u8a00\/\u811a\u672c\/\u751f\u6210\u7f51\u683c.sh<\/h3>\n
\u8fd9\u662f\u4e00\u4e2a\u5b9a\u4e49\u4e86\u591a\u7c7b\u522b\u7f51\u683c\u521b\u5efa\u8fc7\u7a0b\u7684\u811a\u672c\u6587\u4ef6\u3002<\/p>\n
#!\/usr\/bin\/env bash<\/span>\r\n\r\nset<\/span> -e<\/span>\r\n\r\nPROJECT_ID<\/span>=<\/span>\"<\/span>${<\/span>1<\/span>}<\/span>\"<\/span>\r\nCLUSTER_1<\/span>=<\/span>\"<\/span>${<\/span>2<\/span>}<\/span>\"<\/span>\r\nCLUSTER_2<\/span>=<\/span>\"<\/span>${<\/span>3<\/span>}<\/span>\"<\/span>\r\n\r\ncurl https:\/\/storage.googleapis.com\/csm-artifacts\/asm\/asmcli ><\/span> asmcli\r\nchmod<\/span> +x asmcli\r\n\r\n.\/asmcli create-mesh ${<\/span>PROJECT_ID<\/span>}<\/span> ${<\/span>CLUSTER_1<\/span>}<\/span> ${<\/span>CLUSTER_2<\/span>}<\/span>\r\n<\/code><\/pre>\n
\u6a21\u5757\/\u6c47\u7f16\/\u6e05\u5355\/istio\u5165\u53e3\u7f51\u5173-pods\/*<\/h3>\n
\u4ee5\u4e0b\u662f Istio Ingress \u7f51\u5173\u5bb9\u5668\u7684 Kubernetes Manfiest \u6587\u4ef6\u3002\u5b83\u662f\u57fa\u4e8e\u5728 GitHub \u4e0a\u516c\u5f00\u7684\u4ee5\u4e0b\u793a\u4f8b\u8fdb\u884c\u6784\u5efa\u7684\u3002<\/p>\n
 <\/p>\n
apiVersion<\/span>:<\/span> v1<\/span>\r\nkind<\/span>:<\/span> Namespace<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> istio-system<\/span>\r\n  labels<\/span>:<\/span>\r\n    istio.io\/rev<\/span>:<\/span> asm-managed-stable<\/span>\r\n<\/code><\/pre>\n
apiVersion<\/span>:<\/span> apps\/v1<\/span>\r\nkind<\/span>:<\/span> Deployment<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> istio-ingressgateway<\/span>\r\n  namespace<\/span>:<\/span> istio-system<\/span>\r\nspec<\/span>:<\/span>\r\n  replicas<\/span>:<\/span> 3<\/span>\r\n  selector<\/span>:<\/span>\r\n    matchLabels<\/span>:<\/span>\r\n      app<\/span>:<\/span> istio-ingressgateway<\/span>\r\n      istio<\/span>:<\/span> ingressgateway<\/span>\r\n  template<\/span>:<\/span>\r\n    metadata<\/span>:<\/span>\r\n      annotations<\/span>:<\/span>\r\n        inject.istio.io\/templates<\/span>:<\/span> gateway<\/span>\r\n      labels<\/span>:<\/span>\r\n        app<\/span>:<\/span> istio-ingressgateway<\/span>\r\n        istio<\/span>:<\/span> ingressgateway<\/span>\r\n    spec<\/span>:<\/span>\r\n      containers<\/span>:<\/span>\r\n      -<\/span> name<\/span>:<\/span> istio-proxy<\/span>\r\n        image<\/span>:<\/span> auto<\/span>\r\n        resources<\/span>:<\/span>\r\n          limits<\/span>:<\/span>\r\n            cpu<\/span>:<\/span> 2000m<\/span>\r\n            memory<\/span>:<\/span> 1024Mi<\/span>\r\n          requests<\/span>:<\/span>\r\n            cpu<\/span>:<\/span> 100m<\/span>\r\n            memory<\/span>:<\/span> 128Mi<\/span>\r\n      serviceAccountName<\/span>:<\/span> istio-ingressgateway<\/span>\r\n---<\/span>\r\napiVersion<\/span>:<\/span> policy\/v1beta1<\/span>\r\nkind<\/span>:<\/span> PodDisruptionBudget<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> istio-ingressgateway<\/span>\r\n  