本快速入门指南介绍如何使用 Terraform 创建 Azure 应用服务的单租户应用服务环境部署。 将其与 Azure 虚拟网络一起使用。 需要一个子网来部署应用服务环境,并且此子网不能用于任何其他对象。 创建资源组、虚拟网络和子网来配置 Azure 应用服务环境 v3。
在这篇文章中,你将学会如何:
- 创建具有唯一名称的 Azure 资源组。
- 建立具有指定名称和地址的虚拟网络。
- 为子网生成一个随机名称,并在虚拟网络中创建一个子网。
- 将子网委托给 Microsoft.Web/hostingEnvironments 服务。
- 为应用服务环境 v3 生成随机名称,并在子网中创建应用服务环境 v3。
- 为应用服务环境 v3 设置内部负载均衡模式。
- 设置应用服务环境 v3 的群集设置。
- 标记应用服务环境版本3。
- 输出资源组、虚拟网络、子网和应用服务环境 v3 的名称。
先决条件
- 拥有有效订阅的 Azure 帐户。 可以创建帐户。
- Terraform 有关更多信息,请参阅 安装和配置 Terraform。
重要
如果使用 4.x azurerm 提供程序,则必须在运行 Terraform 命令之前 显式指定要向 Azure 进行身份验证的 Azure 订阅 ID 。
一种指定 Azure 订阅 ID 的方法是在名为 providers 的环境变量中指定订阅 ID,而不是将其放在 ARM_SUBSCRIPTION_ID 块中。
有关详细信息,请参阅 Azure 提供程序参考文档。
实现 Terraform 代码
本文中的示例代码位于 Azure Terraform GitHub 存储库中。 你可以查看包含当前和以前 Terraform 版本的测试结果的日志文件。 请参阅更多 文章和示例代码,了解如何使用 Terraform 管理 Azure 资源。
创建用于测试和运行示例 Terraform 代码的目录,并将其设为当前目录。
创建名为
main.tf的文件并插入以下代码:
# Create a random pet name to use as a part of the resource group name
# for uniqueness
resource "random_pet" "rg_name" {
prefix = var.resource_group_name_prefix
}
# Create a resource group for organizing the App Service Environment resources
resource "azurerm_resource_group" "rg" {
location = var.resource_group_location
name = random_pet.rg_name.id
}
# A random value for the virtual network name is used if the
# virtual_network_name variable is not set
resource "random_string" "azurerm_virtual_network_name" {
length = 13
lower = true
numeric = false
special = false
upper = false
}
# Define the virtual network for the App Service Environment
resource "azurerm_virtual_network" "example" {
name = coalesce(var.virtual_network_name, "vnet-${random_string.azurerm_virtual_network_name.result}")
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
address_space = ["10.0.0.0/16"]
}
# A random value for the subnet is used if the subnet_name variable is not set
resource "random_string" "azurerm_subnet_name" {
length = 13
lower = true
numeric = false
special = false
upper = false
}
# Define a subnet within the virtual network for the App Service Environment
resource "azurerm_subnet" "ase" {
name = coalesce(var.subnet_name, "subnet-${random_string.azurerm_subnet_name.result}")
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.1.0/24"]
delegation {
name = "delegation"
service_delegation {
name = "Microsoft.Web/hostingEnvironments"
actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
}
}
}
# A random value for the App Service Environment name is used if the
# app_service_environment_v3_name variable is not set
resource "random_string" "azurerm_app_service_environment_v3_name" {
length = 13
lower = true
numeric = false
special = false
upper = false
}
# Define the App Service Environment v3 resource
resource "azurerm_app_service_environment_v3" "example" {
name = coalesce(var.app_service_environment_v3_name, "asev3-${random_string.azurerm_app_service_environment_v3_name.result}")
resource_group_name = azurerm_resource_group.rg.name
subnet_id = azurerm_subnet.ase.id
internal_load_balancing_mode = "Web, Publishing"
cluster_setting {
name = "DisableTls1.0"
value = "1"
}
cluster_setting {
name = "InternalEncryption"
value = "true"
}
cluster_setting {
name = "FrontEndSSLCipherSuiteOrder"
value = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
}
tags = {
env = "production"
terraformed = "true"
}
}
- 创建名为
outputs.tf的文件并插入以下代码:
output "resource_group_name" {
value = azurerm_resource_group.rg.name
}
output "virtual_network_name" {
value = azurerm_virtual_network.example.name
}
output "subnet_name" {
value = azurerm_subnet.ase.name
}
output "app_service_environment_v3_name" {
value = azurerm_app_service_environment_v3.example.name
}
- 创建名为
providers.tf的文件并插入以下代码:
terraform {
required_version = ">=1.0"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~>3.0"
}
random = {
source = "hashicorp/random"
version = "~>3.0"
}
}
}
provider "azurerm" {
features {}
}
- 创建名为
variables.tf的文件并插入以下代码:
variable "resource_group_name_prefix" {
type = string
default = "rg"
description = "Prefix of the resource group name that's combined with a random ID so name is unique in your Azure subscription."
