使用 ARM 模板中的访问密钥检索在 Azure 容器上装载 Azure 文件共享
Mount Azure File Share on Azure Container with access key retrieval in ARM Template
我正在使用 ARM 模板创建文件共享和容器实例,我需要将这个创建的文件共享装载到容器中。我有以下模板 -
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_GRS",
"metadata": {
"description": "Storage Account type"
}
},
"storageAccountName": {
"type": "string",
"defaultValue": "[concat('storage', uniquestring(resourceGroup().id))]",
"metadata": {
"description": "Name of the Azure Storage account."
}
},
"sharePrefix": {
"type": "string",
"defaultValue": "files",
"metadata": {
"description": "Specifies the prefix of the file share names."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
.....
},
"variables": {
"ContainerGroupName": "[concat('my-cg',uniquestring(resourceGroup().id))]",
"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
"ContainerName": "my-container"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2019-06-01",
"location": "[parameters('location')]",
"kind": "Storage",
"sku": {
"name": "[parameters('storageAccountType')]"
}
},
{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"apiVersion": "2019-06-01",
"name": "[concat(parameters('storageAccountName'), '/default/', parameters('sharePrefix'))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
]
},
{
"name": "[variables('ContainerGroupName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2018-10-01",
"location": "[parameters('location')]",
"properties": {
"containers": [
{
"name": "[variables('ContainerName')]",
"properties": {
"image": "imageNameinACR",
"resources": {
"requests": {
"memoryInGB": 14,
"cpu": 4
}
},
"volumeMounts": [
{
"name": "filesharevolume",
"mountPath": "/app"
}
]
}
}
],
"imageRegistryCredentials": [
....
],
"restartPolicy": "OnFailure",
"osType": "Linux",
"volumes": [
{
"name": "filesharevolume",
"azureFile": {
"shareName": "[concat(parameters('storageAccountName'), '/default/', parameters('sharePrefix'))]",
"storageAccountName": "[parameters('storageAccountName')]",
"storageAccountKey": "[listKeys(parameters('storageAccountName'), '2019-06-01').keys[0].value]"
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
"[resourceId('Microsoft.Storage/storageAccounts/fileServices/shares', parameters('storageAccountName'), 'default', parameters('sharePrefix'))]"
]
}
],
"outputs": {}
}
但是,这是抛出错误
"error": {
"code": "CannotAccessStorageAccount",
"message": "The Azure storage account 'storage6x2un3wwsta6u' in volume 'filesharevolume' can't be accessed: 'The remote server
returned an error: (400) Bad Request.'. This can be caused by
incorrect Azure storage account key or Azure storage firewalls." }
我也试过 resourceId 来检索秘密,但它会抛出同样的错误。
"storageAccountKey": "[listKeys(variables('storageAccountId'), '2019-06-01').keys[0].value]"
我是否遗漏了模板中的任何内容?我参考了各种示例,这些示例显示了此方法以检索 ARM 模板中的访问密钥。
在容器镜像的 DOCKERFILE 中,我是 运行
运行 MKDIR /App
会不会是挂载路径有问题?我的假设是文件共享将安装在此目录中 - /app/filesharevolume.
我没有看到变量storageAccountId的定义,但是模板函数listkeys确实对资源Id有效。所以我给出了我这边有效的代码:
"storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-06-01').keys[0].value]"
并且如果存储账户与容器组不在同一个资源组中,则可以在获取资源Id时加上存储账户的组名:
"storageAccountKey": "[listKeys(resourceId(variables('resourceGroupName'), 'Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-06-01').keys[0].value]
Here就是例子。
更新:
而且容器组的volumes有问题。您需要将文件共享名称更改为:
"volumes": [
{
"name": "filesharevolume",
"azureFile": {
"shareName": "[parameters('sharePrefix')]",
"storageAccountName": "[parameters('storageAccountName')]",
"storageAccountKey": "[listKeys(parameters('storageAccountName'), '2019-06-01').keys[0].value]"
}
}
]
我正在使用 ARM 模板创建文件共享和容器实例,我需要将这个创建的文件共享装载到容器中。我有以下模板 -
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountType": {
"type": "string",
"defaultValue": "Standard_GRS",
"metadata": {
"description": "Storage Account type"
}
},
"storageAccountName": {
"type": "string",
"defaultValue": "[concat('storage', uniquestring(resourceGroup().id))]",
"metadata": {
"description": "Name of the Azure Storage account."
