在terraform中，是否存在与gcloud计算实例创建与容器命令相同的内容？

Question

我正在尝试在Google中创建一个VM，它自动运行我上传到的容器(如这里所描述的作品)。

这个

gcloud compute instances create-with-container [INSTANCE_NAME] \
     --container-image [DOCKER_IMAGE]

到目前为止还在工作，但我在Terraform没有看到任何类似的东西。

据我所见，google_compute_image对我没有帮助。

Answer 1

我使用造地器来反转运行Nginx容器的计算引擎实例instance-container。

这是结果terraform文件

resource "google_compute_instance" "tfer--instance-002D-container" {
  boot_disk {
    auto_delete = "true"
    device_name = "instance-container"

    initialize_params {
      image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-stable-80-12739-91-0"
      size  = "10"
      type  = "pd-standard"
    }

    mode   = "READ_WRITE"
    source = "https://www.googleapis.com/compute/v1/projects/your-project-id/zones/asia-east1-b/disks/instance-container"
  }

  can_ip_forward      = "false"
  deletion_protection = "false"
  enable_display      = "false"

  labels = {
    container-vm = "cos-stable-80-12739-91-0"
  }

  machine_type = "g1-small"

  metadata = {
    gce-container-declaration = "spec:\n  containers:\n    - name: instance-container\n      image: nginx\n      stdin: false\n      tty: false\n  restartPolicy: Always\n\n# This container declaration format is not public API and may change without notice. Please\n# use gcloud command-line tool or Google Cloud Console to run Containers on Google Compute Engine."
    google-logging-enabled    = "true"
  }

  name = "instance-container"

  network_interface {
    access_config {
      nat_ip       = "104.199.164.22"
      network_tier = "PREMIUM"
    }

    name               = "nic0"
    network            = "https://www.googleapis.com/compute/v1/projects/your-project-id/global/networks/default"
    network_ip         = "10.140.15.223"
    subnetwork         = "https://www.googleapis.com/compute/v1/projects/your-project-id/regions/asia-east1/subnetworks/default"
    subnetwork_project = "your-project-id"
  }

  project = "your-project-id"

  scheduling {
    automatic_restart   = "true"
    on_host_maintenance = "MIGRATE"
    preemptible         = "false"
  }

  service_account {
    email  = "your-project-id-compute@developer.gserviceaccount.com"
    scopes = ["https://www.googleapis.com/auth/monitoring.write", "https://www.googleapis.com/auth/service.management.readonly", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/servicecontrol", "https://www.googleapis.com/auth/trace.append", "https://www.googleapis.com/auth/devstorage.read_only"]
  }

  shielded_instance_config {
    enable_integrity_monitoring = "true"
    enable_secure_boot          = "false"
    enable_vtpm                 = "true"
  }

  zone = "asia-east1-b"
}

与普通实例资源相比，它似乎依赖于元数据gce-container-declaration和labels来完成这项工作。

然而，正如元数据中的评论所指出的，

此容器声明格式不是公共API，可在未通知的情况下更改。 请使用gcloud命令行工具或gcloud控制台在上运行容器。

在Terraform平台提供商解决问题之前，此时使用gcloud命令更可靠。