}
variable "resource_group_location" {
type = string
default = "chinanorth3"
description = "Location of the resource group."
}
variable "virtual_network_name" {
type = string
description = "The name of the virtual network resource. The value will be randomly generated if blank."
default = ""
}
variable "subnet_name" {
type = string
description = "The name of the virtual network subnet. The value will be randomly generated if blank."
default = ""
}
variable "app_service_environment_v3_name" {
type = string
description = "The name of the App Service Environment v3 resource. The value will be randomly generated if blank."
default = ""
}
初始化 Terraform
Run [terraform init](https://www.terraform.io/docs/commands/init.html) to initialize the Terraform deployment. This command downloads the Azure provider required to manage your Azure resources.
```console
terraform init -upgrade
要点:
- 参数
-upgrade可将必要的提供程序插件升级到符合配置版本约束的最新版本。
## Create a Terraform execution plan
```terraform
Run [terraform plan](https://www.terraform.io/docs/commands/plan.html) to create an execution plan.
```console
terraform plan -out main.tfplan
要点:
-
terraform plan命令将创建一个执行计划,但不会执行它。 相反,它会确定需要执行哪些操作,以创建配置文件中指定的配置。 此模式允许你在对实际资源进行任何更改之前验证执行计划是否符合预期。 - 使用可选
-out参数可以为计划指定输出文件。 使用-out参数可以确保你审阅的计划就是实际应用的内容。
应用 Terraform 执行计划
Run [terraform apply](https://www.terraform.io/docs/commands/apply.html) to apply the execution plan to your cloud infrastructure.
```console
terraform apply main.tfplan
要点:
- 示例
terraform apply命令假设你先前运行了terraform plan -out main.tfplan。 - 如果为
-out参数指定了不同的文件名,请在对terraform apply的调用中使用该相同文件名。 - 如果未使用
-out参数,请调用不带任何参数的terraform apply。
## Verify the results
### [Azure CLI](#tab/azure-cli)
1. Get the Azure resource group name.
```console
resource_group_name=$(terraform output -raw resource_group_name)
```
1. Get the virtual network name.
```console
virtual_network_name=$(terraform output -raw virtual_network_name)
```
1. Get the subnet name.
```console
subnet_name=$(terraform output -raw subnet_name)
```
1. Run `az appservice ase show` to view the App Service Environment v3.
```azurecli
az appservice ase show --name $app_service_environment_v3_name --resource-group $resource_group_name
```
### [Azure PowerShell](#tab/azure-powershell)
1. Get the Azure resource group name.
```console
$resource_group_name=$(terraform output -raw resource_group_name)
```
1. Get the virtual network name.
```console
$virtual_network_name=$(terraform output -virtual_network_name)
```
1. Get the subnet name.
```console
$subnet_name=$(terraform output -subnet_name)
```
1. Run `Get-AzAppServiceEnvironment` to view the AKS cluster within the Azure Extended Zone.
```azurepowershell
Get-AzAppServiceEnvironment -Name $app_service_environment_v3_name -ResourceGroupName $resource_group_name
```
---
## Clean up resources
```terraform
When you no longer need the resources created via Terraform, do the following steps:
1. Run [terraform plan](https://www.terraform.io/docs/commands/plan.html) and specify the `destroy` flag.
```console
terraform plan -destroy -out main.destroy.tfplan
```
[!INCLUDE [terraform-plan-notes.md](terraform-plan-notes.md)]
1. Run [terraform apply](https://www.terraform.io/docs/commands/apply.html) to apply the execution plan.
```console
terraform apply main.destroy.tfplan
```
Azure 上的 Terraform 故障排除
排查在 Azure 上使用 Terraform 时遇到的常见问题。