多容器 Azure WebApp 无法与托管身份一起使用
Multicontainer Azure WebApp not working with Managed Identity
Scenario/repro
我有多容器(教程 here)Azure Web 应用程序。我将系统分配的标识分配给了我的网络应用程序。我的 docker compose 中有两个容器:
- 网络核心WebApi容器
- 防病毒 ClamAv 容器
一切正常(我的 API 正在使用防病毒软件扫描文件),直到我为 Azure 资源添加具有托管身份的密钥保管库配置提供程序 (link)。这与我在 linux.
上的标准 Web 应用程序完美配合
// Program.cs
.ConfigureAppConfiguration((context, config) =>
{
if (context.HostingEnvironment.IsProduction())
{
var builtConfig = config.Build();
var secretClient = new SecretClient(new Uri($"https://{builtConfig["KeyVaultName"]}.vault.azure.net/"),
new DefaultAzureCredential());
config.AddAzureKeyVault(secretClient, new KeyVaultSecretManager());
}
})
问题
我的 API returns 503 状态码。
看来我需要做一些额外的配置才能使其与 Docker compose 一起使用。
EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
2021-06-14T11:42:46.912167603Z - ManagedIdentityCredential authentication unavailable. No Managed Identity endpoint found.
2021-06-14T11:42:46.912175503Z - Operating system Linux 5.4.0-1031-azure #32~18.04.1-Ubuntu SMP Tue Oct 6 10:03:22 UTC 2020 isn't supported.
2021-06-14T11:42:46.912183204Z - Stored credentials not found. Need to authenticate user in VSCode Azure Account.
2021-06-14T11:42:46.912190304Z - Azure CLI not installed
2021-06-14T11:42:46.912197204Z - PowerShell is not installed.
2021-06-14T11:42:46.912205004Z ---> System.AggregateException: Multiple exceptions were encountered
...
Azure.Identity.CredentialUnavailableException: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
...
Azure.Identity.CredentialUnavailableException: Operating system Linux 5.4.0-1031-azure #32~18.04.1-Ubuntu SMP Tue Oct 6 10:03:22 UTC 2020 isn't supported.
似乎不完全支持此功能。知道如何在这种情况下使用密钥保管库提供商吗?
Scenario/repro
我有多容器(教程 here)Azure Web 应用程序。我将系统分配的标识分配给了我的网络应用程序。我的 docker compose 中有两个容器:
- 网络核心WebApi容器
- 防病毒 ClamAv 容器
一切正常(我的 API 正在使用防病毒软件扫描文件),直到我为 Azure 资源添加具有托管身份的密钥保管库配置提供程序 (link)。这与我在 linux.
上的标准 Web 应用程序完美配合// Program.cs
.ConfigureAppConfiguration((context, config) =>
{
if (context.HostingEnvironment.IsProduction())
{
var builtConfig = config.Build();
var secretClient = new SecretClient(new Uri($"https://{builtConfig["KeyVaultName"]}.vault.azure.net/"),
new DefaultAzureCredential());
config.AddAzureKeyVault(secretClient, new KeyVaultSecretManager());
}
})
问题 我的 API returns 503 状态码。 看来我需要做一些额外的配置才能使其与 Docker compose 一起使用。
EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
2021-06-14T11:42:46.912167603Z - ManagedIdentityCredential authentication unavailable. No Managed Identity endpoint found.
2021-06-14T11:42:46.912175503Z - Operating system Linux 5.4.0-1031-azure #32~18.04.1-Ubuntu SMP Tue Oct 6 10:03:22 UTC 2020 isn't supported.
2021-06-14T11:42:46.912183204Z - Stored credentials not found. Need to authenticate user in VSCode Azure Account.
2021-06-14T11:42:46.912190304Z - Azure CLI not installed
2021-06-14T11:42:46.912197204Z - PowerShell is not installed.
2021-06-14T11:42:46.912205004Z ---> System.AggregateException: Multiple exceptions were encountered
...
Azure.Identity.CredentialUnavailableException: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
...
Azure.Identity.CredentialUnavailableException: Operating system Linux 5.4.0-1031-azure #32~18.04.1-Ubuntu SMP Tue Oct 6 10:03:22 UTC 2020 isn't supported.
似乎不完全支持此功能。知道如何在这种情况下使用密钥保管库提供商吗?