我在使用 Terraform 创建 AKS 集群时遇到错误

错误:

│ Error: Unsupported block type
│
│   on main.tf line 97, in resource "azurerm_kubernetes_cluster" "aks":
│   97:     image_reference {
│
│ Blocks of type "image_reference" are not expected here.
╵
╷
│ Error: Unsupported block type
│
│   on main.tf line 105, in resource "azurerm_kubernetes_cluster" "aks":
│  105:   node_pools {
│
│ Blocks of type "node_pools" are not expected here.
╵
╷
│ Error: Unsupported block type
│
│   on main.tf line 124, in resource "azurerm_kubernetes_cluster" "aks":
│  124:   node_pool {
│
│ Blocks of type "node_pool" are not expected here.
╵
╷
│ Error: Unsupported block type
│
│   on main.tf line 153, in resource "azurerm_kubernetes_cluster" "aks":
│  153:   kubernetes_cluster_config {
│
│ Blocks of type "kubernetes_cluster_config" are not expected here.
╵
╷
│ Error: Unsupported argument
│
│   on main.tf line 180, in resource "azurerm_kubernetes_cluster" "aks":
│  180:     network_security_group_id = azurerm_network_security_group.azure-sg.id
│
│ An argument named "network_security_group_id" is not expected here.

以上是我遇到的错误。我编写了 Terraform 代码，如下所示。

provider.tf:
============

provider "azurerm" {
  features {}
}

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "2.39.0"
    }
  }
}


terraform.tfvars:
=================

resource_group_name = "a0474899701"
location            = "CentralUS"
cluster_name        = "aks01"
kubernetes_version  = "1.24.4"
system_node_count   = 2
user_node_count     = 1
spot_node_count     = 2
acr_name            = "devops_acr_tf"
aks_network_plugin  = "kubenet"
client_id           = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
client_secret       = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"


main.tf:
========
# Create an Resource Group
resource "azurerm_resource_group" "aks-rg" {
  name     = var.resource_group_name
  location = var.location
}

# Create an ACR instance
resource "azurerm_container_registry" "acr" {
  name                = var.acr_name
  resource_group_name = azurerm_resource_group.aks-rg.name
  location            = var.location
  sku                 = "Standard"
  admin_enabled       = false
}

# Create a role assignment to allow AKS to access ACR
resource "azurerm_role_assignment" "role_acrpull" {
  scope                            = azurerm_container_registry.acr.id
  role_definition_name             = "AcrPull"
  # principal_id                     = azurerm_kubernetes_cluster.aks.kubelet_identity.0.object_id
  principal_id                     = azurerm_kubernetes_cluster.aks.kubelet_identity.0.client_id
  skip_service_principal_aad_check = true
}

# Create a Kubernetes secret to hold the ACR credentials
# It holds the ACR credentials in a Docker config JSON format
resource "kubernetes_secret" "acr_credentials" {
  metadata {
    name = "acr-credentials"
  }

  data = {
    ".dockerconfigjson" = azurerm_container_registry.acr.docker_config_json
  }
}    

# Private Key Creation
resource "tls_private_key" "aks_ssh_key" {
  algorithm = "RSA"
}

resource "file" "private_key" {
  content  = tls_private_key.aks_ssh_key.private_key_pem
  filename = "aks_private_key.pem"
}

# virtual network (aks_vnet) is created in the same resource group
resource "azurerm_virtual_network" "aks_vnet" {
  name                = "${var.resource_group_name}-vnet01"
  # address_space       = ["10.0.0.0/16"]
  address_space       = ["10.172.144.0/26"]
  location            = azurerm_resource_group.aks_rg.location
  resource_group_name = azurerm_resource_group.aks_rg.name
}

