Terraform 无法创建 Azure 容器实例,因为图像不可访问
Terraform fails to create Azure Container Instance because the image is inaccessible
在我的 main.tf 中,我有以下资源;
resource "azurerm_container_group" "auth_container_group" {
name = "foocg"
location = "UK South"
resource_group_name = "foorg"
ip_address_type = "public"
dns_name_label = "fooapi"
os_type = "Linux"
image_registry_credential {
username = "foo"
password = "notMyRealPassword"
server = "foo.azurecr.io"
}
container {
name = "foo"
image = "foo:${var.imagebuild}" //also tried "foo.azurecr.io/foo:${var.imagebuild}"
cpu = "1"
memory = "1"
ports {
port = 80
protocol = "TCP"
}
}
}
我在 Azure Devops 中构建了一个 CD 管道。如果我使用 public 图像存储库,则会创建资源并且我可以查看我的 api,构建成功。一旦我切换到私有存储库,我就会在管道输出日志中收到以下错误;
Error: creating/updating Container Group: (Name "foocg" / Resource
Group "foorg"):
containerinstance.ContainerGroupsClient#CreateOrUpdate: Failure
sending request: StatusCode=400 -- Original Error:
Code="InaccessibleImage" Message="The image 'foo:417' in container
group 'foocg' is not accessible. Please check the image and
registry credential.
我试过使用私有 docker 集线器注册表和 Azure 容器注册表,后者我已启用管理员用户以获取登录详细信息。
任何人都可以建议我可能做错了什么以及我可以做些什么来解决这个问题吗?
我在我的环境中使用您的代码进行了测试,但遇到了同样的错误。
要解决此问题,请使用以下代码(在 images Section 处更改了代码)
main.tf
provider "azurerm" {
features{}
}
data "azurerm_resource_group" "example" {
name = "X-raXXXX-XXX"
}
resource "azurerm_container_group" "auth_container_group" {
name = "containergroupfooog"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
ip_address_type = "public"
dns_name_label = "aci-label798"
os_type = "Linux"
image_registry_credential {
username = "TestMyAcr90"
password = "OFfxXXXXXXXXX351XXhl6"
server = "testmyacr90.azurecr.io"
}
container {
name = "sidecar"
image = "${var.imagebuild}"
cpu = "1"
memory = "1"
ports {
port = 80
protocol = "TCP"
}
}
}
variable.tf
variable "imagebuild" {
description = "Repository"
default = "testmyacr90.azurecr.io/my_nginx:latest"
}
Output--
在我的 main.tf 中,我有以下资源;
resource "azurerm_container_group" "auth_container_group" {
name = "foocg"
location = "UK South"
resource_group_name = "foorg"
ip_address_type = "public"
dns_name_label = "fooapi"
os_type = "Linux"
image_registry_credential {
username = "foo"
password = "notMyRealPassword"
server = "foo.azurecr.io"
}
container {
name = "foo"
image = "foo:${var.imagebuild}" //also tried "foo.azurecr.io/foo:${var.imagebuild}"
cpu = "1"
memory = "1"
ports {
port = 80
protocol = "TCP"
}
}
}
我在 Azure Devops 中构建了一个 CD 管道。如果我使用 public 图像存储库,则会创建资源并且我可以查看我的 api,构建成功。一旦我切换到私有存储库,我就会在管道输出日志中收到以下错误;
Error: creating/updating Container Group: (Name "foocg" / Resource Group "foorg"): containerinstance.ContainerGroupsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InaccessibleImage" Message="The image 'foo:417' in container group 'foocg' is not accessible. Please check the image and registry credential.
我试过使用私有 docker 集线器注册表和 Azure 容器注册表,后者我已启用管理员用户以获取登录详细信息。
任何人都可以建议我可能做错了什么以及我可以做些什么来解决这个问题吗?
我在我的环境中使用您的代码进行了测试,但遇到了同样的错误。
要解决此问题,请使用以下代码(在 images Section 处更改了代码)
main.tf
provider "azurerm" {
features{}
}
data "azurerm_resource_group" "example" {
name = "X-raXXXX-XXX"
}
resource "azurerm_container_group" "auth_container_group" {
name = "containergroupfooog"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
ip_address_type = "public"
dns_name_label = "aci-label798"
os_type = "Linux"
image_registry_credential {
username = "TestMyAcr90"
password = "OFfxXXXXXXXXX351XXhl6"
server = "testmyacr90.azurecr.io"
}
container {
name = "sidecar"
image = "${var.imagebuild}"
cpu = "1"
memory = "1"
ports {
port = 80
protocol = "TCP"
}
}
}
variable.tf
variable "imagebuild" {
description = "Repository"
default = "testmyacr90.azurecr.io/my_nginx:latest"
}
Output--