namespace<\/span>:<\/span> istio-system<\/span>\r\nspec<\/span>:<\/span>\r\n  maxUnavailable<\/span>:<\/span> 1<\/span>\r\n  selector<\/span>:<\/span>\r\n    matchLabels<\/span>:<\/span>\r\n      istio<\/span>:<\/span> ingressgateway<\/span>\r\n      app<\/span>:<\/span> istio-ingressgateway<\/span>\r\n---<\/span>\r\napiVersion<\/span>:<\/span> autoscaling\/v2beta1<\/span>\r\nkind<\/span>:<\/span> HorizontalPodAutoscaler<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> istio-ingressgateway<\/span>\r\n  namespace<\/span>:<\/span> istio-system<\/span>\r\nspec<\/span>:<\/span>\r\n  maxReplicas<\/span>:<\/span> 5<\/span>\r\n  metrics<\/span>:<\/span>\r\n  -<\/span> resource<\/span>:<\/span>\r\n      name<\/span>:<\/span> cpu<\/span>\r\n      targetAverageUtilization<\/span>:<\/span> 80<\/span>\r\n    type<\/span>:<\/span> Resource<\/span>\r\n  minReplicas<\/span>:<\/span> 3<\/span>\r\n  scaleTargetRef<\/span>:<\/span>\r\n    apiVersion<\/span>:<\/span> apps\/v1<\/span>\r\n    kind<\/span>:<\/span> Deployment<\/span>\r\n    name<\/span>:<\/span> istio-ingressgateway<\/span>\r\n<\/code><\/pre>\n
apiVersion<\/span>:<\/span> v1<\/span>\r\nkind<\/span>:<\/span> ServiceAccount<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> istio-ingressgateway<\/span>\r\n  namespace<\/span>:<\/span> istio-system<\/span>\r\n<\/code><\/pre>\n
apiVersion<\/span>:<\/span> rbac.authorization.k8s.io\/v1<\/span>\r\nkind<\/span>:<\/span> Role<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> istio-ingressgateway<\/span>\r\n  namespace<\/span>:<\/span> istio-system<\/span>\r\nrules<\/span>:<\/span>\r\n-<\/span> apiGroups<\/span>:<\/span> [<\/span>\"<\/span>\"<\/span>]<\/span>\r\n  resources<\/span>:<\/span> [<\/span>\"<\/span>secrets\"<\/span>]<\/span>\r\n  verbs<\/span>:<\/span> [<\/span>\"<\/span>get\"<\/span>,<\/span> \"<\/span>watch\"<\/span>,<\/span> \"<\/span>list\"<\/span>]<\/span>\r\n---<\/span>\r\napiVersion<\/span>:<\/span> rbac.authorization.k8s.io\/v1<\/span>\r\nkind<\/span>:<\/span> RoleBinding<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> istio-ingressgateway<\/span>\r\n  namespace<\/span>:<\/span> istio-system<\/span>\r\nroleRef<\/span>:<\/span>\r\n  apiGroup<\/span>:<\/span> rbac.authorization.k8s.io<\/span>\r\n  kind<\/span>:<\/span> Role<\/span>\r\n  name<\/span>:<\/span> istio-ingressgateway<\/span>\r\nsubjects<\/span>:<\/span>\r\n-<\/span> kind<\/span>:<\/span> ServiceAccount<\/span>\r\n  name<\/span>:<\/span> istio-ingressgateway<\/span>\r\n<\/code><\/pre>\n
modules\/asm\/manifests\/istio-ingressgateway-services\/* \u7684\u4e2d\u6587\u672c\u5730\u5316\u91ca\u610f\u5982\u4e0b\uff1a<\/h3>\n
\u6a21\u5757\/ASM\/\u6e05\u5355\/Istio\u5165\u53e3\u7f51\u5173\u670d\u52a1\/*<\/p>\n
