在 Azure 容器实例中装载单个文件?
Mount an individual file in Azure Container Instances?
我正在尝试在 Azure 容器实例中装载单个文件,在本例中为 ssh 主机密钥文件,如此 docker 图片中所述:https://github.com/atmoz/sftp
然而,根据我通过 ARM / Azure CLI seem to only support mounting folders.
进行的 Azure 容器实例实验
如果我尝试作为文件挂载,我怀疑它实际上是作为文件夹挂载,如 built in bash appears to miss the fact it already exists,然后在尝试写入时出错。
是否有任何未记录的功能来装载单个文件?我希望不需要求助于自定义 docker 图像,因为它会打败我使用现成图像的 objective。 :-(
您可以使用 Key Vault 装载文件。如果使用 ARM 模板部署 ACI 容器组,则可以将其与 Azure Key Vault 实例集成。可以将密钥保管库“秘密”作为单个文件安装在您选择的目录中。有关详细信息,请参阅 ACI ARM 模板参考。
您可以通过 Azure 容器实例机密来完成。
要么 azure cli:
az container create \
--resource-group myResourceGroup \
--name secret-volume-demo \
--image mcr.microsoft.com/azuredocs/aci-helloworld \
--secrets id_rsa.pub="<file-content>" \
--secrets-mount-path /home/foo/.ssh/keys
或使用地形:
resource "azurerm_container_group" "aci_container" {
name = ""
resource_group_name = ""
location = ""
ip_address_type = "public"
dns_name_label = "dns_endpoint"
os_type = "Linux"
container {
name = "sftp"
image = "docker.io/atmoz/sftp:alpine-3.7"
cpu = "1"
memory = "0.5"
ports {
port = 22
protocol = "TCP"
}
// option 1: mount key as Azure Container Instances secret volume
volume {
name = "user-pub-key"
mount_path = "/home/foo/.ssh/keys"
secret = {
"id_rsa.pub" = base64encode("<public-key-content>")
}
}
// option 2: mount ssh public key as Azure File share volume
// Note: This option will work for user keys to auth, but not for the host keys
// since atmoz/sftp logic is to change files permission,
// but Azure File share does not support this POSIX feature
volume {
name = "user-pub-key"
mount_path = "/home/foo/.ssh/keys"
read_only = true
share_name = "share-name"
storage_account_name = "storage-account-name"
storage_account_key = "storage-account-key"
}
}
在这两种情况下,您都会得到一个包含给定内容的文件 /home/foo/.ssh/keys/id_rsa.pub。
我正在尝试在 Azure 容器实例中装载单个文件,在本例中为 ssh 主机密钥文件,如此 docker 图片中所述:https://github.com/atmoz/sftp
然而,根据我通过 ARM / Azure CLI seem to only support mounting folders.
进行的 Azure 容器实例实验如果我尝试作为文件挂载,我怀疑它实际上是作为文件夹挂载,如 built in bash appears to miss the fact it already exists,然后在尝试写入时出错。
是否有任何未记录的功能来装载单个文件?我希望不需要求助于自定义 docker 图像,因为它会打败我使用现成图像的 objective。 :-(
您可以使用 Key Vault 装载文件。如果使用 ARM 模板部署 ACI 容器组,则可以将其与 Azure Key Vault 实例集成。可以将密钥保管库“秘密”作为单个文件安装在您选择的目录中。有关详细信息,请参阅 ACI ARM 模板参考。
您可以通过 Azure 容器实例机密来完成。
要么 azure cli:
az container create \
--resource-group myResourceGroup \
--name secret-volume-demo \
--image mcr.microsoft.com/azuredocs/aci-helloworld \
--secrets id_rsa.pub="<file-content>" \
--secrets-mount-path /home/foo/.ssh/keys
或使用地形:
resource "azurerm_container_group" "aci_container" {
name = ""
resource_group_name = ""
location = ""
ip_address_type = "public"
dns_name_label = "dns_endpoint"
os_type = "Linux"
container {
name = "sftp"
image = "docker.io/atmoz/sftp:alpine-3.7"
cpu = "1"
memory = "0.5"
ports {
port = 22
protocol = "TCP"
}
// option 1: mount key as Azure Container Instances secret volume
volume {
name = "user-pub-key"
mount_path = "/home/foo/.ssh/keys"
secret = {
"id_rsa.pub" = base64encode("<public-key-content>")
}
}
// option 2: mount ssh public key as Azure File share volume
// Note: This option will work for user keys to auth, but not for the host keys
// since atmoz/sftp logic is to change files permission,
// but Azure File share does not support this POSIX feature
volume {
name = "user-pub-key"
mount_path = "/home/foo/.ssh/keys"
read_only = true
share_name = "share-name"
storage_account_name = "storage-account-name"
storage_account_key = "storage-account-key"
}
}
在这两种情况下,您都会得到一个包含给定内容的文件 /home/foo/.ssh/keys/id_rsa.pub。