私有端点的动态部署
Posted
技术标签:
【中文标题】私有端点的动态部署【英文标题】:Dynamic deployment of Private endpoint 【发布时间】:2021-05-21 05:16:09 【问题描述】:我正在尝试开发一个模块,如果变量 DeployPrivateEndpoint == true 将部署私有端点,如果为 false 则不会部署。
我目前有以下代码:
resource "azurerm_container_registry" "ACR"
count = length(var.ACR_Name)
name = var.ACR_Name[count.index]
resource_group_name = var.resourcegroup_name
location = var.location
sku = var.ACR_Sku
admin_enabled = var.ACR_AdminEnabled
georeplication_locations = var.ACR_GeoRepLocation
resource "azurerm_private_dns_zone" "PDZ"
count = var.DeployPrivateEndpoint == true ? 1 : 0
name = "privatelink.azurecr.io"
resource_group_name = var.resourcegroup_name
resource "azurerm_private_endpoint" "PEP"
count = var.DeployPrivateEndpoint == true ? length(var.PEP_Name) : 0
name = var.PEP_Name[count.index]
location = var.location
resource_group_name = var.resourcegroup_name
subnet_id = element(concat(var.subnet_id[*], [""]), count.index)
private_dns_zone_group
name = "private-dns-zone-group"
private_dns_zone_ids = element(concat(azurerm_private_dns_zone.PDZ.*.id, [""]), count.index)
private_service_connection
name = var.PEP_Name[count.index]
private_connection_resource_id = element(concat(azurerm_container_registry.ACR.*.id, [""]), count.index)
subresource_names = [ "registry" ]
is_manual_connection = false
如果变量的值为 false,此时代码只会在 private_dns_zone_group 处崩溃。 Terraform 预计将给出 private_dns_zone_ids,但由于变量设置为 false,因此未创建它。我收到以下错误:
错误:索引无效
在 .terraform\modules\containerRegistry\outputs.tf 第 10 行,在 输出“ACR_PDZID”:10:值 = azurerm_private_dns_zone.PDZ.0.id |---------------- | azurerm_private_dns_zone.PDZ 是空元组
感谢任何帮助!
编辑:
通过如下所示的 main 调用模块:
terraform
required_version = ">= 0.13"
required_providers
azurerm =
source = "hashicorp/azurerm"
version = "2.47.0"
provider "azurerm"
subscription_id = "****"
client_id = "****"
client_secret = "*****"
tenant_id = "*****"
features
module "ResourceGroups"
source = "git::https://***@dev.azure.com/***/AzureTerraformModules/_git/ResourceGroup"
location = var.location
RG_Name = var.RG_Name
module "VirtualNetwork"
source = "git::https://***@dev.azure.com/***/AzureTerraformModules/_git/VirtualNetwork"
resourcegroup_name = module.ResourceGroups.RG_Name[0]
location = var.location
VNET_Name = var.vnet_name
VNET_Cidr = var.vnet_cidr
module "Subnet"
source = "git::https://***@dev.azure.com/***/AzureTerraformModules/_git/Subnet"
resourcegroup_name = module.ResourceGroups.RG_Name[0]
location = var.location
VNET_name = module.VirtualNetwork.VNET_Name[0]
SNET_cidr = var.subnet_cidr
SNET_name = var.subnet_names
module "containerRegistry"
source = "git::https://***@dev.azure.com/***/AzureTerraformModules/_git/ContainerRegistry"
resourcegroup_name = module.ResourceGroups.RG_Name[0]
location = var.location
subnet_id = module.Subnet.SNET_ID
PEP_Name = ["****", "*****"]
ACR_Name = ["****", "*****" ]
ACR_Sku = "Premium"
DeployPrivateEndpoint = false
模块中的 output.tf 文件如下所示:
output "ACR_ID"
value = azurerm_container_registry.ACR.*.id
output "ACR_LoginServer"
value = azurerm_container_registry.ACR.*.login_server
output "ACR_PDZID"
value = azurerm_private_dns_zone.PDZ.0.id
output "ACR_PEPID"
value = azurerm_private_endpoint.PEP.*.id
【问题讨论】:
你能分享你的 output.tf 文件吗? 我用调用模块的 main.tf 和模块的 outputs.tf 编辑了我的帖子 您是否尝试过调整您的输出(0 到*)? output "ACR_PDZID" value = azurerm_private_dns_zone.PDZ.*.id
我多么愚蠢,我自己应该知道的......谢谢!
【参考方案1】:
您应该稍微调整一下您的 ACR_PDZID 输出,将 0 更改为 *
output "ACR_PDZID" 应如下所示:
output "ACR_PDZID"
value = azurerm_private_dns_zone.PDZ.*.id
【讨论】:
以上是关于私有端点的动态部署的主要内容,如果未能解决你的问题,请参考以下文章