我有一个名为privatelink.file.core.windows.net的现有专用DNS区域,该区域链接到虚拟网络。
我创建了一个Terraform模板,该模板为连接到上述虚拟网络的所述存储帐户创建一个存储帐户和一个专用端点。当创建资源时,我注意到它不会自动在专用DNS区域中注册。相反,我不得不手动创建一个私人DNS a记录,我更希望这是自动发生的,如何做到这一点?
存储帐户创建
resource "azurerm_storage_account" "st" {
name = var.st.name
resource_group_name = var.rg_shared_name
location = var.rg_shared_location
account_tier = var.st.tier
account_replication_type = var.st.replication
}
专用端点创建
# PRIVATE ENDPOINT FOR STORAGE ACCOUNT
resource "azurerm_private_endpoint" "pe" {
name = var.pe.name
resource_group_name = var.rg_shared_name
location = var.rg_shared_location
subnet_id = var.subnet_id
private_service_connection {
name = "test"
private_connection_resource_id = azurerm_storage_account.st.id
is_manual_connection = false
subresource_names = ["file"]
}
}
手动创建DNS记录
resource "azurerm_private_dns_a_record" "st_fqdn" {
name = azurerm_storage_account.st.name
zone_name = "privatelink.file.core.windows.net"
resource_group_name = "rg-hub-shared-core-dns-uks-001"
ttl = 300
records = ["172.17.208.4"]
}
我已经解决了这个问题,我错过了azurerm_private_endpoint资源块中的private_dns_zone_group。一旦我添加了这个代码,它就会自动填充Azure私有DNS。
来源:https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/private_endpoint
下面的代码是我更改并添加的部分private_dns_zone_group。
# PRIVATE ENDPOINT FOR STORAGE ACCOUNT
resource "azurerm_private_endpoint" "pe" {
name = var.pe.name
resource_group_name = var.rg_shared_name
location = var.rg_shared_location
subnet_id = var.subnet_id
private_dns_zone_group {
name = "add_to_azure_private_dns"
private_dns_zone_ids = ["/subscriptions/d5f2dcf8-ab3f-47aa-9ec3-9c5aba4b909f/resourceGroups/rg-hub-shared-core-dns-uks-001/providers/Microsoft.Network/privateDnsZones/privatelink.file.core.windows.net"]
}
private_service_connection {
name = "connect_to_storage_account"
private_connection_resource_id = azurerm_storage_account.st.id
is_manual_connection = false
subresource_names = ["file"]
}
}