\u4ee5\u4e0b\u662f\u7528\u4e8e Istio Ingress \u7f51\u5173\u7684\u591a\u96c6\u7fa4 Ingress\/Service \u7684 Kubernetes \u914d\u7f6e\u6587\u4ef6\u3002<\/p>\n
apiVersion<\/span>:<\/span> networking.gke.io\/v1<\/span>\r\nkind<\/span>:<\/span> MultiClusterService<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> istio-ingressgateway<\/span>\r\n  namespace<\/span>:<\/span> istio-system<\/span>\r\n  annotations<\/span>:<\/span>\r\n    cloud.google.com\/backend-config<\/span>:<\/span> '<\/span>{\"default\":<\/span> \"ingress-backendconfig\"}'<\/span>\r\n  labels<\/span>:<\/span>\r\n    app<\/span>:<\/span> istio-ingressgateway<\/span>\r\n    istio<\/span>:<\/span> ingressgateway<\/span>\r\nspec<\/span>:<\/span>\r\n  template<\/span>:<\/span>\r\n    spec<\/span>:<\/span>\r\n      ports<\/span>:<\/span>\r\n      -<\/span> name<\/span>:<\/span> status-port<\/span>\r\n        port<\/span>:<\/span> 15021<\/span>\r\n        protocol<\/span>:<\/span> TCP<\/span>\r\n        targetPort<\/span>:<\/span> 15021<\/span>\r\n      -<\/span> name<\/span>:<\/span> http2<\/span>\r\n        port<\/span>:<\/span> 80<\/span>\r\n      -<\/span> name<\/span>:<\/span> https<\/span>\r\n        port<\/span>:<\/span> 443<\/span>\r\n      selector<\/span>:<\/span>\r\n        istio<\/span>:<\/span> ingressgateway<\/span>\r\n        app<\/span>:<\/span> istio-ingressgateway<\/span>\r\n<\/code><\/pre>\n
apiVersion<\/span>:<\/span> cloud.google.com\/v1<\/span>\r\nkind<\/span>:<\/span> BackendConfig<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> ingress-backendconfig<\/span>\r\n  namespace<\/span>:<\/span> istio-system<\/span>\r\nspec<\/span>:<\/span>\r\n  healthCheck<\/span>:<\/span>\r\n    requestPath<\/span>:<\/span> \/healthz\/ready<\/span>\r\n    port<\/span>:<\/span> 15021<\/span>\r\n    type<\/span>:<\/span> HTTP<\/span>\r\n<\/code><\/pre>\n
apiVersion<\/span>:<\/span> networking.gke.io\/v1beta1<\/span>\r\nkind<\/span>:<\/span> MultiClusterIngress<\/span>\r\nmetadata<\/span>:<\/span>\r\n  name<\/span>:<\/span> istio-ingressgateway<\/span>\r\n  namespace<\/span>:<\/span> istio-system<\/span>\r\n  labels<\/span>:<\/span>\r\n    app<\/span>:<\/span> istio-ingressgateway<\/span>\r\n    istio<\/span>:<\/span> ingressgateway<\/span>\r\nspec<\/span>:<\/span>\r\n  template<\/span>:<\/span>\r\n    spec<\/span>:<\/span>\r\n      backend<\/span>:<\/span>\r\n        serviceName<\/span>:<\/span> istio-ingressgateway<\/span>\r\n        servicePort<\/span>:<\/span> 80<\/span>\r\n<\/code><\/pre>\n
\u6211\u4e5f\u5c1d\u8bd5\u5199\u4e86\u4e00\u4e2a\u7528\u4e8e\u90e8\u7f72\u7684Cloud Build\u6d41\u6c34\u7ebf\uff0c\u4e0d\u8fc7\u3002\u3002\u3002<\/h1>\n
