尝试使用 Terraform 部署 Azure 容器应用程序时,遇到错误消息:
由于以下原因,目前无法从容器应用程序中删除机密: 容器应用服务中的限制。请参见 https://github.com/microsoft/azure-container-apps/issues/395 了解更多 详细信息。
尽管没有尝试直接修改任何机密,但我无法继续部署。他们在这里提到的已关闭问题似乎与该问题有关。但没有多大帮助。这也是在没有对代码进行任何更改的情况下突然开始发生的事情。
我正在使用 terraform 版本 - 3.101.0
resource "azurerm_container_app" "container_app" {
name = var.app_name
container_app_environment_id = var.ca_environment
resource_group_name = var.resource_group_name
revision_mode = "Single"
ingress {
external_enabled = true
target_port = var.port
traffic_weight {
percentage = 100
latest_revision = true
}
}
secret {
name = "container-registry-password"
value = var.registry_credentials.registry_key
}
registry {
server = var.registry_credentials.registry_server_url
username = var.registry_credentials.registry_username
password_secret_name = "container-registry-password"
}
template {
container {
name = "app-container"
image = "${var.registry_credentials.registry_server_url}/${var.image_name}:latest"
cpu = 1
memory = "2Gi"
dynamic "env" {
for_each = var.configs
content {
name = env.value.name
value = env.value.value
}
}
liveness_probe {
transport = "HTTP"
path = var.liveness_path
port = var.port
initial_delay = 30
interval_seconds = 30
timeout = 15
failure_count_threshold = 3
}
}
min_replicas = 1
max_replicas = 3
}
}
如何解决这个问题?
尝试使用 Terraform 部署 Azure 容器应用程序时,我遇到错误消息: 由于容器应用服务的限制,目前无法从容器应用中删除机密。
上述错误通常是由于删除现有密钥或将
AD authentication
添加到容器应用程序而发生的。
或者,您还可以使用
用户身份方法创建
container app
部署。
这是带有用户身份方法的更新后的 terraform 代码。
注意:请确保您具有角色分配访问权限,以便将 acrpull 角色分配给用户分配的身份。
provider "azurerm" {
features {}
}
data "azurerm_resource_group" "example" {
name = "RG-Name"
}
data "azurerm_container_registry" "acr" {
name = "arkoacr"
resource_group_name = "RG-Name"
}
resource "azurerm_user_assigned_identity" "containerapp" {
location = data.azurerm_resource_group.example.location
name = "containerappmi"
resource_group_name = data.azurerm_resource_group.example.name
}
resource "azurerm_role_assignment" "containerapp" {
scope = data.azurerm_container_registry.acr.id
role_definition_name = "acrpull"
principal_id = azurerm_user_assigned_identity.containerapp.principal_id
depends_on = [
azurerm_user_assigned_identity.containerapp
]
}
resource "azurerm_container_app_environment" "example" {
name = "container-Environment1"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
}
resource "azurerm_container_app" "container_app" {
name = "demo-container"
container_app_environment_id = azurerm_container_app_environment.example.id
resource_group_name = data.azurerm_resource_group.example.name
revision_mode = "Single"
ingress {
external_enabled = true
target_port = 5000
traffic_weight {
percentage = 100
latest_revision = true
}
}
identity {
type = "UserAssigned"
identity_ids = [azurerm_user_assigned_identity.containerapp.id]
}
registry {
server = data.azurerm_container_registry.acr.login_server
identity = azurerm_user_assigned_identity.containerapp.id
}
template {
container {
name = "app-container"
image = "${data.azurerm_container_registry.acr.login_server}/sample/hello-world:v1"
cpu = 1
memory = "2Gi"
liveness_probe {
transport = "HTTP"
path = ""
port = 5000
initial_delay = 30
interval_seconds = 30
timeout = 15
failure_count_threshold = 3
}
}
min_replicas = 1
max_replicas = 3
}
}
Terraform 应用:
运行 terraform 代码后,已使用现有注册表映像成功创建了容器应用程序。