Question

我尝试按照https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter#deploy-a-key-vault-and-secret和https://gallery.azure.com/artifact/20161101/microsoft.containerinstances.1.0.8/Artifacts/mainTemplate.json上的文档自动将Docker容器部署到Azure资源组。

我能够成功部署我的应用程序，包括从Vault检索加密的秘密。我现在正努力为我的容器设置ENV，包括秘密和正常的ENV。即使有一种方法可以在az container API中设置ENV，但我在资源组部署API的文档中找不到任何内容。如何将ENV传递给我的Azure容器？

Answer 1

您需要的json模板片段如下（完整模板为here）

"name": "[toLower(parameters('DeploymentName'))]",
"type": "Microsoft.ContainerInstance/containerGroups",
"properties": {
    "containers": [
        {

            "environmentVariables": [
                {
                    "name": "CertificateName",
                    "value": "[parameters('CertificateName')]"
                },
            ],

Answer 2

您可以查看此处提到的示例：https://github.com/Azure/azure-quickstart-templates/blob/master/101-aci-storage-file-share/azuredeploy.json

 "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

    "contentVersion": "1.0.0.0",

    "parameters": {

        "storageAccountType": {

            "type": "string",

            "defaultValue": "Standard_LRS",

            "allowedValues": [

                "Standard_LRS",

                "Standard_GRS",

                "Standard_ZRS"

            ],

            "metadata": {

                "description": "Storage Account type"

            }

        },

        "storageAccountName": {

            "type": "string",

            "defaultValue": "[uniquestring(resourceGroup().id)]",

            "metadata": {

                "description": "Storage Account Name"

            }

        },

        "fileShareName": {

            "type": "string",

            "metadata": {

                "description": "File Share Name"

            }

        },

        "containerInstanceLocation": {

            "type": "string",

            "defaultValue": "[resourceGroup().location]",

            "allowedValues": [

                "westus",

                "eastus",

                "westeurope",

                "southeastaisa",

                "westus2"

            ],

            "metadata": {

                "description": "Container Instance Location"

            }

        }

    },

    "variables": {

        "image": "microsoft/azure-cli",

        "cpuCores": "1.0",

        "memoryInGb": "1.5",

        "containerGroupName":"createshare-containerinstance",

        "containerName": "createshare"

    },

    "resources": [

        {

            "type": "Microsoft.Storage/storageAccounts",

            "name": "[parameters('storageAccountName')]",

            "apiVersion": "2017-10-01",

            "location": "[resourceGroup().location]",

            "sku": {

                "name": "[parameters('storageAccountType')]"

            },

            "kind": "Storage",

            "properties": {}

        },

        {

            "name": "[variables('containerGroupName')]",

            "type": "Microsoft.ContainerInstance/containerGroups",

            "apiVersion": "2018-02-01-preview",

            "location": "[parameters('containerInstanceLocation')]",

            "dependsOn": [

                "[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"

              ],

            "properties": {

                "containers": [

                    {

                        "name": "[variables('containerName')]",

                        "properties": {

                            "image": "[variables('image')]",

                            "command": [

                                "az",

                                "storage",

                                "share",

                                "create",

                                "--name",

                                "[parameters('fileShareName')]"

                            ],

                            "environmentVariables": [

                                {

                                    "name": "AZURE_STORAGE_KEY",

                                    "value": "[listKeys(parameters('storageAccountName'),'2017-10-01').keys[0].value]"

                                },

                                {

                                    "name": "AZURE_STORAGE_ACCOUNT",

                                    "value": "[parameters('storageAccountName')]"

                                }

                            ],

                            "resources": {

                                "requests": {

                                    "cpu": "[variables('cpuCores')]",

                                    "memoryInGb": "[variables('memoryInGb')]"

                                }

                            }

                        }

                    }

                ],

                "restartPolicy": "OnFailure",

                "osType": "Linux"

            }

        }

    ]

}

Answer 3

推荐的秘密方法是Mount secret volume到您的容器，因为它正在使用tmpfs，并且您的秘密仅存在于易失性存储器中！注意：在撰写本文时，仅基于Linux的容器支持它...

在Azure容器实例部署中设置ENV

3 个答案: