google-cloud-platform - 如何添加 `default-allow-http`

Question

如何添加default-allow-http地形脚本中的防火墙规则到谷歌云计算实例？

provider "google" {
    credentials = file("CREDENTIAL_FILE")
    project = "gitlab-project"
    region = var.region
}

resource "google_compute_instance" "gitlab" {
  name          = var.machine_specs.name
  machine_type  = var.machine_type.emicro
  zone          = var.zone

  boot_disk {
    initialize_params {
        image = var.machine_specs.os
        size = var.machine_specs.size
    }
  }

  network_interface {
    # A default network is created for all GCP projects
    network     = "default"
    access_config {
      nat_ip = google_compute_address.static.address
    }
  }

    // Add the SSH key
    metadata = {
        ssh-keys = "martin:${file("~/.ssh/id_rsa.pub")}"
    }

}

// A variable for extracting the external ip of the instance
output "ip" {
 value = "${google_compute_instance.gitlab.network_interface.0.access_config.0.nat_ip}"
}

resource "google_compute_address" "static" {
  name = "ipv4-address"
  address_type = "EXTERNAL"
  address = "XXX.XXX.XXX.XXX"
}

resource "google_compute_firewall" "allow-http" {
  name = "default-allow-http"
  network = 

  allow{
    protocol = "tcp"
    ports = ["80"]
  }
}

Answer 1

您可以使用 tags参数在 google_compute_instance 中可用资源。

它看起来像:

resource "google_compute_instance" "gitlab" {
  name          = var.machine_specs.name
  machine_type  = var.machine_type.emicro
  zone          = var.zone

  tags = ["http-server"]

http-server标签适用于 default-allow-http防火墙规则。
如果您需要 default-allow-https然后简单地附加 https-server到标签列表。

希望这可以帮助。