}
},
"sharePrefix": {
"type": "string",
"defaultValue": "files",
"metadata": {
"description": "Specifies the prefix of the file share names."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
.....
},
"variables": {
"ContainerGroupName": "[concat('my-cg',uniquestring(resourceGroup().id))]",
"storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
"ContainerName": "my-container"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"apiVersion": "2019-06-01",
"location": "[parameters('location')]",
"kind": "Storage",
"sku": {
"name": "[parameters('storageAccountType')]"
}
},
{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"apiVersion": "2019-06-01",
"name": "[concat(parameters('storageAccountName'), '/default/', parameters('sharePrefix'))]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
]
},
{
"name": "[variables('ContainerGroupName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2018-10-01",
"location": "[parameters('location')]",
"properties": {
"containers": [
{
"name": "[variables('ContainerName')]",
"properties": {
"image": "imageNameinACR",
"resources": {
"requests": {
"memoryInGB": 14,
"cpu": 4
}
},
"volumeMounts": [
{
"name": "filesharevolume",
"mountPath": "/app"
}
]
}
}
],
"imageRegistryCredentials": [
....
],
"restartPolicy": "OnFailure",
"osType": "Linux",
"volumes": [
{
"name": "filesharevolume",
"azureFile": {
"shareName": "[concat(parameters('storageAccountName'), '/default/', parameters('sharePrefix'))]",
"storageAccountName": "[parameters('storageAccountName')]",
"storageAccountKey": "[listKeys(parameters('storageAccountName'), '2019-06-01').keys[0].value]"
}
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
"[resourceId('Microsoft.Storage/storageAccounts/fileServices/shares', parameters('storageAccountName'), 'default', parameters('sharePrefix'))]"
]
}
],
"outputs": {}
}
但是,这是抛出错误
"error": { "code": "CannotAccessStorageAccount", "message": "The Azure storage account 'storage6x2un3wwsta6u' in volume 'filesharevolume' can't be accessed: 'The remote server returned an error: (400) Bad Request.'. This can be caused by incorrect Azure storage account key or Azure storage firewalls." }
我也试过 resourceId 来检索秘密,但它会抛出同样的错误。
"storageAccountKey": "[listKeys(variables('storageAccountId'), '2019-06-01').keys[0].value]"
我是否遗漏了模板中的任何内容?我参考了各种示例,这些示例显示了此方法以检索 ARM 模板中的访问密钥。
在容器镜像的 DOCKERFILE 中,我是 运行 运行 MKDIR /App
会不会是挂载路径有问题?我的假设是文件共享将安装在此目录中 - /app/filesharevolume.
我没有看到变量storageAccountId的定义,但是模板函数listkeys确实对资源Id有效。所以我给出了我这边有效的代码:
"storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-06-01').keys[0].value]"
并且如果存储账户与容器组不在同一个资源组中,则可以在获取资源Id时加上存储账户的组名:
"storageAccountKey": "[listKeys(resourceId(variables('resourceGroupName'), 'Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-06-01').keys[0].value]
Here就是例子。
更新:
而且容器组的volumes有问题。您需要将文件共享名称更改为:
"volumes": [
{
"name": "filesharevolume",
"azureFile": {
"shareName": "[parameters('sharePrefix')]",
"storageAccountName": "[parameters('storageAccountName')]",
"storageAccountKey": "[listKeys(parameters('storageAccountName'), '2019-06-01').keys[0].value]"
}
}
]