我正在尝试创建一个后端存储桶来为区域子网后面的网站提供服务。但是,它似乎不起作用。这是我的 Terraform 配置。
resource "random_id" "bucket_prefix" {
byte_length = 8
}
resource "google_storage_bucket" "static_site" {
name = "${var.name}-${random_id.bucket_prefix.hex}-${var.environment}"
project = var.project_id
location = "us-east4"
force_destroy = true
uniform_bucket_level_access = false
public_access_prevention = "enforced"
storage_class = "STANDARD"
website {
main_page_suffix = "index.html"
}
versioning {
enabled = true
}
cors {
origin = ["*"]
method = ["GET"]
response_header = ["*"]
max_age_seconds = 3600
}
}
resource "google_compute_global_address" "default" {
project = var.project_id
name = "${var.name}-address-${var.environment}"
ip_version = "IPV4"
}
resource "google_dns_record_set" "default" {
project = var.project_id
name = "${var.name}.${var.zone}"
type = "A"
ttl = 300
managed_zone = var.zone
rrdatas = [google_compute_global_address.default.address]
}
resource "google_compute_backend_bucket" "default" {
project = var.project_id
name = "${var.name}-backend-bucket-${var.environment}"
description = "The back end bucket for the ${var.name} web app."
bucket_name = google_storage_bucket.static_site.name
}
resource "google_compute_region_url_map" "default" {
project = var.project_id
region = "us-east4"
name = "${var.name}-url-map-${var.environment}"
default_service = google_compute_backend_bucket.default.id
depends_on = [google_compute_backend_bucket.default]
}
resource "google_compute_region_target_https_proxy" "default" {
project = var.project_id
name = var.name
region = "us-east4"
url_map = google_compute_region_url_map.default.self_link
ssl_certificates = ["https://www.googleapis.com/compute/v1/projects/${var.project_id}/regions/us-east4/sslCertificates/${var.ssl_certificate}"]
}
resource "google_compute_forwarding_rule" "default" {
project = var.project_id
name = "${var.name}-forwarding-rule-${var.environment}"
load_balancing_scheme = "INTERNAL_MANAGED"
region = "us-east4"
ip_protocol = "TCP"
port_range = "443"
target = google_compute_region_target_https_proxy.default.self_link
network = data.google_compute_network.gcp_network.self_link
subnetwork = "projects/NETWORK_PROJECT_ID/regions/us-east4/subnetworks/SUBNET_NAME"
}
当我查看 TF Plan 时,后端存储桶的路径似乎是正确的:
+ resource "google_compute_region_url_map" "default" {
+ creation_timestamp = (known after apply)
+ default_service = "projects/MY_PROJECT_ID/global/backendBuckets/${var.name}-backend-bucket-${var.environment}"
+ fingerprint = (known after apply)
+ id = (known after apply)
+ map_id = (known after apply)
+ name = "NAME"
+ project = "MY_PROJECT_ID"
+ region = "us-east4"
+ self_link = (known after apply)
}
但是,当我运行 TF Apply 时,我收到错误,因为后端存储桶的路径似乎发生了变化:
│ Error: Error creating RegionUrlMap: googleapi: Error 404: The resource 'projects/MY_PROJECT_ID/regions/us-east4/backendServices/${var.name}-backend-bucket-${var.environment}' was not found, notFound
我想做的就是在私有子网后面托管一个静态站点,因此只能通过我的 VPN 访问它。我确实联系了 GCP 支持人员,他们唯一告诉我的是这个
这是因为区域内部应用程序负载均衡器 [1] 不支持后端存储桶。您可以在此处参考有关内部应用程序负载均衡器在每种模式下支持的后端功能的信息 [2]。
除此之外他们不会帮助我。
总而言之,我只有两个问题:
简单说明一下,我无法使用 Cloud Run 或 Cloud Functions,因为我的公司已锁定这些服务。
谢谢!
对于其他为此苦苦挣扎的人,我有一个答案,但不是一个很好的答案。我联系了谷歌支持,归根结底是GCP不支持这个。如果你想要一个后端存储桶,它必须是全局的。没有真正的方法可以为单个区域中的存储桶提供流量。解决方法是在计算引擎实例中托管 Nginx 代理。希望 GCP 尽快支持此工作流程。