\u53ea\u9700\u8981\u6309\u987a\u5e8f\u6267\u884cterraform init\/plan\/apply\u547d\u4ee4\uff0c\u4f46\u5373\u4f7f\u662f\u591a\u4e48\u7b80\u5355\u7684\u547d\u4ee4\uff0c\u5982\u679c\u624b\u52a8\u64cd\u4f5c\u53ef\u80fd\u4f1a\u4ea7\u751f\u9519\u8bef\u3002\u56e0\u6b64\uff0c\u6211\u4eec\u5c06\u5176\u8fdb\u884c\u4e86\u6d41\u6c34\u7ebf\u5316\u3002\u6211\u4eec\u7684\u60f3\u6cd5\u662f\uff0c\u5f53\u6709\u5173\u4e8e\u73af\u5883\u540d\u79f0\u7684poc\u5206\u652f\u7684\u63a8\u9001\u65f6\uff0c\u5c31\u4f1a\u542f\u52a8\u3002<\/p>\n
\u867d\u7136\u539f\u672c\u5e94\u8be5\u4f7f\u7528\u8fd9\u4e2a\u7ba1\u9053\uff0c\u4f46\u4e0d\u5e78\u7684\u662f\uff0c\u5728Terraform\u5b98\u65b9Docker\u955c\u50cf\u4e0a\u8fd0\u884cTerraform\u516c\u5171asm\u5b50\u6a21\u5757v19.0.0\uff08\u6700\u65b0\u7248\uff09\u3001gcloud\u6a21\u5757\u548ckubectl-wrapper\u5b50\u6a21\u5757v3.1.0\uff08\u6700\u65b0\u7248\uff09\u4f1a\u5bfc\u81f4\u9519\u8bef\u3002\u8fd9\u975e\u5e38\u5fae\u5999\uff0c\u4f46\u5728\u8fd9\u4e2a\u793a\u4f8b\u4ee3\u7801\u4e2d\uff0c\u60a8\u9700\u8981\u81ea\u5b9a\u4e49Docker\u955c\u50cf\u6216\u653e\u5f03\u5e76\u624b\u52a8\u6267\u884c\uff08TT\uff09\u3002<\/p>\n
\u8bf7\u6ce8\u610f\uff0c\u5728\u7f16\u5199\u672c\u6587\u65f6\uff08\u622a\u81f32022\u5e741\u6708\u672b\uff09\uff0c\u5728Terraform\u5b98\u65b9Docker\u955c\u50cf\u4e2d\u8fd0\u884cTerraform\u5b98\u65b9asm\u5b50\u6a21\u5757v19.0.0\uff08\u6700\u65b0\u7248\uff09\u3001gcloud\u6a21\u5757\u548ckubectl-wrapper\u5b50\u6a21\u5757v3.1.0\uff08\u6700\u65b0\u7248\uff09\u5c06\u5bfc\u81f4\u9519\u8bef\u3002<\/div>\n
substitutions<\/span>:<\/span>\r\n  _TERRAFORM_VERSION<\/span>:<\/span> 1.1.4<\/span>\r\n\r\nsteps<\/span>:<\/span>\r\n  -<\/span> id<\/span>:<\/span> \"<\/span>terraform<\/span> init\"<\/span>\r\n    name<\/span>:<\/span> \"<\/span>hashicorp\/terraform:${_TERRAFORM_VERSION}\"<\/span>\r\n    entrypoint<\/span>:<\/span> \"<\/span>sh\"<\/span>\r\n    args<\/span>:<\/span>\r\n    -<\/span> \"<\/span>-cx\"<\/span>\r\n    -<\/span> |<\/span>\r\n      cd environments\/${BRANCH_NAME}<\/span>\r\n      terraform init -reconfigure<\/span>\r\n\r\n  -<\/span> id<\/span>:<\/span> \"<\/span>terraform<\/span> plan\"<\/span>\r\n    name<\/span>:<\/span> \"<\/span>hashicorp\/terraform:${_TERRAFORM_VERSION}\"<\/span>\r\n    entrypoint<\/span>:<\/span> \"<\/span>sh\"<\/span>\r\n    args<\/span>:<\/span>\r\n    -<\/span> \"<\/span>-cx\"<\/span>\r\n    -<\/span> |<\/span>\r\n      cd environments\/${BRANCH_NAME}<\/span>\r\n      terraform plan -var=\"project_id=${PROJECT_ID}\"<\/span>\r\n\r\n  -<\/span> id<\/span>:<\/span> \"<\/span>terraform<\/span> apply\"<\/span>\r\n    name<\/span>:<\/span> \"<\/span>hashicorp\/terraform:${_TERRAFORM_VERSION}\"<\/span>\r\n    entrypoint<\/span>:<\/span> \"<\/span>sh\"<\/span>\r\n    args<\/span>:<\/span>\r\n    -<\/span> \"<\/span>-cx\"<\/span>\r\n    -<\/span> |<\/span>\r\n      cd environments\/${BRANCH_NAME}<\/span>\r\n      terraform apply -auto-approve -var=\"project_id=${PROJECT_ID}\"<\/span>\r\n<\/code><\/pre>\n
