无法在启用专用端点的情况下从 ACR 在 WebApp 中拉取图像
Cannot pull image in WebApp from ACR with private endpoint enabled
我有一个 azure webapp Container 和 azure container registry
该应用已启动,并且可以在未启用安全性(专用端点)时从 acr 中提取图像
如果我在 Web 应用程序中启用专用终结点,Web 应用程序无法从 ACR 中提取图像
这是来自 Azure DevOps 的日志
2021-06-28T07:37:06.7931299Z Single-container Deployment to the webapp 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' as only the image detail was specified.
2021-06-28T07:37:07.0710385Z Trying to update App Service Configuration settings. Data: {"appCommandLine":null,"linuxFxVersion":"DOCKER|XXXXXXXXXXXXXXX.azurecr.io/XXXXXXXXXXXXXX:976"}
2021-06-28T07:37:14.0740862Z Updated App Service Configuration settings.
2021-06-28T07:37:14.0742609Z Restarting App Service: XXXXXXXXXXXXXXXXXXX
2021-06-28T07:37:14.3232789Z App Service 'XXXXXXXXXXXXXXXXXXXX' restarted successfully.
2021-06-28T07:37:15.3657905Z ##[warning]Error: Failed to update deployment history. Error: Ip Forbidden (CODE: 403)
2021-06-28T07:37:15.7454935Z App Service Application URL: https://XXXXXXXXXXXXXXXXXXXXXXXXXXX
2021-06-28T07:37:15.7532798Z ##[section]Finishing: Azure Web App on Container Deploy: XXXXXXXXXXXXXXXXXXXXXXXXXXXX
在 Azure 门户的日志中,Web 应用程序看起来将 ACR 注册表视为 Docker 中心:
2021-06-28T08:06:54.100Z INFO - Pulling image from Docker hub: XXXXXXXXXXXXXXXXXXXXX
2021-06-28T08:06:54.201Z ERROR - DockerApiException: Docker API responded with status code=InternalServerError, response={"message":"Get https://XXXXXXXXXXXXXXXXXXXXXXXXXXX/v2/XXXXXXXXXXXXX/manifests/976: unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information."}
2021-06-28T08:06:54.203Z ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
2021-06-28T08:06:54.205Z INFO - Stopping site XXXXXXXXXXXXXXXXXXXXXX because it failed during startup.
这是我的 AzureDevops 步骤:
有解决办法吗?
问题是您没有从 ACR 中拉取镜像的权限。 ACR 是一个私有注册中心,因此您需要为 Web App 设置 ACR 的凭证。用于容器的 Azure Web App 使用环境变量来设置私有注册表的凭据。 Here 是 ACR 的变量:
- DOCKER_REGISTRY_SERVER_USERNAME - ACR 服务器的用户名。
- DOCKER_REGISTRY_SERVER_URL - 完整的 URL 到 ACR 服务器。 (为了
例如,https://my-server.azurecr.io.)
- DOCKER_REGISTRY_SERVER_PASSWORD - ACR 服务器的密码。
在 DevOps 中,您可以像这样设置变量:
我有一个 azure webapp Container 和 azure container registry
该应用已启动,并且可以在未启用安全性(专用端点)时从 acr 中提取图像
如果我在 Web 应用程序中启用专用终结点,Web 应用程序无法从 ACR 中提取图像
这是来自 Azure DevOps 的日志
2021-06-28T07:37:06.7931299Z Single-container Deployment to the webapp 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' as only the image detail was specified.
2021-06-28T07:37:07.0710385Z Trying to update App Service Configuration settings. Data: {"appCommandLine":null,"linuxFxVersion":"DOCKER|XXXXXXXXXXXXXXX.azurecr.io/XXXXXXXXXXXXXX:976"}
2021-06-28T07:37:14.0740862Z Updated App Service Configuration settings.
2021-06-28T07:37:14.0742609Z Restarting App Service: XXXXXXXXXXXXXXXXXXX
2021-06-28T07:37:14.3232789Z App Service 'XXXXXXXXXXXXXXXXXXXX' restarted successfully.
2021-06-28T07:37:15.3657905Z ##[warning]Error: Failed to update deployment history. Error: Ip Forbidden (CODE: 403)
2021-06-28T07:37:15.7454935Z App Service Application URL: https://XXXXXXXXXXXXXXXXXXXXXXXXXXX
2021-06-28T07:37:15.7532798Z ##[section]Finishing: Azure Web App on Container Deploy: XXXXXXXXXXXXXXXXXXXXXXXXXXXX
在 Azure 门户的日志中,Web 应用程序看起来将 ACR 注册表视为 Docker 中心:
2021-06-28T08:06:54.100Z INFO - Pulling image from Docker hub: XXXXXXXXXXXXXXXXXXXXX
2021-06-28T08:06:54.201Z ERROR - DockerApiException: Docker API responded with status code=InternalServerError, response={"message":"Get https://XXXXXXXXXXXXXXXXXXXXXXXXXXX/v2/XXXXXXXXXXXXX/manifests/976: unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information."}
2021-06-28T08:06:54.203Z ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
2021-06-28T08:06:54.205Z INFO - Stopping site XXXXXXXXXXXXXXXXXXXXXX because it failed during startup.
这是我的 AzureDevops 步骤:
有解决办法吗?
问题是您没有从 ACR 中拉取镜像的权限。 ACR 是一个私有注册中心,因此您需要为 Web App 设置 ACR 的凭证。用于容器的 Azure Web App 使用环境变量来设置私有注册表的凭据。 Here 是 ACR 的变量:
- DOCKER_REGISTRY_SERVER_USERNAME - ACR 服务器的用户名。
- DOCKER_REGISTRY_SERVER_URL - 完整的 URL 到 ACR 服务器。 (为了 例如,https://my-server.azurecr.io.)
- DOCKER_REGISTRY_SERVER_PASSWORD - ACR 服务器的密码。
在 DevOps 中,您可以像这样设置变量: