Azure Provider 使用指南 #
Provider 配置 #
基本配置 #
hcl
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0"
}
}
}
provider "azurerm" {
features {}
}
认证方式 #
hcl
provider "azurerm" {
features {}
subscription_id = var.subscription_id
client_id = var.client_id
client_secret = var.client_secret
tenant_id = var.tenant_id
}
使用环境变量:
bash
export ARM_SUBSCRIPTION_ID="subscription-id"
export ARM_CLIENT_ID="client-id"
export ARM_CLIENT_SECRET="client-secret"
export ARM_TENANT_ID="tenant-id"
使用托管身份:
hcl
provider "azurerm" {
features {}
use_msi = true
subscription_id = var.subscription_id
}
多订阅配置 #
hcl
provider "azurerm" {
alias = "prod"
subscription_id = var.prod_subscription_id
features {}
}
provider "azurerm" {
alias = "dev"
subscription_id = var.dev_subscription_id
features {}
}
resource "azurerm_resource_group" "prod" {
provider = azurerm.prod
name = "prod-rg"
location = "East US"
}
常用资源 #
资源组 #
hcl
resource "azurerm_resource_group" "main" {
name = "main-rg"
location = "East US"
tags = {
Environment = "production"
}
}
虚拟网络 #
hcl
resource "azurerm_virtual_network" "main" {
name = "main-vnet"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
tags = {
Environment = "production"
}
}
resource "azurerm_subnet" "internal" {
name = "internal-subnet"
resource_group_name = azurerm_resource_group.main.name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_subnet" "public" {
name = "public-subnet"
resource_group_name = azurerm_resource_group.main.name
virtual_network_name = azurerm_virtual_network.main.name
address_prefixes = ["10.0.2.0/24"]
}
虚拟机 #
hcl
resource "azurerm_network_interface" "main" {
name = "main-nic"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
ip_configuration {
name = "internal"
subnet_id = azurerm_subnet.internal.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_linux_virtual_machine" "main" {
name = "main-vm"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
size = "Standard_DS1_v2"
admin_username = "adminuser"
network_interface_ids = [azurerm_network_interface.main.id]
admin_ssh_key {
username = "adminuser"
public_key = file("~/.ssh/id_rsa.pub")
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "18.04-LTS"
version = "latest"
}
tags = {
Environment = "production"
}
}
存储账户 #
hcl
resource "azurerm_storage_account" "main" {
name = "storageaccountname"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
account_tier = "Standard"
account_replication_type = "LRS"
tags = {
Environment = "production"
}
}
resource "azurerm_storage_container" "main" {
name = "content"
storage_account_name = azurerm_storage_account.main.name
container_access_type = "private"
}
SQL 数据库 #
hcl
resource "azurerm_mssql_server" "main" {
name = "mssqlserver"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
version = "12.0"
administrator_login = "adminuser"
administrator_login_password = var.db_password
}
resource "azurerm_mssql_database" "main" {
name = "main-db"
server_id = azurerm_mssql_server.main.id
collation = "SQL_Latin1_General_CP1_CI_AS"
max_size_gb = 4
read_scale = false
sku_name = "S0"
zone_redundant = false
}
应用服务 #
hcl
resource "azurerm_app_service_plan" "main" {
name = "main-plan"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
kind = "Linux"
reserved = true
sku {
tier = "Standard"
size = "S1"
}
}
resource "azurerm_app_service" "main" {
name = "main-app-service"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
app_service_plan_id = azurerm_app_service_plan.main.id
site_config {
linux_fx_version = "DOCKER|nginx:latest"
}
app_settings = {
"WEBSITE_HTTPLOGGING_RETENTION_DAYS" = "7"
}
}
Kubernetes 服务 #
hcl
resource "azurerm_kubernetes_cluster" "main" {
name = "main-aks"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
dns_prefix = "mainaks"
default_node_pool {
name = "default"
node_count = 3
vm_size = "Standard_DS2_v2"
}
identity {
type = "SystemAssigned"
}
tags = {
Environment = "production"
}
}
数据源 #
查询资源组 #
hcl
data "azurerm_resource_group" "main" {
name = "existing-rg"
}
查询虚拟网络 #
hcl
data "azurerm_virtual_network" "main" {
name = "existing-vnet"
resource_group_name = data.azurerm_resource_group.main.name
}
查询子网 #
hcl
data "azurerm_subnet" "internal" {
name = "internal-subnet"
virtual_network_name = data.azurerm_virtual_network.main.name
resource_group_name = data.azurerm_resource_group.main.name
}
查询 AKS 集群 #
hcl
data "azurerm_kubernetes_cluster" "main" {
name = "existing-aks"
resource_group_name = data.azurerm_resource_group.main.name
}
provider "kubernetes" {
host = data.azurerm_kubernetes_cluster.main.kube_config[0].host
client_certificate = base64decode(data.azurerm_kubernetes_cluster.main.kube_config[0].client_certificate)
client_key = base64decode(data.azurerm_kubernetes_cluster.main.kube_config[0].client_key)
cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.main.kube_config[0].cluster_ca_certificate)
}
最佳实践 #
1. 使用模块 #
hcl
module "vnet" {
source = "Azure/vnet/azurerm"
version = "4.0.0"
resource_group_name = azurerm_resource_group.main.name
vnet_name = "main-vnet"
address_space = ["10.0.0.0/16"]
subnet_prefixes = ["10.0.1.0/24", "10.0.2.0/24"]
subnet_names = ["subnet1", "subnet2"]
}
2. 标签管理 #
hcl
locals {
common_tags = {
Environment = var.environment
Project = var.project_name
ManagedBy = "terraform"
}
}
resource "azurerm_resource_group" "main" {
name = "${var.project_name}-rg"
location = var.location
tags = local.common_tags
}
3. 使用 features 配置 #
hcl
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = false
}
virtual_machine {
delete_os_disk_on_deletion = true
delete_data_disks_on_deletion = true
}
key_vault {
purge_soft_delete_on_destroy = true
recover_soft_deleted_key_vaults = true
}
}
}
下一步 #
掌握了 Azure Provider 后,接下来学习 GCP Provider,了解如何管理 Google Cloud 资源!
最后更新:2026-03-29