module.asm.module.asm_tokyo.module.gcloud_kubectl.null_resource.additional_components[0]: Creating...\r\nmodule.asm.module.asm_tokyo.module.gcloud_kubectl.null_resource.additional_components[0]: Provisioning with 'local-exec'...\r\nmodule.asm.module.asm_tokyo.module.gcloud_kubectl.null_resource.additional_components[0] (local-exec): Executing: [\"\/bin\/sh\" \"-c\" \".terraform\/modules\/asm.asm_tokyo\/scripts\/check_components.sh gcloud kubectl\"]\r\nmodule.asm.module.asm_tokyo.module.gcloud_kubectl.null_resource.additional_components[0] (local-exec): \/bin\/sh: .terraform\/modules\/asm.asm_tokyo\/scripts\/check_components.sh: not found\r\n\u2577\r\n\u2502 Error: local-exec provisioner error\r\n\u2502 \r\n\u2502   with module.asm.module.asm_tokyo.module.gcloud_kubectl.null_resource.additional_components[0],\r\n\u2502   on .terraform\/modules\/asm.asm_tokyo\/main.tf line 174, in resource \"null_resource\" \"additional_components\":\r\n\u2502  174:   provisioner \"local-exec\" {\r\n\u2502 \r\n\u2502 Error running command\r\n\u2502 '.terraform\/modules\/asm.asm_tokyo\/scripts\/check_components.sh gcloud\r\n\u2502 kubectl': exit status 127. Output: \/bin\/sh:\r\n\u2502 .terraform\/modules\/asm.asm_tokyo\/scripts\/check_components.sh: not found\r\n\u2502 \r\n\u2575\r\n<\/code><\/pre>\n
\u7d42\u308f\u308a<\/h1>\n
\u9019\u6b21\u6211\u5011\u4f7f\u7528Terraform\u69cb\u5efa\u4e86GKE+ASM\u7684\u591a\u96c6\u7fa4\u7db2\u683c\u74b0\u5883\uff0c\u800c\u4e14\u7279\u5225\u4f7f\u7528\u4e86Terraform\u5b98\u65b9\u6a21\u584a\uff0c\u9019\u662f\u6211\u5011\u5e73\u6642\u4e26\u4e0d\u7d93\u5e38\u4f7f\u7528\u7684\uff0c\u5e0c\u671b\u5927\u5bb6\u80fd\u7d66\u4e88\u5bf6\u8cb4\u610f\u898b\u3002\u5982\u679c\u60a8\u6b63\u8003\u616e\u4f7f\u7528Terraform\u4f86\u69cb\u5efaASM\u74b0\u5883\uff0c\u4e0d\u59a8\u53c3\u8003\u4e00\u4e0b\u6211\u5011\u7684\u505a\u6cd5\u3002<\/p>\n
\u5c3d\u7ba1\u6211\u5df2\u7ecf\u7f16\u5199\u4e86\u793a\u4f8b\u4ee3\u7801\uff0c\u4f46\u4eceASM\u7684\u5f15\u5165\u5f00\u59cb\uff0c\u5b83\u53d8\u6210\u4e86\u4e00\u4e2a\u975e\u5e38\u56f0\u96be\u7684\u5b9e\u73b0\uff0c\u6211\u4e2a\u4eba\u8ba4\u4e3a\u5728\u76ee\u524d\u9636\u6bb5\u9664\u4e86Terraform\u4ee5\u5916\u7684\u5de5\u5177\u66f4\u597d\u7528\u3002\u603b\u4e4b\uff0c\u6211\u8ba4\u4e3a\u4f60\u5e94\u8be5\u660e\u767d\u8fd9\u53ea\u662f\u672c\u6587\u7684\u53c2\u8003\u610f\u89c1\uff0c\u5e0c\u671b\u4f60\u80fd\u8c05\u89e3\u3002<\/p>\n
\n
    \n
  • \n
      Google Cloud \u306f\u3001Google LLC \u306e\u5546\u6a19\u307e\u305f\u306f\u767b\u9332\u5546\u6a19\u3067\u3059\u3002<\/ul>\n<\/li>\n<\/ul>\n
       <\/p>\n
        \n
      • \n
          Terraform \u306f\u3001HashiCorp, Inc. \u306e\u7c73\u56fd\u304a\u3088\u3073\u305d\u306e\u4ed6\u306e\u56fd\u306b\u304a\u3051\u308b\u5546\u6a19\u307e\u305f\u306f\u767b\u9332\u5546\u6a19\u3067\u3059\u3002<\/ul>\n<\/li>\n<\/ul>\n
