我正在尝试从我的容器注册表在 Azure 上运行 docker 容器。借助 CLI,它可以通过以下方式完美地工作:
az login
az container create -g RESOURCE-GROUP --name INSTANCE-GROUP --image workers.azurecr.io/MY-IMAGE:latest --registry-username USERNAME --registry-password PSWD
但是,我似乎无法让它在 python 中工作(代码如下)。我收到以下错误:
Code: InaccessibleImage
Message: The image 'MY-ACR.azurecr.io/MY-IMAGE:latest' in container group 'INSTANCE-GROUP' is not accessible. Please check the image and registry credential.
我已在 Azure 中创建了一个应用程序,并将相应的 AZURE_CLIENT_ID、AZURE_TENANT_ID 和 AZURE_CLIENT_SECRET 设置为环境变量。该应用程序在正确的资源组中同时具有贡献者和 AcrPull 角色。有谁知道为什么我似乎无法访问?
Python 代码:
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
from azure.mgmt.containerinstance.models import (
ContainerGroup,
Container,
EnvironmentVariable,
ResourceRequests,
ResourceRequirements,
)
# Replace these values with your own
subscription_id = "..."
resource_group_name = "..."
aci_name = "..."
acr_name = "..."
acr_username = "..."
acr_password = "..."
image = MY-ACR.azurecr.io/MY-IMAGE:latest"
cpu_cores = 1.0
memory_in_gb = 1.5
location = "North Europe"
# Create the credential object
credential = DefaultAzureCredential()
# Create the ACI management client
client = ContainerInstanceManagementClient(credential, subscription_id)
# Create the container group definition
env_vars = [
EnvironmentVariable(name="KEY", value="VAL"),
]
# set memory and cpu
container_resource_requests = ResourceRequests(memory_in_gb=memory_in_gb, cpu=cpu_cores)
container_resource_requirements = ResourceRequirements(
requests=container_resource_requests
)
container = Container(
name=aci_name,
image=image,
resources=container_resource_requirements,
environment_variables=env_vars,
)
# Create the container group
container_group = ContainerGroup(
location=location,
containers=[container],
os_type="Linux",
restart_policy="Always",
)
client.container_groups.begin_create_or_update(
resource_group_name, aci_name, container_group
)
最佳答案
我在我的环境中进行了尝试并得到了以下结果:
最初,我尝试使用查询中提到的相同代码并得到相同的错误:
上述错误表明容器实例无法访问 Azure 容器注册表 (ACR) 中的指定镜像,因为该镜像不可用或用于访问注册表的凭据不正确。
在同一代码中,我添加了 imageregistrycredentials 来使用图像进行身份验证。添加后创建了容器组并成功执行。
代码:
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
from azure.mgmt.containerinstance.models import (ContainerGroup,
Container,
ContainerGroupNetworkProtocol,
ImageRegistryCredential,
ContainerPort,
IpAddress,
Port,
ResourceRequests,
ResourceRequirements)
subscription_id="<Your subscription id>"
resource_group_name = "your resource grp name"
container_group_name="your_conatiner_group_name"
location="location"
credential=DefaultAzureCredential()
container_client = ContainerInstanceManagementClient(credential,subscription_id)
container_image_name = "your image name"
user_name = "username"
password= "password"
# Configure the container
container_resource_requests = ResourceRequests(memory_in_gb=1, cpu=1.0)
container_resource_requirements = ResourceRequirements(requests=container_resource_requests)
container = Container(name=container_group_name,image=container_image_name,resources=container_resource_requirements,ports=[ContainerPort(port=80)])
imagecredentials= ImageRegistryCredential(server="registry.azurecr.io",username=user_name,password=password)
container_group= ContainerGroup(location=location,containers=[container], os_type="linux",restart_policy="Always",image_registry_credentials=[imagecredentials])
# Create the container group
container_client.container_groups.begin_create_or_update(resource_group_name,container_group_name,container_group)
print("Container Group is created")
输出:
门户:
引用:
How to create new container group in azure vnet using python - Stack Overflow作者:安苏曼·巴尔。
关于azure - 从 Python SDK 启动容器实例 - 权限问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/75628914/