将Azure Web App用于具有托管身份的容器 [英] Using Azure Web App for Containers with managed identity

问题描述

使用自定义映像(来自Centos 7基本映像)为容器部署了Azure应用服务.基于以下文档有一个应该由Azure设置的环境变量，用于创建REST API请求以获取访问令牌:

Deployed an Azure App service for Containers with a custom image (from Centos 7 base image). Based on the following documentation There is an environment variable that should be set by Azure and used for creating the REST API request to obtain an access token:

• IDENTITY_ENDPOINT-本地令牌服务的网址.

但是，在容器内部检查时，未设置此变量:

However, when checking inside the container, this variable is not set:

[root@f22dfd74be31 ~]# echo $IDENTITY_ENDPOINT
(empty result here)

我也尝试调用az cli，该操作也失败了:

I've also tried to invoke az cli, which fails as well:

[root@f22dfd74be31 ~]# az login -i
AzureConnectionError: Failed to connect to MSI. Please make sure MSI is configured correctly 
and check the network connection.
Error detail: HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with 
url: /metadata/identity/oauth2/token?resource=https%3
A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01 (Caused by 
NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f9e0c4
c72e8>: Failed to establish a new connection: [Errno 110] Connection timed out',))

我已经在虚拟机和App Service(代码部署而不是容器)中成功使用了托管身份，App Service是否支持容器和自定义容器?

I've successfully used managed identity with both Virtual machines and App Service (code deployment not containers), is it supported with App Service for containers, with custom containers?

推荐答案

使用容器的App服务时，平台"仅在初始化容器时，环境变量(包括托管标识和应用程序设置)才可用.为了使这些变量可从容器访问，必须在容器启动脚本中合并以下行(从Dockerfile ENTRYPOINT调用):

When working with App service for containers the "platform" environment variables, including managed identity and app settings are only available when the container is initialized. In order to make these variables accessible from the container, the following line must be incorporated in the container startup script (called from Dockerfile ENTRYPOINT):

eval $(printenv | sed -n "s/^\([^=]\+\)=\(.*\)$/export \1=\2/p" | sed 's/"/\\\"/g' | sed '/=/s//="/' | sed 's/$/"/' >> /etc/profile)

这篇关于将Azure Web App用于具有托管身份的容器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！