在 Azure 容器实例部署中设置 ENV答案

【问题标题】：Setting ENV in Azure Container Instances Deployment在 Azure 容器实例部署中设置 ENV
【发布时间】：2018-09-05 00:57:18
【问题描述】：

我尝试按照 https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter#deploy-a-key-vault-and-secret 和 https://gallery.azure.com/artifact/20161101/microsoft.containerinstances.1.0.8/Artifacts/mainTemplate.json 上的文档自动将 Docker 容器部署到 Azure 资源组。

我能够成功部署我的应用程序，包括从 Vault 检索加密的机密。我现在正在努力为我的容器设置 ENV，包括机密和普通 ENV。尽管有一种方法可以在 az container API 中设置 ENV，但我在资源组部署 API 的文档中找不到任何内容。如何将 ENV 传递到我的 Azure 容器？

【问题讨论】：

你是如何部署的 - PS / Cli / ARM 模板等
通过 JSON 模板自动化 schema.management.azure.com/schemas/2015-01-01/…

标签： azure azure-resource-manager azure-resource-group azure-container-instances

【解决方案1】：

你需要的json模板的sn-p如下（完整模板为here）

"name": "[toLower(parameters('DeploymentName'))]",
"type": "Microsoft.ContainerInstance/containerGroups",
"properties": {
    "containers": [
        {

            "environmentVariables": [
                {
                    "name": "CertificateName",
                    "value": "[parameters('CertificateName')]"
                },
            ],

【讨论】：

添加变量后，我的部署不断崩溃。删除它们后，一切都恢复正常了。
实际上，一切都崩溃了。我不知道我的帐户发生了什么，因为我没有更改任何内容，但我的容器组根本不再工作......
@flp 听起来你需要联系 Azure 支持

【解决方案2】：

您可以查看此处提到的示例：https://github.com/Azure/azure-quickstart-templates/blob/master/101-aci-storage-file-share/azuredeploy.json

 "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

    "contentVersion": "1.0.0.0",

    "parameters": {

        "storageAccountType": {

            "type": "string",

            "defaultValue": "Standard_LRS",

            "allowedValues": [

                "Standard_LRS",

                "Standard_GRS",

                "Standard_ZRS"

            ],

            "metadata": {

                "description": "Storage Account type"

            }

        },

        "storageAccountName": {

            "type": "string",

            "defaultValue": "[uniquestring(resourceGroup().id)]",

            "metadata": {

                "description": "Storage Account Name"

            }

        },

        "fileShareName": {

            "type": "string",

            "metadata": {

                "description": "File Share Name"

            }

        },

        "containerInstanceLocation": {

            "type": "string",

            "defaultValue": "[resourceGroup().location]",

            "allowedValues": [

                "westus",

                "eastus",

                "westeurope",

                "southeastaisa",

                "westus2"

            ],

            "metadata": {

                "description": "Container Instance Location"

            }

        }

    },

    "variables": {

        "image": "microsoft/azure-cli",

        "cpuCores": "1.0",

        "memoryInGb": "1.5",

        "containerGroupName":"createshare-containerinstance",

        "containerName": "createshare"

    },

    "resources": [

        {

            "type": "Microsoft.Storage/storageAccounts",

            "name": "[parameters('storageAccountName')]",

            "apiVersion": "2017-10-01",

            "location": "[resourceGroup().location]",

            "sku": {

                "name": "[parameters('storageAccountType')]"

            },

            "kind": "Storage",

            "properties": {}

        },

        {

            "name": "[variables('containerGroupName')]",

            "type": "Microsoft.ContainerInstance/containerGroups",

            "apiVersion": "2018-02-01-preview",

            "location": "[parameters('containerInstanceLocation')]",

            "dependsOn": [

                "[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"

              ],

            "properties": {

                "containers": [

                    {

                        "name": "[variables('containerName')]",

                        "properties": {

                            "image": "[variables('image')]",

                            "command": [

                                "az",

                                "storage",

                                "share",

                                "create",

                                "--name",

                                "[parameters('fileShareName')]"

                            ],

                            "environmentVariables": [

                                {

                                    "name": "AZURE_STORAGE_KEY",

                                    "value": "[listKeys(parameters('storageAccountName'),'2017-10-01').keys[0].value]"

                                },

                                {

                                    "name": "AZURE_STORAGE_ACCOUNT",

                                    "value": "[parameters('storageAccountName')]"

                                }

                            ],

                            "resources": {

                                "requests": {

                                    "cpu": "[variables('cpuCores')]",

                                    "memoryInGb": "[variables('memoryInGb')]"

                                }

                            }

                        }

                    }

                ],

                "restartPolicy": "OnFailure",

                "osType": "Linux"

            }

        }

    ]

}

【讨论】：

【解决方案3】：

secrets 的推荐方式是将Mount secret volume 发送到您的容器，因为它使用的是tmpfs，而您的秘密仅存在于易失性内存中！注意：在本文发布时，只有基于 Linux 的容器支持它...

【讨论】：