如何通过 Terraform 映射 Azure 容器实例中的端口?

tag-icon tag-icon networking azure docker containers terraform
如何通过 Terraform 映射 Azure 容器实例中的端口?

我在 Azure 上使用 Azure 容器实例 (ACI) 的容器组中有两个容器,一个 (容器 A) 向 Internet 公开端口80443(反向代理),另一个 (容器 B) 也在端口上运行80。如何将容器 B 的端口映射80到不同的端口,例如8080,以便两个容器不会与端口发生冲突localhost(在 Azure 上,容器组内的容器可以通过 localhost 相互访问)?

我不能使用,8080:80因为它需要是一个数字,而且我看不出有其他指定方法。如果我80在容器 A 上指定端口,反向代理只会循环到自身,本质上是反向代理反向代理(通常容器 B 的端口80在本地主机上是可以访问的)

例子:

resource "azurerm_container_group" "main_containers" {
  name                = "containergroup"
  location            = var.location
  resource_group_name = var.rg_name
  ip_address_type     = "public"
  dns_name_label      = local.dns_name_label
  os_type             = "Linux"
  restart_policy      = "Always"
  tags                = var.tags

  container {
    name   = "nextcloud"
    image  = "nextcloud"
    cpu    = "0.8"
    memory = "0.8"

    environment_variables = {
      MYSQL_DATABASE = azurerm_mariadb_database.nextcloud_database_db.name
      MYSQL_USER     = azurerm_mariadb_server.nextcloud_database.administrator_login
      MYSQL_HOST     = azurerm_mariadb_server.nextcloud_database.fqdn
    }

    secure_environment_variables = {
      MYSQL_PASSWORD = azurerm_mariadb_server.nextcloud_database.administrator_login_password
    }

    volume {
      name                 = azurerm_storage_share.nextcloud_storage_nextcloud_data_share.name
      mount_path           = "/var/www/html"
      storage_account_name = azurerm_storage_account.nextcloud_storage.name
      storage_account_key  = azurerm_storage_account.nextcloud_storage.primary_access_key
      share_name           = azurerm_storage_share.nextcloud_storage_nextcloud_data_share.name
    }

    ports {
      # This is what I want to do but it fails with:
      # Inappropriate value for attribute "port": a number is required.
      port = "8080:80"
      protocol = "TCP"
    }
  }

  container {
    name   = "reverse-proxy-https"
    image  = "caddy"
    cpu    = "0.2"
    memory = "0.2"
    commands = [
      "caddy", "reverse-proxy",
      "-from", local.public_domain_name,
      # this is where I would tell to reverse-proxy to 8080
      "-to", "localhost:8080",
    ]

    ports {
      port     = 80
      protocol = "TCP"
    }

    ports {
      port     = 443
      protocol = "TCP"
    }

    volume {
      name                 = azurerm_storage_share.nextcloud_storage_caddy_data_share.name
      mount_path           = "/data/caddy"
      storage_account_name = azurerm_storage_account.nextcloud_storage.name
      storage_account_key  = azurerm_storage_account.nextcloud_storage.primary_access_key
      share_name           = azurerm_storage_share.nextcloud_storage_caddy_data_share.name
    }

    volume {
      name                 = azurerm_storage_share.nextcloud_storage_caddy_config_share.name
      mount_path           = "/config/caddy"
      storage_account_name = azurerm_storage_account.nextcloud_storage.name
      storage_account_key  = azurerm_storage_account.nextcloud_storage.primary_access_key
      share_name           = azurerm_storage_share.nextcloud_storage_caddy_config_share.name
    }
  }
}

相关内容