           <\/p>\n
            \u305d\u306e\u4ed6\u3001\u8a18\u8f09\u3055\u308c\u3066\u3044\u308b\u4f1a\u793e\u540d\u304a\u3088\u3073\u5546\u54c1\u30fb\u88fd\u54c1\u30fb\u30b5\u30fc\u30d3\u30b9\u540d\u306f\u3001\u5404\u793e\u306e\u5546\u6a19\u307e\u305f\u306f\u767b\u9332\u5546\u6a19\u3067\u3059\u3002<\/ul>\n","protected":false},"excerpt":{"rendered":"
            \u9996\u5148 \u5927\u5bb6\u597d\u3002\u4e4b\u524d\u6211\u5199\u4e86\u4e00\u7bc7\u6587\u7ae0\uff0c\u4e3b\u9898\u662f\u201c\u4f7f\u7528\u591a\u4e2a\u533a\u57df\u7684 GKE \u96c6\u7fa4\u548c Anthos Service Mes […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-49046","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n\u6211\u4f7f\u7528Terraform\u642d\u5efa\u4e86GKE+ASM\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u6211\u4f7f\u7528terraform\u642d\u5efa\u4e86gkeasm\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c\u3002\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u6211\u4f7f\u7528Terraform\u642d\u5efa\u4e86GKE+ASM\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c\" \/>\n<meta property=\"og:description\" content=\"\u9996\u5148 \u5927\u5bb6\u597d\u3002\u4e4b\u524d\u6211\u5199\u4e86\u4e00\u7bc7\u6587\u7ae0\uff0c\u4e3b\u9898\u662f\u201c\u4f7f\u7528\u591a\u4e2a\u533a\u57df\u7684 GKE \u96c6\u7fa4\u548c Anthos Service Mes […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u6211\u4f7f\u7528terraform\u642d\u5efa\u4e86gkeasm\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c\u3002\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-24T22:04:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-29T19:01:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d88e1913a08637a6c444e\/5-0.png\" \/>\n<meta name=\"author\" content=\"\u79d1, \u96c5\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u79d1, \u96c5\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/\",\"name\":\"\u6211\u4f7f\u7528Terraform\u642d\u5efa\u4e86GKE+ASM\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2022-12-24T22:04:35+00:00\",\"dateModified\":\"2024-04-29T19:01:49+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/41e222757cdd2a3365361328bd79970a\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u6211\u4f7f\u7528Terraform\u642d\u5efa\u4e86GKE+ASM\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/41e222757cdd2a3365361328bd79970a\",\"name\":\"\u79d1, \u96c5\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1b2d3e00a7df03689797ebd4af8c5827ba5af936849a71050ec331f4cf902c5d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1b2d3e00a7df03689797ebd4af8c5827ba5af936849a71050ec331f4cf902c5d?s=96&d=mm&r=g\",\"caption\":\"\u79d1, \u96c5\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/keya\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u6211\u4f7f\u7528Terraform\u642d\u5efa\u4e86GKE+ASM\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u6211\u4f7f\u7528terraform\u642d\u5efa\u4e86gkeasm\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c\u3002\/","og_locale":"zh_CN","og_type":"article","og_title":"\u6211\u4f7f\u7528Terraform\u642d\u5efa\u4e86GKE+ASM\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c","og_description":"\u9996\u5148 \u5927\u5bb6\u597d\u3002\u4e4b\u524d\u6211\u5199\u4e86\u4e00\u7bc7\u6587\u7ae0\uff0c\u4e3b\u9898\u662f\u201c\u4f7f\u7528\u591a\u4e2a\u533a\u57df\u7684 GKE \u96c6\u7fa4\u548c Anthos Service Mes […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u6211\u4f7f\u7528terraform\u642d\u5efa\u4e86gkeasm\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c\u3002\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2022-12-24T22:04:35+00:00","article_modified_time":"2024-04-29T19:01:49+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d88e1913a08637a6c444e\/5-0.png"}],"author":"\u79d1, \u96c5","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u79d1, \u96c5","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"12 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/","name":"\u6211\u4f7f\u7528Terraform\u642d\u5efa\u4e86GKE+ASM\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2022-12-24T22:04:35+00:00","dateModified":"2024-04-29T19:01:49+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/41e222757cdd2a3365361328bd79970a"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u6211\u4f7f\u7528Terraform\u642d\u5efa\u4e86GKE+ASM\u7684\u591a\u96c6\u7fa4\u7f51\u683c\u73af\u5883\u8bd5\u9a8c"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/41e222757cdd2a3365361328bd79970a","name":"\u79d1, \u96c5","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/1b2d3e00a7df03689797ebd4af8c5827ba5af936849a71050ec331f4cf902c5d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1b2d3e00a7df03689797ebd4af8c5827ba5af936849a71050ec331f4cf902c5d?s=96&d=mm&r=g","caption":"\u79d1, \u96c5"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/keya\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e6%88%91%e4%bd%bf%e7%94%a8terraform%e6%90%ad%e5%bb%ba%e4%ba%86gkeasm%e7%9a%84%e5%a4%9a%e9%9b%86%e7%be%a4%e7%bd%91%e6%a0%bc%e7%8e%af%e5%a2%83%e8%af%95%e9%aa%8c%e3%80%82\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/49046","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=49046"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/49046\/revisions"}],"predecessor-version":[{"id":89285,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/49046\/revisions\/89285"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=49046"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=49046"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=49046"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}