如何解决使用 ARM 模板中的访问密钥检索在 Azure 容器上挂载 Azure 文件共享
我正在使用 ARM 模板创建文件共享和容器实例,我需要将此创建的文件共享挂载到容器。我有以下模板 -
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json","contentVersion": "1.0.0.0","parameters": {
"storageAccountType": {
"type": "string","defaultValue": "Standard_GRS","Metadata": {
"description": "Storage Account type"
}
},"storageAccountName": {
"type": "string","defaultValue": "[concat('storage',uniquestring(resourceGroup().id))]","Metadata": {
"description": "Name of the Azure Storage account."
}
},"sharePrefix": {
"type": "string","defaultValue": "files","Metadata": {
"description": "Specifies the prefix of the file share names."
}
},"location": {
"type": "string","defaultValue": "[resourceGroup().location]","Metadata": {
"description": "Location for all resources."
}
},.....
},"variables": {
"ContainerGroupName": "[concat('my-cg',"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts',parameters('storageAccountName'))]","ContainerName": "my-container"
},"resources": [
{
"type": "Microsoft.Storage/storageAccounts","name": "[parameters('storageAccountName')]","apiVersion": "2019-06-01","location": "[parameters('location')]","kind": "Storage","sku": {
"name": "[parameters('storageAccountType')]"
}
},{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares","name": "[concat(parameters('storageAccountName'),'/default/',parameters('sharePrefix'))]","dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts',parameters('storageAccountName'))]"
]
},{
"name": "[variables('ContainerGroupName')]","type": "Microsoft.ContainerInstance/containerGroups","apiVersion": "2018-10-01","properties": {
"containers": [
{
"name": "[variables('ContainerName')]","properties": {
"image": "imageNameinACR","resources": {
"requests": {
"memoryInGB": 14,"cpu": 4
}
},"volumeMounts": [
{
"name": "filesharevolume","mountPath": "/app"
}
]
}
}
],"imageRegistryCredentials": [
....
],"restartPolicy": "OnFailure","osType": "Linux","volumes": [
{
"name": "filesharevolume","azureFile": {
"shareName": "[concat(parameters('storageAccountName'),"storageAccountName": "[parameters('storageAccountName')]","storageAccountKey": "[listKeys(parameters('storageAccountName'),'2019-06-01').keys[0].value]"
}
}
]
},"[resourceId('Microsoft.Storage/storageAccounts/fileServices/shares',parameters('storageAccountName'),'default',parameters('sharePrefix'))]"
]
}
],"outputs": {}
}
然而,这是抛出错误
“错误”:{ "code": "CannotAccessstorageAccount","message": "无法访问卷 'filesharevolume' 中的 Azure 存储帐户 'storage6x2un3wwsta6u': '远程服务器 返回错误:(400) 错误请求。'。这可能是由 Azure 存储帐户密钥或 Azure 存储防火墙不正确。" }
我也尝试过使用 resourceId 来检索如下所示的秘密,但它抛出了同样的错误。
"storageAccountKey": "[listKeys(variables('storageAccountId'),'2019-06-01').keys[0].value]"
我是否遗漏了模板中的任何内容?我参考了各种示例,这些示例展示了在 ARM 模板中检索访问密钥的方法。
在我的容器映像的 DOCKERFILE 中,我正在运行 运行 MKDIR /App
会不会是挂载路径有问题?我的假设是文件共享将安装在此目录中 - /app/filesharevolume。
解决方法
我没有看到变量 storageAccountId
的定义,但是模板函数 listkeys
确实与资源 Id 一起工作。所以我给出了对我有用的代码:
"storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts',variables('storageAccountName')),'2019-06-01').keys[0].value]"
并且如果存储账户和容器组不在同一个资源组,那么在获取资源Id时可以添加存储账户的组名:
"storageAccountKey": "[listKeys(resourceId(variables('resourceGroupName'),'Microsoft.Storage/storageAccounts','2019-06-01').keys[0].value]
Here 就是例子。
更新:
而且容器组的volumes
有问题。您需要将文件共享名称更改为:
"volumes": [
{
"name": "filesharevolume","azureFile": {
"shareName": "[parameters('sharePrefix')]","storageAccountName": "[parameters('storageAccountName')]","storageAccountKey": "[listKeys(parameters('storageAccountName'),'2019-06-01').keys[0].value]"
}
}
]
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。