我正在使用下面的 Terraform 代码来创建资源组、创建 AKS 集群,并且我正在尝试允许 AKS 集群使用数据 {} 引用在同一订阅中使用现有 ACR。没有角色分配块它可以正常工作,但是当我使用它时,我不断收到以下错误
Error: Invalid index
on main.tf line 40, in resource "azurerm_role_assignment" "aks_to_acr_role":
40: principal_id = azurerm_kubernetes_cluster.aks.kubelet_identity[0].object_id
|----------------
| azurerm_kubernetes_cluster.aks.kubelet_identity is empty list of object
The given key does not identify an element in this collection value.
我查看了堆栈交换、Microsoft azure 文档和 Terraform 问题以及大量博客文章,老实说,我现在不知道出了什么问题。任何建议将不胜感激。
resource "azurerm_resource_group" "rg" {
name = var.resource_group_name
location = var.location
}
resource "azurerm_kubernetes_cluster" "aks" {
name = var.cluster_name
kubernetes_version = var.kubernetes_version
location = var.location
resource_group_name = azurerm_resource_group.rg.name
dns_prefix = var.cluster_name
default_node_pool {
name = "system"
node_count = var.system_node_count
vm_size = "Standard_B2ms"
type = "VirtualMachineScaleSets"
availability_zones = [1, 2, 3]
enable_auto_scaling = false
}
service_principal {
client_id = var.appId
client_secret = var.password
}
}
data "azurerm_container_registry" "acr_name" {
name = "xxxxx"
resource_group_name = "xxxxx"
}
resource "azurerm_role_assignment" "aks_to_acr_role" {
scope = data.azurerm_container_registry.acr_name.id
role_definition_name = "AcrPull"
principal_id = azurerm_kubernetes_cluster.aks.kubelet_identity[0].object_id
skip_service_principal_aad_check = true
}
ACR 名称和 RG 名称为 xxxxx 出于隐私考虑