我想创建一个容器,从中运行我的terraform命令。我的码头文件是这样的:
FROM mcr.microsoft.com/azure-cli
RUN apk add curl
ENV TERRAFORM_VERSION 0.12.21
RUN curl -sL https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -o tf.zip
&& unzip tf.zip
&& mv terraform /sbin/
&& rm -rf tf.zip
我的main.tf看起来像:
provider "azurerm" {
version = "~>1.44"
subscription_id = "xxx"
}
provider "azuread" {
version = "~>0.6.0"
}
terraform {
backend "azurerm" {}
}
我通常在Windows主机上做的是az login,然后是
terraform init
-backend-config=storage_account_name=xxx
-backend-config=container_name=terraform-state
-backend-config=access_key="xxx"
-backend-config=key=app.tfstate
问题是,当我在docker容器中按照docker run --rm -ti <IMAGE_ID> bash运行而不是成功初始化时,我会得到一个奇怪的错误,比如:
Error: Failed to get existing workspaces: storage: service returned error: StatusCode=403, ErrorCode=AuthenticationFailed, ErrorMessage=Server failed to authenticate the request. Make sure the value of
Authorization header is formed correctly including the signature.
这在某种程度上与有关吗
由于某种未知的原因,当我使用ubuntu:18.04映像而不是mcr.microsoft.com/azure-cli并自己安装az时,一切都开始工作。
FROM ubuntu:18.04
RUN apt update && apt install -y curl jq wget unzip ca-certificates gnupg lsb-release apt-transport-https
# Install Azure CLI
COPY azure-cupi.pub /root/.ssh/azure-cupi.pub
RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash
RUN curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null
RUN AZ_REPO=$(lsb_release -cs) && echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | tee /etc/apt/sources.list.d/azure-cli.list
RUN apt update && apt install -y azure-cli
# Install Terraform
ARG TERRAFORM_VERSION="0.12.22"
RUN cd /tmp &&
wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip &&
unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/bin &&
rm -rf /tmp/* &&
rm -rf /var/cache/apk/* &&
rm -rf /var/tmp/*
我没有发现显著的差异。