![](/img/trans.png)
[英]How can I use a SystemAssigned identity when pulling an image from Azure Container Registry into Azure Container Instances?
[英]How to issue a CLI command (or make use of Azure SDK) from an Azure Docker Container at startup
我需要发出以下命令或完成 Azure SDK 和 C# 的等效命令。
az network private-dns record-set a update --name <name> -g <resource-group> -z <zone-name> --set aRecords[0].ipv4Address=$(hostname -i)
每次 ACI 启动时(无论出于何种原因)我都需要这样做,以便专用 DNS 区域具有 ACI 的当前 IP 地址(因为专用 IP 可以更改),它将在同一个 VNet 中运行。
我看到了几种可能的解决方案,但我都不熟悉,无法实施。
感谢有关如何完成这些解决方案之一的任何详细信息。
这是我的问题的解决方案,包括 Microsoft 建议的链接。
这个 YAML 文件使用 init 容器来运行一些 Azure 命令,包括使用服务主体登录,以及创建和更新私有 DNS 区域条目,以便容器可以使用 DNS 而不是 IP 相互调用 HTTP 地址(这可以更改) .
YAML 档案:
location: centralus
name: dns-zone-test-a
properties:
initContainers:
- name: inita
properties:
image: mcr.microsoft.com/azure-cli:latest
# redirection of output to a file for these commands is optional...a nice to have to confirm what's working
command: ['/bin/sh', '-c', 'az login --service-principal -u $SP_APPID -p $SP_PASSWORD --tenant $SP_TENANT > /scripts/outsp_a.txt;
az container show -n $ACI_NAME -g $RG --query ''ipAddress.ip'' -o tsv > /scripts/swac_a.txt;
my_private_ip=$(az container show -n $ACI_NAME -g $RG --query ''ipAddress.ip'' -o tsv);
az network private-dns record-set a create -n $HOSTNAME -z $DNS_ZONE_NAME -g $RG > /scripts/crzone_a.txt;
az network private-dns record-set a add-record --record-set-name $HOSTNAME -z $DNS_ZONE_NAME -g $RG -a $my_private_ip > /scripts/addzone_a.txt;']
environmentVariables:
- name: RG
value: myResourceGroup
- name: SP_APPID # service principal with the permissions to update private DNS zone
value: 5xxxxxxxxxxxxxx
- name: SP_PASSWORD # service principal password
secureValue: byyyyyyyyyyyyyyy
- name: SP_TENANT
value: bzzzzzzzzzzzzzzzzzz
- name: DNS_ZONE_NAME
value: dns-zone-mine.com
- name: HOSTNAME
value: dns-zone-test-a
- name: ACI_NAME
value: dns-zone-test-a
volumeMounts: # needed only if redirecting the output from the commands above to a file
- name: initscript
mountPath: /scripts/
containers: # any docker container you want
- name: cab-a
properties:
image: MyRegistry.azurecr.io/contest1:latest
ports:
- port: 80
protocol: TCP
resources:
requests:
cpu: 1.0
memoryInGB: 1.5
imageRegistryCredentials: # Credentials to pull a private image
- server: MyRegistry.azurecr.io
username: MyUserRegistry
password: 5xxxxxxxxxxxxx
volumes: # only needed if redirecting the output from the commands above to a file
- name: initscript
azureFile:
readOnly: false
shareName: initscript
storageAccountName: myStorage
storageAccountKey: zzzzzzzzzzzzzzzzzzzzzzzzzzz
ipAddress:
ports:
- port: 80
protocol: TCP
type: private
osType: Linux
subnetIds:
- id: /subscriptions/xxxxyyyyyzzzzz/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVNet/subnets/MyTestSubnet
name: default
# dnsConfig: # DNS configuration for container group: not needed likely for this test, and may interfere with private DNS zone usage
# nameServers:
# - 192.168.1.44
tags: null
type: Microsoft.ContainerInstance/containerGroups
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.