我正在尝试在azure容器实例中挂载单个文件,在这种情况下,如以下docker映像中所述的ssh主机密钥文件:https://github.com/atmoz/sftp
但是从我的实验中,ARM / Azure CLI seem to only support mounting folders通过Azure容器实例。
如果我尝试挂载为文件,我怀疑它实际上是作为文件夹built in bash appears to miss the fact it already exists挂载,然后在尝试写入文件时出错。
是否有任何未记录的功能可装入单个文件?我希望不需要诉诸自定义docker映像,因为这将破坏我使用现成映像的目标。 :-(
答案 0 :(得分:1)
您可以使用Key Vault挂载文件。如果要使用ARM模板部署ACI容器组,则可以将其与Azure Key Vault实例集成。可以将密钥库“秘密”作为单个文件安装在您选择的目录中。有关更多详细信息,请参考ACI ARM模板参考。
答案 1 :(得分:1)
您可以通过 Azure 容器实例机密来实现。
要么是 azure cli:
az container create \
--resource-group myResourceGroup \
--name secret-volume-demo \
--image mcr.microsoft.com/azuredocs/aci-helloworld \
--secrets id_rsa.pub="<file-content>" \
--secrets-mount-path /home/foo/.ssh/keys
或使用地形:
resource "azurerm_container_group" "aci_container" {
name = ""
resource_group_name = ""
location = ""
ip_address_type = "public"
dns_name_label = "dns_endpoint"
os_type = "Linux"
container {
name = "sftp"
image = "docker.io/atmoz/sftp:alpine-3.7"
cpu = "1"
memory = "0.5"
ports {
port = 22
protocol = "TCP"
}
// option 1: mount key as Azure Container Instances secret volume
volume {
name = "user-pub-key"
mount_path = "/home/foo/.ssh/keys"
secret = {
"id_rsa.pub" = base64encode("<public-key-content>")
}
}
// option 2: mount ssh public key as Azure File share volume
// Note: This option will work for user keys to auth, but not for the host keys
// since atmoz/sftp logic is to change files permission,
// but Azure File share does not support this POSIX feature
volume {
name = "user-pub-key"
mount_path = "/home/foo/.ssh/keys"
read_only = true
share_name = "share-name"
storage_account_name = "storage-account-name"
storage_account_key = "storage-account-key"
}
}
在这两种情况下,您都会有一个包含给定内容的文件 /home/foo/.ssh/keys/id_rsa.pub。