使用 terraform 创建具有专用终结点的 Azure Postgres 数据库
问题描述 投票:0回答:1
我在尝试使用 Terraform 在 Azure 中创建具有专用终结点的 PostgreSQL 灵活服务器时遇到了挑战。此外,我已将网络安全组 (NSG) 附加到与 PostgreSQL 灵活服务器关联的子网。下面,我包含了 Terraform 脚本和我收到的错误消息。
"azurerm_private_dns_zone" "postgres_dns_zone" {
name = "${var.project_name}${var.environment}.postgres.database.azure.com"
resource_group_name = var.resource_group
tags = var.tags
}
resource "azurerm_postgresql_flexible_server" "db" {
name = "${var.project_name}${var.environment}postgres"
resource_group_name = var.resource_group
location = var.location
administrator_login = var.db_admin
administrator_password = random_password.postgres_password.result
sku_name = var.db_sku
zone = var.zone
version = var.db_version
delegated_subnet_id = var.subnet_id
private_dns_zone_id = azurerm_private_dns_zone.postgres_dns_zone.id
storage_mb = var.db_storage
backup_retention_days = 7
geo_redundant_backup_enabled = false
public_network_access_enabled = false
dynamic "high_availability" {
for_each = var.enable_ha ? [1] : []
content {
mode = "ZoneRedundant"
standby_availability_zone = var.ha_zone
}
}
depends_on = [azurerm_private_dns_zone.postgres_dns_zone]
tags = var.tags
}
resource "azurerm_postgresql_flexible_server_configuration" "postgis" {
name = "azure.extensions"
server_id = azurerm_postgresql_flexible_server.db.id
value = "POSTGIS"
}
# Link private DNS zone with the VNet for PostgreSQL
resource "azurerm_private_dns_zone_virtual_network_link" "pg_dns_vnet_link" {
name = "${azurerm_postgresql_flexible_server.db.name}-vnetlink.com"
resource_group_name = var.resource_group
private_dns_zone_name = azurerm_private_dns_zone.postgres_dns_zone.name
virtual_network_id = var.vnet_id
tags = var.tags
depends_on = [ azurerm_postgresql_flexible_server.db ]
}
# Private endpoint for PostgreSQL
resource "azurerm_private_endpoint" "postgres_private_endpoint" {
name = "${azurerm_postgresql_flexible_server.db.name}-private-endpoint"
resource_group_name = var.resource_group
location = var.location
subnet_id = var.subnet_id
tags = var.tags
private_service_connection {
name = "${azurerm_postgresql_flexible_server.db.name}-Connection"
is_manual_connection = false
private_connection_resource_id = azurerm_postgresql_flexible_server.db.id
subresource_names = ["postgresqlServer"]
}
private_dns_zone_group {
name = "${azurerm_postgresql_flexible_server.db.name}-private-dns-zone-group"
private_dns_zone_ids = [
azurerm_private_dns_zone.postgres_dns_zone.id
]
}
depends_on = [ azurerm_postgresql_flexible_server.db, azurerm_private_dns_zone.postgres_dns_zone ]
}
但出现以下错误:
Error: creating Private Endpoint (Subscription: "727b8f7b-c809-4a2d-b850-1308092ab3ed"
│ Resource Group Name: "controltower-dev-rg"
│ Private Endpoint Name: "controltowerdevpostgres-private-endpoint"): performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: PrivateEndpointFeatureNotSupportedOnServer: Call to Microsoft.DBforPostgreSQL/flexibleServers failed. Error message: The given server controltowerdevpostgres does not support private endpoint feature. Please create a new server that is private endpoint capable. Refer to https://aka.ms/pgflex-pepreview for more details.
