问题描述
可以在此模板中进行哪些更改,以便此模板适用于所有场景。对于 1 AZ 和 Privatesubnets:False,对于 1 AZ 和 Privatesubnets:True,对于 2 AZ 和 Privatesubnets:False 和对于 AZ 和 Privatesubnets:True
---
AWstemplateFormatVersion: '2010-09-09'
Description: 'Amazon EKS Sample VPC - Private and Public subnets'
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
-
Label:
default: "Worker Network Configuration"
Parameters:
- VpcCidr
- Publicsubnet01Block
- Publicsubnet02Block
- Privatesubnet01Block
- Privatesubnet02Block
- NumberOfAZs
- Privatesubnets
Parameters:
Privatesubnets:
Type: String
AllowedValues:
- True
- False
Default: True
Description: Do you want to create private subnets in addition to public subnets?
NumberOfAZs:
Type: Number
AllowedValues:
- 1
- 2
- 3
Default: 1
Description: How many Availability Zones do you wish to utilize?
VpcCidr:
Type: String
Default: 192.168.0.0/16
AllowedValues:
- 10.0.0.0/16
- 192.168.0.0/16
Description: The CIDR range for the VPC. This should be a valid private (RFC 1918) CIDR range.
Conditions:
BuildPublic02: !Not [ !Equals [ !Ref NumberOfAZs,1 ]]
BuildPrivatesubnets: !Equals [ !Ref Privatesubnets,True ]
BuildPrivate01: !Equals [ !Ref Privatesubnets,True ] # Can't determine how to build a condition from a separate single condition
BuildPrivate02: !And [ Condition: BuildPrivatesubnets,Condition: BuildPublic02 ]
Resources:
VPC:
Type: AWS::EC2::VPC
Properties:
CidrBlock: !Ref VpcCidr
EnablednsSupport: true
EnablednsHostnames: true
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-VPC'
InternetGateway:
Type: "AWS::EC2::InternetGateway"
VPCGatewayAttachment:
Type: "AWS::EC2::VPCGatewayAttachment"
Properties:
InternetGatewayId: !Ref InternetGateway
VpcId: !Ref VPC
PublicRouteTable:
Type: AWS::EC2::RouteTable
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Public subnets
- Key: Network
Value: Public
PrivateRouteTable01:
Type: AWS::EC2::RouteTable
Condition: BuildPrivate01
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Private subnet AZ1
- Key: Network
Value: Private01
PrivateRouteTable02:
Type: AWS::EC2::RouteTable
Condition: BuildPrivate02
Properties:
VpcId: !Ref VPC
Tags:
- Key: Name
Value: Private subnet AZ2
- Key: Network
Value: Private02
PublicRoute:
DependsOn: VPCGatewayAttachment
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PublicRouteTable
DestinationCidrBlock: 0.0.0.0/0
GatewayId: !Ref InternetGateway
PrivateRoute01:
Condition: BuildPrivate01
DependsOn:
- VPCGatewayAttachment
- NatGateway01
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable01
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway01
PrivateRoute02:
Condition: BuildPrivate02
DependsOn:
- VPCGatewayAttachment
- NatGateway02
Type: AWS::EC2::Route
Properties:
RouteTableId: !Ref PrivateRouteTable02
DestinationCidrBlock: 0.0.0.0/0
NatGatewayId: !Ref NatGateway02
NatGateway01:
Condition: BuildPrivate01
DependsOn:
- NatGatewayEIP1
- Publicsubnet01
- VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt 'NatGatewayEIP1.AllocationId'
subnetId: !Ref Publicsubnet01
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-NatGatewayAZ1'
NatGateway02:
Condition: BuildPrivate02
DependsOn:
- NatGatewayEIP2
- Publicsubnet02
- VPCGatewayAttachment
Type: AWS::EC2::NatGateway
Properties:
AllocationId: !GetAtt 'NatGatewayEIP2.AllocationId'
subnetId: !Ref Publicsubnet02
Tags:
- Key: Name
Value: !Sub '${AWS::StackName}-NatGatewayAZ2'
NatGatewayEIP1:
Condition: BuildPrivate01
DependsOn:
- VPCGatewayAttachment
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
NatGatewayEIP2:
Condition: BuildPrivate02
DependsOn:
- VPCGatewayAttachment
Type: 'AWS::EC2::EIP'
Properties:
Domain: vpc
Publicsubnet01:
Type: AWS::EC2::subnet
Metadata:
Comment: subnet 01
Properties:
MapPublicIpOnLaunch: true
AvailabilityZone:
Fn::Select:
- '0'
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: !Select [ 0,!Cidr [ !GetAtt VPC.CidrBlock,4,12 ]]
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-Publicsubnet01"
- Key: kubernetes.io/role/elb
Value: 1
Publicsubnet02:
Type: AWS::EC2::subnet
Condition: BuildPublic02
Metadata:
Comment: subnet 02
Properties:
MapPublicIpOnLaunch: true
AvailabilityZone:
Fn::Select:
- '1'
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: !Select [ 1,12 ]]
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-Publicsubnet02"
- Key: kubernetes.io/role/elb
Value: 1
Privatesubnet01:
Type: AWS::EC2::subnet
Condition: BuildPrivate01
Metadata:
Comment: subnet 01
Properties:
AvailabilityZone:
Fn::Select:
- '0'
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: !Select [ 2,12 ]]
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-Privatesubnet01"
- Key: kubernetes.io/role/internal-elb
Value: 1
Privatesubnet02:
Type: AWS::EC2::subnet
Condition: BuildPrivate02
Metadata:
Comment: Private subnet 02
Properties:
AvailabilityZone:
Fn::Select:
- '1'
- Fn::GetAZs:
Ref: AWS::Region
CidrBlock: !Select [ 3,12 ]]
VpcId:
Ref: VPC
Tags:
- Key: Name
Value: !Sub "${AWS::StackName}-Privatesubnet02"
- Key: kubernetes.io/role/internal-elb
Value: 1
Publicsubnet01RouteTableAssociation:
Type: AWS::EC2::subnetRouteTableAssociation
Properties:
subnetId: !Ref Publicsubnet01
RouteTableId: !Ref PublicRouteTable
Publicsubnet02RouteTableAssociation:
Type: AWS::EC2::subnetRouteTableAssociation
Condition: BuildPublic02
Properties:
subnetId: !Ref Publicsubnet02
RouteTableId: !Ref PublicRouteTable
Privatesubnet01RouteTableAssociation:
Type: AWS::EC2::subnetRouteTableAssociation
Condition: BuildPrivate01
Properties:
subnetId: !Ref Privatesubnet01
RouteTableId: !Ref PrivateRouteTable01
Privatesubnet02RouteTableAssociation:
Type: AWS::EC2::subnetRouteTableAssociation
Condition: BuildPrivate02
Properties:
subnetId: !Ref Privatesubnet02
RouteTableId: !Ref PrivateRouteTable02
ControlPlanesecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Cluster communication with worker nodes
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 0
ToPort: 65535
CidrIp: 0.0.0.0/0
VpcId: !Ref VPC
Outputs:
subnetIds:
Description: Private subnets IDs in the VPC
Condition: BuildPublic02
Condition: BuildPrivatesubnets
Condition: BuildPrivate01
Condition: BuildPrivate02
Value: !Join [ ",",[ !Ref Publicsubnet01,!Ref Publicsubnet02,!Ref Privatesubnet01,!Ref Privatesubnet02 ] ]
PublicsubnetIds:
Condition: BuildPublic02
Description: Public subnets IDs in the VPC
Value: !Join [ ",!Ref Publicsubnet02 ] ]
PrivatesubnetIds:
Description: Public subnets IDs in the VPC
Condition: BuildPrivatesubnets
Condition: BuildPrivate01
Condition: BuildPrivate02
Value: !Join [ ",[ !Ref Privatesubnet01,!Ref Privatesubnet02 ] ]
SecurityGroups:
Description: Security group for the cluster control plane communication with worker nodes
Value: !Join [ ",[ !Ref ControlPlanesecurityGroup ] ]
VpcId:
Description: The VPC Id
Value: !Ref VPC
This template is working fine when the parameters chosen are 2AZs and Privatesubnets: True where as for other parameters this template isn't working fine,the outputs are not being generated as expected. 可以进行哪些必要的更改以使其适用于所有类型的参数?
解决方法
Output 部分应如下所示。另请注意,您的模板仅适用于 1 和 2 个可用区,而不适用于 NumberOfAZs 参数中的 3 个可用区。所以你也可以改变它:
NumberOfAZs:
Type: Number
AllowedValues: [1,2]
Default: 1
Description: How many Availability Zones do you wish to utilize?
还有Outputs:
Outputs:
SubnetIds:
Description: All Subnets IDs in the VPC
Value:
!Join
- ","
- - !Ref PublicSubnet01
- !If [BuildPublic02,!Ref PublicSubnet02,!Ref "AWS::NoValue"]
- !If [BuildPrivate01,!Ref PrivateSubnet01,!Ref "AWS::NoValue"]
- !If [BuildPrivate02,!Ref PrivateSubnet02,!Ref "AWS::NoValue"]
PublicSubnetIds:
Description: Public Subnets IDs in the VPC
Value:
!Join
- ",!Ref "AWS::NoValue"]
PrivateSubnetIds:
Description: Private Subnets IDs in the VPC
Condition: BuildPrivateSubnets
Value:
!Join
- ","
- - !Ref PrivateSubnet01
- !If [BuildPrivate02,!Ref "AWS::NoValue"]
SecurityGroups:
Description: Security group for the cluster control plane communication with worker nodes
Value: !Join [ ",",[ !Ref ControlPlaneSecurityGroup ] ]
VpcId:
Description: The VPC Id
Value: !Ref VPC