我现在遇到了一个奇怪的问题。我有一个通过terraform部署的应用网关。如果我尝试在前端和后端都添加端口443,terraform计划显示它将删除端口80的前端和后端,然后在添加443的沿着重新创建端口80。
~ resource "azurerm_application_gateway" "xyz" {
id = "xyz"
name = "xyz"
tags = {
"BusinessUnit" = "ehs"
"LineOfBusiness" = "corp"
}
# (8 unchanged attributes hidden)
- backend_http_settings {
- cookie_based_affinity = "Disabled" -> null
- id = "xyz" -> null
- name = "xyz" -> null
- path = "/path1/" -> null
- pick_host_name_from_backend_address = false -> null
- port = 80 -> null
- protocol = "Http" -> null
- request_timeout = 60 -> null
- trusted_root_certificate_names = [] -> null
}
+ backend_http_settings {
+ cookie_based_affinity = "Disabled"
+ host_name = "xyz"
+ id = (known after apply)
+ name = "xyz"
+ path = "/path1/"
+ pick_host_name_from_backend_address = false
+ port = 443
+ probe_id = (known after apply)
+ protocol = "Https"
+ request_timeout = 60
+ trusted_root_certificate_names = [
+ "irmscer",
]
}
+ backend_http_settings {
+ cookie_based_affinity = "Disabled"
+ id = "xyz"
+ name = "xyz"
+ path = "/path1/"
+ pick_host_name_from_backend_address = false
+ port = 80
+ protocol = "Http"
+ request_timeout = 60
+ trusted_root_certificate_names = []
}
+ frontend_port {
+ id = (known after apply)
+ name = "xyz"
+ port = 443
}如何解决这个问题呢?我并没有指定地形使用特定的版本
这是地形后端
terraform {
backend "azurerm" {
storage_account_name = "xyz"
resource_group_name = "xyz"
container_name = "appgw"
tenant_id = "xyz"
subscription_id = "xyz"
key = "xyz"
}
}
provider "azurerm" {
features {}
}
2条答案
按热度按时间11dmarpk1#
它不是重新创建整个应用程序网关。它是重新创建端口80和443的设置,这是正常的。这是正常的行为,不是一个问题。可能是,Terraform在未来的版本中解决了这类问题。
bwleehnv2#
backend_http_settings协议不会侦听port 443,并且端口不支持backend pools。因此,您无法更改后端的端口,唯一受支持的端口是
80。对于
front end configuration,如果要将任何现有侦听器端口添加到以前的端口80,则必须再添加一个frontend port块,以便它考虑两个端口并侦听我们提供的特定端口。首先,使用侦听器端口80部署应用程序网关:
terraform init:更新端口后
terraform plan显示输出如下:terraform apply:更改部署成功,您可以通过转到已部署的
application_gateway资源***下的Activity Log来跟踪change analysis***: