使用 Terraform 在 Azure 中建立輪輻網路
Terraform 可讓您定義、預覽和部署雲端基礎結構。 使用 Terraform 時,您可以使用 HCL 語法來建立設定檔。 HCL 語法可讓您指定雲端提供者 (例如 Azure) 和構成雲端基礎結構的元素。 建立設定檔之後,您可以建立執行計畫,讓您先預覽基礎結構變更,之後再部署。 驗證變更之後,您可以套用執行計畫來部署基礎結構。
在本文中,您會實作兩個不同的輪輻網路,以示範工作負載的分離。 網路會使用中樞虛擬網路共用一般資源。 輪輻可用來隔離自己 VNet 中的工作負載,與其他輪輻分開管理。 每個工作負載在透過 Azure 負載平衡器連線多個子網路的情況下,都可能包括多個階層。
在本文中,您將學會如何:
- 在中樞輪輻拓撲中實作輪輻 VNet
- 在輪輻網路中建立虛擬機
- 使用中樞網路建立虛擬網路對等互連
1.設定您的環境
- Azure 訂用帳戶:如果您沒有 Azure 訂用帳戶,請在開始前建立免費帳戶。
設定 Terraform:如果您尚未這麼做,請使用下列其中一個選項來設定 Terraform:
在 Azure 中使用 Terraform 建立中樞和輪輻混合式網路拓撲。
在 Azure 中使用 Terraform 建立內部部署虛擬網路。
在 Azure 中使用 Terraform 建立中樞虛擬網路。
在 Azure 中使用 Terraform 建立中樞虛擬網路設備。
2.實作 Terraform 程式代碼
本節會建立兩個輪輻腳本。 每個腳本都會定義工作負載的輪輻虛擬網路和虛擬機。 接著會建立從中樞到輪輻的對等互連虛擬網路。
將本系列第一篇文章中建立的範例目錄設為目前目錄。
建立名為
spoke1.tf的檔案,並插入下列程式碼:locals { spoke1-location = "eastus" spoke1-resource-group = "spoke1-vnet-rg" prefix-spoke1 = "spoke1" } resource "azurerm_resource_group" "spoke1-vnet-rg" { name = local.spoke1-resource-group location = local.spoke1-location } resource "azurerm_virtual_network" "spoke1-vnet" { name = "spoke1-vnet" location = azurerm_resource_group.spoke1-vnet-rg.location resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name address_space = ["10.1.0.0/16"] tags = { environment = local.prefix-spoke1 } } resource "azurerm_subnet" "spoke1-mgmt" { name = "mgmt" resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name virtual_network_name = azurerm_virtual_network.spoke1-vnet.name address_prefixes = ["10.1.0.64/27"] } resource "azurerm_subnet" "spoke1-workload" { name = "workload" resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name virtual_network_name = azurerm_virtual_network.spoke1-vnet.name address_prefixes = ["10.1.1.0/24"] } resource "azurerm_virtual_network_peering" "spoke1-hub-peer" { name = "spoke1-hub-peer" resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name virtual_network_name = azurerm_virtual_network.spoke1-vnet.name remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id allow_virtual_network_access = true allow_forwarded_traffic = true allow_gateway_transit = false use_remote_gateways = true depends_on = [azurerm_virtual_network.spoke1-vnet, azurerm_virtual_network.hub-vnet , azurerm_virtual_network_gateway.hub-vnet-gateway] } resource "azurerm_network_interface" "spoke1-nic" { name = "${local.prefix-spoke1}-nic" location = azurerm_resource_group.spoke1-vnet-rg.location resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name enable_ip_forwarding = true ip_configuration { name = local.prefix-spoke1 subnet_id = azurerm_subnet.spoke1-mgmt.id private_ip_address_allocation = "Dynamic" } } resource "azurerm_virtual_machine" "spoke1-vm" { name = "${local.prefix-spoke1}-vm" location = azurerm_resource_group.spoke1-vnet-rg.location resource_group_name = azurerm_resource_group.spoke1-vnet-rg.name network_interface_ids = [azurerm_network_interface.spoke1-nic.id] vm_size = var.vmsize storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" } storage_os_disk { name = "myosdisk1" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" } os_profile { computer_name = "${local.prefix-spoke1}-vm" admin_username = var.username admin_password = var.password } os_profile_linux_config { disable_password_authentication = false } tags = { environment = local.prefix-spoke1 } } resource "azurerm_virtual_network_peering" "hub-spoke1-peer" { name = "hub-spoke1-peer" resource_group_name = azurerm_resource_group.hub-vnet-rg.name virtual_network_name = azurerm_virtual_network.hub-vnet.name remote_virtual_network_id = azurerm_virtual_network.spoke1-vnet.id allow_virtual_network_access = true allow_forwarded_traffic = true allow_gateway_transit = true use_remote_gateways = false depends_on = [azurerm_virtual_network.spoke1-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] }建立名為
spoke2.tf的檔案,並插入下列程式碼:locals { spoke2-location = "eastus" spoke2-resource-group = "spoke2-vnet-rg" prefix-spoke2 = "spoke2" } resource "azurerm_resource_group" "spoke2-vnet-rg" { name = local.spoke2-resource-group location = local.spoke2-location } resource "azurerm_virtual_network" "spoke2-vnet" { name = "${local.prefix-spoke2}-vnet" location = azurerm_resource_group.spoke2-vnet-rg.location resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name address_space = ["10.2.0.0/16"] tags = { environment = local.prefix-spoke2 } } resource "azurerm_subnet" "spoke2-mgmt" { name = "mgmt" resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name virtual_network_name = azurerm_virtual_network.spoke2-vnet.name address_prefixes = ["10.2.0.64/27"] } resource "azurerm_subnet" "spoke2-workload" { name = "workload" resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name virtual_network_name = azurerm_virtual_network.spoke2-vnet.name address_prefixes = ["10.2.1.0/24"] } resource "azurerm_virtual_network_peering" "spoke2-hub-peer" { name = "${local.prefix-spoke2}-hub-peer" resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name virtual_network_name = azurerm_virtual_network.spoke2-vnet.name remote_virtual_network_id = azurerm_virtual_network.hub-vnet.id allow_virtual_network_access = true allow_forwarded_traffic = true allow_gateway_transit = false use_remote_gateways = true depends_on = [azurerm_virtual_network.spoke2-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] } resource "azurerm_network_interface" "spoke2-nic" { name = "${local.prefix-spoke2}-nic" location = azurerm_resource_group.spoke2-vnet-rg.location resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name enable_ip_forwarding = true ip_configuration { name = local.prefix-spoke2 subnet_id = azurerm_subnet.spoke2-mgmt.id private_ip_address_allocation = "Dynamic" } tags = { environment = local.prefix-spoke2 } } resource "azurerm_virtual_machine" "spoke2-vm" { name = "${local.prefix-spoke2}-vm" location = azurerm_resource_group.spoke2-vnet-rg.location resource_group_name = azurerm_resource_group.spoke2-vnet-rg.name network_interface_ids = [azurerm_network_interface.spoke2-nic.id] vm_size = var.vmsize storage_image_reference { publisher = "Canonical" offer = "UbuntuServer" sku = "16.04-LTS" version = "latest" } storage_os_disk { name = "myosdisk1" caching = "ReadWrite" create_option = "FromImage" managed_disk_type = "Standard_LRS" } os_profile { computer_name = "${local.prefix-spoke2}-vm" admin_username = var.username admin_password = var.password } os_profile_linux_config { disable_password_authentication = false } tags = { environment = local.prefix-spoke2 } } resource "azurerm_virtual_network_peering" "hub-spoke2-peer" { name = "hub-spoke2-peer" resource_group_name = azurerm_resource_group.hub-vnet-rg.name virtual_network_name = azurerm_virtual_network.hub-vnet.name remote_virtual_network_id = azurerm_virtual_network.spoke2-vnet.id allow_virtual_network_access = true allow_forwarded_traffic = true allow_gateway_transit = true use_remote_gateways = false depends_on = [azurerm_virtual_network.spoke2-vnet, azurerm_virtual_network.hub-vnet, azurerm_virtual_network_gateway.hub-vnet-gateway] }
對 Azure 上的 Terraform 進行疑難排解
針對在 Azure 上使用 Terraform 時的常見問題進行疑難排解
下一步
意見反應
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:https://aka.ms/ContentUserFeedback。
提交並檢視相關的意見反應