0

我正在使用 ARM 模板创建文件共享和容器实例,我需要将此创建的文件共享挂载到容器中。我有以下模板 -

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "storageAccountType": {
      "type": "string",
      "defaultValue": "Standard_GRS",
      "metadata": {
        "description": "Storage Account type"
      }
    },
    "storageAccountName": {
      "type": "string",
      "defaultValue": "[concat('storage', uniquestring(resourceGroup().id))]",
      "metadata": {
        "description": "Name of the Azure Storage account."
      }
    },
    "sharePrefix": {
      "type": "string",
      "defaultValue": "files",
      "metadata": {
        "description": "Specifies the prefix of the file share names."
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Location for all resources."
      }
    },
    .....
  },
  "variables": {
    "ContainerGroupName": "[concat('my-cg',uniquestring(resourceGroup().id))]",
    "storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
    "ContainerName": "my-container"
  },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "name": "[parameters('storageAccountName')]",
      "apiVersion": "2019-06-01",
      "location": "[parameters('location')]",
      "kind": "Storage",
      "sku": {
        "name": "[parameters('storageAccountType')]"
      }
    },
    {
      "type": "Microsoft.Storage/storageAccounts/fileServices/shares",
      "apiVersion": "2019-06-01",
      "name": "[concat(parameters('storageAccountName'), '/default/', parameters('sharePrefix'))]",
      "dependsOn": [
        "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]"
      ]
    },
    {
      "name": "[variables('ContainerGroupName')]",
      "type": "Microsoft.ContainerInstance/containerGroups",
      "apiVersion": "2018-10-01",
      "location": "[parameters('location')]",
      "properties": {
        "containers": [
          {
            "name": "[variables('ContainerName')]",
            "properties": {
              "image": "imageNameinACR",
              "resources": {
                "requests": {
                  "memoryInGB": 14,
                  "cpu": 4
                }
              },
              "volumeMounts": [
                {
                  "name": "filesharevolume",
                  "mountPath": "/app"
                }
              ]
            }
          }
        ],
        "imageRegistryCredentials": [
          ....
        ],
        "restartPolicy": "OnFailure",
        "osType": "Linux",
        "volumes": [
          {
            "name": "filesharevolume",
            "azureFile": {
              "shareName": "[concat(parameters('storageAccountName'), '/default/', parameters('sharePrefix'))]",
              "storageAccountName": "[parameters('storageAccountName')]",
              "storageAccountKey": "[listKeys(parameters('storageAccountName'), '2019-06-01').keys[0].value]"
            }
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
        "[resourceId('Microsoft.Storage/storageAccounts/fileServices/shares', parameters('storageAccountName'), 'default', parameters('sharePrefix'))]"
      ]
    }
  ],
  "outputs": {}
}

但是,这是抛出错误

"error": { "code": "CannotAccessStorageAccount", "message": "无法访问卷 'filesharevolume' 中的 Azure 存储帐户 'storage6x2un3wwsta6u':'远程服务器返回错误:(400) 错误请求。 '。这可能是由不正确的 Azure 存储帐户密钥或 Azure 存储防火墙引起的。” }

我还尝试使用 resourceId 来检索如下所示的秘密,但它会引发相同的错误。

"storageAccountKey": "[listKeys(variables('storageAccountId'), '2019-06-01').keys[0].value]"

我错过了模板中的任何内容吗?我参考了各种示例,这些示例显示了此方法在 ARM 模板中检索访问密钥的方法。

在容器映像的 DOCKERFILE 中,我正在运行 RUN MKDIR /App

挂载路径可能有问题吗?我的假设是文件共享将挂载在这个目录中 - /app/filesharevolume。

4

1 回答 1

1

我没有看到变量的定义storageAccountId,但模板函数listkeys确实适用于资源 ID。所以我给出了对我有用的代码:

"storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-06-01').keys[0].value]"

并且如果存储账户和容器组不在同一个资源组,那么你可以在获取资源Id的时候加上存储账户的组名:

"storageAccountKey": "[listKeys(resourceId(variables('resourceGroupName'), 'Microsoft.Storage/storageAccounts', variables('storageAccountName')), '2019-06-01').keys[0].value]

是示例。

更新:

并且volumes容器组有问题。您需要将文件共享名称更改为:

"volumes": [
          {
            "name": "filesharevolume",
            "azureFile": {
              "shareName": "[parameters('sharePrefix')]",
              "storageAccountName": "[parameters('storageAccountName')]",
              "storageAccountKey": "[listKeys(parameters('storageAccountName'), '2019-06-01').keys[0].value]"
            }
          }
        ]
于 2021-06-25T01:20:58.747 回答