在 Azure 容器实例部署中设置 ENV
Setting ENV in Azure Container Instances Deployment
我尝试按照 https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter#deploy-a-key-vault-and-secret and https://gallery.azure.com/artifact/20161101/microsoft.containerinstances.1.0.8/Artifacts/mainTemplate.json 上的文档自动将 Docker 容器部署到 Azure 资源组。
我能够成功部署我的应用程序,包括从 Vault 中检索加密的秘密。我现在正在努力为我的容器设置 ENV,包括秘密和普通 ENV。尽管在 az container API 中有设置 ENV 的方法,但我在资源组部署 API 的文档中找不到任何内容。如何将 ENV 传递到我的 Azure 容器?
您需要的json模板片段如下(完整模板为here)
"name": "[toLower(parameters('DeploymentName'))]",
"type": "Microsoft.ContainerInstance/containerGroups",
"properties": {
"containers": [
{
"environmentVariables": [
{
"name": "CertificateName",
"value": "[parameters('CertificateName')]"
},
],
您可以查看此处提到的示例:https://github.com/Azure/azure-quickstart-templates/blob/master/101-aci-storage-file-share/azuredeploy.json
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS"
],
"metadata": {
"description": "Storage Account type"
}
},
"storageAccountName": {
"type": "string",
"defaultValue": "[uniquestring(resourceGroup().id)]",
"metadata": {
"description": "Storage Account Name"
}
},
"fileShareName": {
"type": "string",
"metadata": {
"description": "File Share Name"
}
},
"containerInstanceLocation": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"allowedValues": [
"westus",
"eastus",
"westeurope",
"southeastaisa",
"westus2"
],
"metadata": {
"description": "Container Instance Location"
}
}
},
"variables": {
"image": "microsoft/azure-cli",
"cpuCores": "1.0",
"memoryInGb": "1.5",
"containerGroupName":"createshare-containerinstance",
"containerName": "createshare"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2017-10-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "Storage",
"properties": {}
},
{
"name": "[variables('containerGroupName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2018-02-01-preview",
"location": "[parameters('containerInstanceLocation')]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"containers": [
{
"name": "[variables('containerName')]",
"properties": {
"image": "[variables('image')]",
"command": [
"az",
"storage",
"share",
"create",
"--name",
"[parameters('fileShareName')]"
],
"environmentVariables": [
{
"name": "AZURE_STORAGE_KEY",
"value": "[listKeys(parameters('storageAccountName'),'2017-10-01').keys[0].value]"
},
{
"name": "AZURE_STORAGE_ACCOUNT",
"value": "[parameters('storageAccountName')]"
}
],
"resources": {
"requests": {
"cpu": "[variables('cpuCores')]",
"memoryInGb": "[variables('memoryInGb')]"
}
}
}
}
],
"restartPolicy": "OnFailure",
"osType": "Linux"
}
}
]
}
secrets 的推荐方法是 Mount secret volume to your container, because it is using tmpfs,您的秘密只存在于易失性内存中!
注意:在这个 post 时只有基于 Linux 的容器支持它...
我尝试按照 https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter#deploy-a-key-vault-and-secret and https://gallery.azure.com/artifact/20161101/microsoft.containerinstances.1.0.8/Artifacts/mainTemplate.json 上的文档自动将 Docker 容器部署到 Azure 资源组。
我能够成功部署我的应用程序,包括从 Vault 中检索加密的秘密。我现在正在努力为我的容器设置 ENV,包括秘密和普通 ENV。尽管在 az container API 中有设置 ENV 的方法,但我在资源组部署 API 的文档中找不到任何内容。如何将 ENV 传递到我的 Azure 容器?
您需要的json模板片段如下(完整模板为here)
"name": "[toLower(parameters('DeploymentName'))]",
"type": "Microsoft.ContainerInstance/containerGroups",
"properties": {
"containers": [
{
"environmentVariables": [
{
"name": "CertificateName",
"value": "[parameters('CertificateName')]"
},
],
您可以查看此处提到的示例:https://github.com/Azure/azure-quickstart-templates/blob/master/101-aci-storage-file-share/azuredeploy.json
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_LRS",
"allowedValues": [
"Standard_LRS",
"Standard_GRS",
"Standard_ZRS"
],
"metadata": {
"description": "Storage Account type"
}
},
"storageAccountName": {
"type": "string",
"defaultValue": "[uniquestring(resourceGroup().id)]",
"metadata": {
"description": "Storage Account Name"
}
},
"fileShareName": {
"type": "string",
"metadata": {
"description": "File Share Name"
}
},
"containerInstanceLocation": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"allowedValues": [
"westus",
"eastus",
"westeurope",
"southeastaisa",
"westus2"
],
"metadata": {
"description": "Container Instance Location"
}
}
},
"variables": {
"image": "microsoft/azure-cli",
"cpuCores": "1.0",
"memoryInGb": "1.5",
"containerGroupName":"createshare-containerinstance",
"containerName": "createshare"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2017-10-01",
"location": "[resourceGroup().location]",
"sku": {
"name": "[parameters('storageAccountType')]"
},
"kind": "Storage",
"properties": {}
},
{
"name": "[variables('containerGroupName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2018-02-01-preview",
"location": "[parameters('containerInstanceLocation')]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"containers": [
{
"name": "[variables('containerName')]",
"properties": {
"image": "[variables('image')]",
"command": [
"az",
"storage",
"share",
"create",
"--name",
"[parameters('fileShareName')]"
],
"environmentVariables": [
{
"name": "AZURE_STORAGE_KEY",
"value": "[listKeys(parameters('storageAccountName'),'2017-10-01').keys[0].value]"
},
{
"name": "AZURE_STORAGE_ACCOUNT",
"value": "[parameters('storageAccountName')]"
}
],
"resources": {
"requests": {
"cpu": "[variables('cpuCores')]",
"memoryInGb": "[variables('memoryInGb')]"
}
}
}
}
],
"restartPolicy": "OnFailure",
"osType": "Linux"
}
}
]
}
secrets 的推荐方法是 Mount secret volume to your container, because it is using tmpfs,您的秘密只存在于易失性内存中! 注意:在这个 post 时只有基于 Linux 的容器支持它...