# subnet (aks_subnet) is created within the virtual network
resource "azurerm_subnet" "aks_subnet" {
  name                 = "${var.resource_group_name}-vnet01-subnet01"
  resource_group_name  = azurerm_resource_group.aks_rg.name
  virtual_network_name = azurerm_virtual_network.aks_vnet.name
  # address_prefix       = "10.0.1.0/24"
  address_prefix       = "10.172.144.0/27"
}


resource "azurerm_network_security_group" "azure-sg" {
  name                = "${var.resource_group_name}-nsg01"
  location            = azurerm_resource_group.aks_rg.location
  resource_group_name = azurerm_resource_group.aks_rg.name

  security_rule {
    name                       = "allow-ssh"
    priority                   = 100
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "22"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
}

resource "azurerm_kubernetes_cluster" "aks" {
  name                = var.cluster_name
  kubernetes_version  = var.kubernetes_version
  location            = var.location
  resource_group_name = azurerm_resource_group.aks-rg.name
  security_group_name = azurerm_network_security_group.azure-sg.name
  dns_prefix          = var.cluster_name
  
  default_node_pool {
    name                = "system"
    node_count          = var.system_node_count
    vm_size             = "Standard_E4as_v4"
    os_disk_size_gb     = 20
    os_disk_type        = "Ephemeral"
    vnet_subnet_id      = azurerm_subnet.aks_subnet.id
    os_type             = "Linux"
    node_image_version = "AKSUbuntu-1804gen2containerd-2023.01.10"
    enable_node_public_ip = false
    enable_auto_scaling = false
  }
  additional_node_pools {
    name                = "user"
    node_count          = var.user_node_count
    vm_size             = "Standard_E8as_v4"
    os_disk_size_gb     = 20
    os_disk_type        = "Ephemeral"
    vnet_subnet_id      = azurerm_subnet.aks_subnet.id
    type                = "User"
      # os_type             = "RedHat"
    os_type             = "Linux"
    node_image_version = "AKSUbuntu-1804gen2containerd-2023.01.10"
    enable_node_public_ip = false
    enable_auto_scaling = false
  }
  additional_node_pools {
    name                = "spot"
    node_count          = var.spot_node_count
    vm_size             = "Standard_D2s_v3"
    os_disk_size_gb     = 20
    os_disk_type        = "Ephemeral"
    vnet_subnet_id      = azurerm_subnet.aks_subnet.id
    type                = "User"
      # os_type             = "RedHat"
    os_type             = "Linux"
    node_image_version = "AKSUbuntu-1804gen2containerd-2023.01.10"
    max_price           = 0.5
    enable_node_public_ip = false
    enable_auto_scaling = false
    eviction_policy      = "Spot"
    taints               = ["kubernetes.azure.com/scalesetpriority=spot:NoSchedule"]
    labels = {
      "kubernetes.azure.com/scalesetpriority" = "spot"
    }
  }

  kubernetes_cluster_config {
    max_pods_per_node = "110"
  }
  
  identity {
    type = "SystemAssigned"
  }
  
  linux_profile {
    admin_username = "azureuser"

    ssh_key {
      key_data = tls_private_key.aks_ssh_key.public_key_openssh
    }
  }
  
  network_profile {
    pod_cidr = "172.32.0.0/19"
    service_cidr = "172.32.0.0/19"
    load_balancer_sku = "Standard"
    network_plugin    = var.aks_network_plugin 
    dns_service_ip = "172.32.0.10"
    docker_bridge_cidr = "172.34.0.1/16"
  }
  
  service_principal {
    client_id     = var.client_id
    client_secret = var.client_secret
  }
  
  tags = {
    Environment = "Development"
  }
}

# ACR can be attached to the AKS cluster using the "azurerm_kubernetes_cluster_container_registry_config" resource type
resource "azurerm_kubernetes_cluster_container_registry_config" "acr_config" {
  cluster_name        = azurerm_kubernetes_cluster.aks.name
  registry_id         = azurerm_container_registry.acr.id
  namespace           = "aks"
  default_action      = "Allow"
}

以上是我遇到上述错误的代码。我得到了一些折旧。谁能告诉我如何解决这个错误

我需要替换什么来代替这些错误

谢谢

最佳答案

如果您看到官方文档，就会发现 AKS 集群没有像 additional_node_pools 这样的字段。

不支持提交，但您仍然添加了

resource "azurerm_kubernetes_cluster" "aks"

这就是错误背后的原因。

关于azure - 使用 Terraform 安装 AKS 时获取不受支持的 block 类型，我们在Stack Overflow上找到一个类似的问题： https://stackoverflow.com/questions/75311463/

azure - 使用 Terraform 安装 AKS 时获取不受支持的 block 类型

错误:

上一篇：azure - Microsoft Learn Sandbox 创建的资源在删除之前会保留多长时间？

下一篇：Azure DevOps checkout 仅触发存储库