│
│ with module.DB.azurerm_private_endpoint.postgres_private_endpoint,
│ on ..\modules\database\db.tf line 59, in resource "azurerm_private_endpoint" "postgres_private_endpoint":
│ 59: resource "azurerm_private_endpoint" "postgres_private_endpoint" {
1个回答
0
投票
投票
使用 terraform 创建具有专用终结点的 Azure Postgres 服务器
在创建具有专用端点的 Postgres 服务器时,我们需要确保我们选择显示的 SKU 和区域支持功能要求。
在运行部署之前,我们可以确保 PostgreSQL 的配置应通过以下给出的命令进行确认。
az postgres flexible-server list-skus --location <your location> --output table
我尝试了一个演示配置,其配置适合实现此要求,如下所述。
配置:
resource "azurerm_resource_group" "main" {
name = "vinay-pg-rg"
location = "westeurope"
}
resource "azurerm_virtual_network" "main" {
name = "vksb-pg-vnet"
address_space = ["10.88.0.0/16"]
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
}
resource "azurerm_subnet" "main" {
name = "vksb-pg-main-subnet"
resource_group_name = azurerm_resource_group.main.name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = ["10.88.2.0/24"]
private_endpoint_network_policies = "Enabled"
service_endpoints = ["Microsoft.Sql"]
}
resource "azurerm_network_security_group" "main" {
name = "vksb-pg-main-nsg"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
security_rule {
name = "PostgreSQL"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "5432"
source_address_prefix = "0.0.0.0/0"
destination_address_prefix = "*"
}
security_rule {
name = "HTTPS"
priority = 110
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "0.0.0.0/0"
destination_address_prefix = "*"
}
}
resource "azurerm_subnet_network_security_group_association" "main" {
subnet_id = azurerm_subnet.main.id
network_security_group_id = azurerm_network_security_group.main.id
}
resource "azurerm_private_dns_zone" "postgres_dns_zone" {
name = "privatelink.postgres.database.azure.com"
resource_group_name = azurerm_resource_group.main.name
}
resource "azurerm_postgresql_flexible_server" "main" {
name = "vksb-postgresql"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
version = "16"
sku_name = "B_Standard_B2s"
administrator_login = "sqladmin"
administrator_password = "yourpassword"
storage_mb = 32768
storage_tier = "P4"
public_network_access_enabled = false
}
resource "azurerm_private_dns_zone_virtual_network_link" "main" {
name = "vksb-postgresql-main-vnet-link"
resource_group_name = azurerm_resource_group.main.name
private_dns_zone_name = azurerm_private_dns_zone.postgres_dns_zone.name
virtual_network_id = azurerm_virtual_network.main.id
depends_on = [azurerm_subnet.main, azurerm_virtual_network.main]
}
resource "azurerm_private_endpoint" "main" {
name = "vksb-postgresql-main"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
subnet_id = azurerm_subnet.main.id
private_service_connection {
name = "vksb-postgresql-psc"
private_connection_resource_id = azurerm_postgresql_flexible_server.main.id
subresource_names = ["postgresqlServer"]
is_manual_connection = false
}
private_dns_zone_group {
name = azurerm_postgresql_flexible_server.main.name
private_dns_zone_ids = [azurerm_private_dns_zone.postgres_dns_zone.id]
}
depends_on = [azurerm_postgresql_flexible_server.main, azurerm_subnet.main]
}
resource "azurerm_postgresql_flexible_server_database" "db" {
name = "vksb-pg-main-db"
server_id = azurerm_postgresql_flexible_server.main.id
charset = "UTF8"
collation = "en_US.utf8"
lifecycle {
prevent_destroy = false
}
depends_on = [azurerm_postgresql_flexible_server.main]
}
部署:
参考:
https://azure.microsoft.com/en-us/explore/global-infrastruct/products-by-region/
https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking-private
https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking-private-link
最新问题
- Sensorkit中只有didFetchResult deligate方法没有被调用
- 根据对象的键推断对象的返回类型
- Spark Snowflake 库通信间歇性错误:HTTP 状态 503
- 通过键返回对象属性的正确类型
- 在 SQLite 中插入数据时外键不匹配
- PyQt6 在与多处理一起使用并编译成 .exe 时会崩溃
- mcmapply 因使用 openMP 的 Rcpp/Armadillo 函数而停顿
- 如何在谷歌脚本中获取具有正确值的范围
- 如何下载实际资源路线混音?
- 如何为我的应用程序设置图标?
- 无法构建“WixSharp Setup - Bootstrapper (WiX4)”项目
- 消息是否可以直接发送到 Azure IoT 中心的内置事件中心端点
- 使用 awscli 和 docker cli 登录 AWS ECR
- Debian 操作系统上的 Flutter 项目中的 Gradle“无法找到或加载主类 org.gradle.wrapper.GradleWrapperMain”
- 如何用极坐标中的随机值填充列
- 无法理解此 PCL 代码:在原始指针上调用成员方法而不使用 ->
- 为什么我的 ASP.NET Core POST 方法中的 URL 中的 id 参数没有更新?
- Drupal 9 - 消息和消息状态系统块不显示
- TCP 套接字错误 10061
- Unity中“无相机渲染”如何解决?
© www.soinside.com 2019 - 2024. All rights reserved.