![](/img/trans.png)
[英]How to pull and deploy a docker image from azure container registry using Terraform?
[英]How to push a docker image to Azure container registry using terraform?
我是 Terraform/Azure 的初学者,我想使用 terraform 在 ACR 中部署 docker 映像,但无法找到 Internet 解决方案。 因此,如果有人知道如何使用 Terraform 将 docker 映像部署到 azure 容器注册表,请分享。 告诉我这是否可能。
您可以使用 Terraform 资源null_resource
并在 Terraform 中执行您自己的逻辑。
例子:
resource "azurerm_resource_group" "rg" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_container_registry" "acr" {
name = "containerRegistry1"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "Premium"
admin_enabled = true
georeplication_locations = ["East US", "West Europe"]
}
resource "azurerm_azuread_application" "acr-app" {
name = "acr-app"
}
resource "azurerm_azuread_service_principal" "acr-sp" {
application_id = "${azurerm_azuread_application.acr-app.application_id}"
}
resource "azurerm_azuread_service_principal_password" "acr-sp-pass" {
service_principal_id = "${azurerm_azuread_service_principal.acr-sp.id}"
value = "Password12"
end_date = "2022-01-01T01:02:03Z"
}
resource "azurerm_role_assignment" "acr-assignment" {
scope = "${azurerm_container_registry.acr.id}"
role_definition_name = "Contributor"
principal_id = "${azurerm_azuread_service_principal_password.acr-sp-pass.service_principal_id}"
}
resource "null_resource" "docker_push" {
provisioner "local-exec" {
command = <<-EOT
docker login ${azurerm_container_registry.acr.login_server}
docker push ${azurerm_container_registry.acr.login_server}
EOT
}
}
刚刚用docker_registry_image资源解决了这个问题。 我不喜欢使用空资源,因为它需要对本地系统包的依赖。 此外,我这样做是为了让您既可以使用本地身份验证进行部署,也可以使用存储在 Github 存储库中的凭据进行身份验证。
主文件
terraform {
required_version = ">= 1.1.7"
required_providers {
docker = {
source = "kreuzwerker/docker"
version = ">= 2.16.0"
}
}
backend "azurerm" {}
}
provider "docker" {
// Used when deploying locally
dynamic "registry_auth" {
for_each = var.docker_config_file_path == "" ? [] : [1]
content {
address = var.docker_registry_url
config_file = pathexpand(var.docker_config_file_path)
}
}
// Used when deploying from a build pipeline
dynamic "registry_auth" {
for_each = (var.docker_registry_username == "" || var.docker_registry_password == "") ? [] : [1]
content {
address = var.docker_registry_url
username = var.docker_registry_username
password = var.docker_registry_password
}
}
}
resource "docker_registry_image" "image" {
name = "${var.docker_image_name}:${var.docker_image_tag}"
keep_remotely = var.keep_remotely
build {
context = var.docker_file_path
build_args = var.build_args
}
}
变量.tf
variable "docker_registry_url" {
description = "Address of ACR container registry."
type = string
}
variable "docker_registry_username" {
description = "Username for authenticating with the container registry. Required if docker_config_file_path is not set."
type = string
default = ""
}
variable "docker_registry_password" {
description = "Password for authenticating with the container registry. Required if docker_config_file_path is not set."
type = string
default = ""
sensitive = true
}
variable "docker_config_file_path" {
description = "Path to config.json containing docker configuration."
type = string
default = ""
}
variable "docker_image_name" {
description = "Name of docker image to build."
type = string
}
variable "docker_image_tag" {
description = "Tag to use for the docker image."
type = string
default = "latest"
}
variable "source_path" {
description = "Path to folder containing application code"
type = string
default = null
}
variable "docker_file_path" {
description = "Path to Dockerfile in source package"
type = string
}
variable "build_args" {
description = "A map of Docker build arguments."
type = map(string)
default = {}
}
variable "keep_remotely" {
description = "Whether to keep Docker image in the remote registry on destroy operation."
type = bool
default = false
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.