我有一个 azure webapp Container 和 azure 容器注册表
应用程序已启动,并且在未启用安全性(专用端点)时可以从 acr 提取图像
如果我在 Web 应用程序中启用专用端点,则 Web 应用程序无法从 ACR 中提取图像
这是来自 Azure DevOps 的日志
2021-06-28T07:37:06.7931299Z Single-container Deployment to the webapp 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' as only the image detail was specified.
2021-06-28T07:37:07.0710385Z Trying to update App Service Configuration settings. Data: {"appCommandLine":null,"linuxFxVersion":"DOCKER|XXXXXXXXXXXXXXX.azurecr.io/XXXXXXXXXXXXXX:976"}
2021-06-28T07:37:14.0740862Z Updated App Service Configuration settings.
2021-06-28T07:37:14.0742609Z Restarting App Service: XXXXXXXXXXXXXXXXXXX
2021-06-28T07:37:14.3232789Z App Service 'XXXXXXXXXXXXXXXXXXXX' restarted successfully.
2021-06-28T07:37:15.3657905Z ##[warning]Error: Failed to update deployment history. Error: Ip Forbidden (CODE: 403)
2021-06-28T07:37:15.7454935Z App Service Application URL: https://XXXXXXXXXXXXXXXXXXXXXXXXXXX
2021-06-28T07:37:15.7532798Z ##[section]Finishing: Azure Web App on Container Deploy: XXXXXXXXXXXXXXXXXXXXXXXXXXXX
在 Azure 门户的日志中,Web 应用程序看起来将 ACR 注册表视为 Docker 中心:
2021-06-28T08:06:54.100Z INFO - Pulling image from Docker hub: XXXXXXXXXXXXXXXXXXXXX
2021-06-28T08:06:54.201Z ERROR - DockerApiException: Docker API responded with status code=InternalServerError, response={"message":"Get https://XXXXXXXXXXXXXXXXXXXXXXXXXXX/v2/XXXXXXXXXXXXX/manifests/976: unauthorized: authentication required, visit https://aka.ms/acr/authorization for more information."}
2021-06-28T08:06:54.203Z ERROR - Image pull failed: Verify docker image configuration and credentials (if using private repository)
2021-06-28T08:06:54.205Z INFO - Stopping site XXXXXXXXXXXXXXXXXXXXXX because it failed during startup.
这是我的 AzureDevops 步骤:
有什么办法可以解决这个问题吗?
最佳答案
问题是您无权从 ACR 中提取图像。 ACR 是私有(private)注册表,因此您需要为 Web App 设置 ACR 的凭据。用于容器的 Azure Web App 使用环境变量来设置私有(private)注册表的凭据。 Here是 ACR 的变量:
- DOCKER_REGISTRY_SERVER_USERNAME - ACR 服务器的用户名。
- DOCKER_REGISTRY_SERVER_URL - ACR 服务器的完整 URL。 (为了 例如,https://my-server.azurecr.io。)
- DOCKER_REGISTRY_SERVER_PASSWORD - ACR 服务器的密码。
在 DevOps 中,您可以这样设置变量:
关于azure - 启用专用端点后,无法从 ACR 中提取 WebApp 中的图像,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/68159823/