main.tf
3.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# 查询由 K8s 创建的 NLB
data "aws_lb" "user_mgmt_nlb" {
name = "user-mgmt-nlb" # 这正好是您在 AWS CLI 中看到的名称
}
# 创建 REST API Gateway
resource "aws_api_gateway_rest_api" "user_management" {
name = "user-management-api"
description = "API Gateway for Spring Boot User Management Application"
endpoint_configuration {
types = ["REGIONAL"]
}
}
# 创建代理资源,捕获所有路径
resource "aws_api_gateway_resource" "proxy" {
rest_api_id = aws_api_gateway_rest_api.user_management.id
parent_id = aws_api_gateway_rest_api.user_management.root_resource_id
path_part = "{proxy+}"
}
# 为代理资源创建 ANY 方法
resource "aws_api_gateway_method" "proxy" {
rest_api_id = aws_api_gateway_rest_api.user_management.id
resource_id = aws_api_gateway_resource.proxy.id
http_method = "ANY"
authorization = "NONE"
request_parameters = {
"method.request.path.proxy" = true
}
}
# 为根路径创建方法
resource "aws_api_gateway_method" "root" {
rest_api_id = aws_api_gateway_rest_api.user_management.id
resource_id = aws_api_gateway_rest_api.user_management.root_resource_id
http_method = "ANY"
authorization = "NONE"
}
# 创建与 K8s NLB 的集成 - 代理路径
resource "aws_api_gateway_integration" "k8s_integration" {
rest_api_id = aws_api_gateway_rest_api.user_management.id
resource_id = aws_api_gateway_resource.proxy.id
http_method = aws_api_gateway_method.proxy.http_method
integration_http_method = "ANY"
type = "HTTP_PROXY"
uri = "http://${data.aws_lb.user_mgmt_nlb.dns_name}/{proxy}"
request_parameters = {
"integration.request.path.proxy" = "method.request.path.proxy"
}
}
# 创建与 K8s NLB 的集成 - 根路径
resource "aws_api_gateway_integration" "root_integration" {
rest_api_id = aws_api_gateway_rest_api.user_management.id
resource_id = aws_api_gateway_rest_api.user_management.root_resource_id
http_method = aws_api_gateway_method.root.http_method
integration_http_method = "ANY"
type = "HTTP_PROXY"
uri = "http://${data.aws_lb.user_mgmt_nlb.dns_name}/"
}
# 创建部署
resource "aws_api_gateway_deployment" "deployment" {
depends_on = [
aws_api_gateway_integration.k8s_integration,
aws_api_gateway_integration.root_integration
]
rest_api_id = aws_api_gateway_rest_api.user_management.id
triggers = {
redeployment = sha1(jsonencode([
aws_api_gateway_resource.proxy.id,
aws_api_gateway_method.proxy.id,
aws_api_gateway_method.root.id,
aws_api_gateway_integration.k8s_integration.id,
aws_api_gateway_integration.root_integration.id
]))
}
lifecycle {
create_before_destroy = true
}
}
# 创建阶段
resource "aws_api_gateway_stage" "prod" {
deployment_id = aws_api_gateway_deployment.deployment.id
rest_api_id = aws_api_gateway_rest_api.user_management.id
stage_name = "prod"
}
# 输出重要信息
output "nlb_dns_name" {
description = "K8s 创建的 NLB 的 DNS 名称"
value = data.aws_lb.user_mgmt_nlb.dns_name
}
output "nlb_arn" {
description = "NLB 的 ARN"
value = data.aws_lb.user_mgmt_nlb.arn
}
output "api_gateway_invoke_url" {
description = "API Gateway 调用 URL"
value = "${aws_api_gateway_stage.prod.invoke_url}/"
}
output "api_gateway_id" {
description = "API Gateway ID"
value = aws_api_gateway_rest_api.user_management.id
}