在Azure中使用Container Registry部署Web App时,如何使用Bicep设置Registry Identity?

问题描述 投票:0回答:1

使用 Bicep 创建 Web 应用程序时,我在设置注册表标识时遇到问题。 当我在 Azure UI 中手动执行此操作时,它可以工作,但我想用 Bicep 执行此操作。

我认为这一部分应该可以解决问题,但由于某种原因它没有分配它。 您知道正确的语法是什么吗?

  properties: {
    serverFarmId: appServicePlan.id
    httpsOnly: true
    siteConfig: {
      linuxFxVersion: 'DOTNETCORE|8.0'
      acrUseManagedIdentityCreds: true // --this is new to test the managed identity
      acrUserManagedIdentityID: managedIdentity.id
    }
  }

这是我的“完整”二头肌脚本:

var appServicePlanName = '${environmentName}-${solutionName}-plan'
var appServiceAppName = '${environmentName}-${solutionName}-app'
var sqlServerName = '${environmentName}-${solutionName}-sql'
var sqlDatabaseName = 'dis-${environmentName}'
var managedIdentityName = '${environmentName}-${solutionName}-mi'

resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
  name: managedIdentityName
  location: location
}

resource sqlServer 'Microsoft.Sql/servers@2023-08-01-preview' = {
  name: sqlServerName
  location: location
  properties: {
    administratorLogin: sqlServerLogin
    administratorLoginPassword: sqlServerPassword
  }
}

resource allowAccessToAzureServices 'Microsoft.Sql/servers/firewallRules@2023-08-01-preview' = {
  parent: sqlServer
  name: 'AllowAccessToAzureServices'
  properties: {
    startIpAddress: '0.0.0.0'
    endIpAddress: '0.0.0.0'
  }
}

resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-08-01-preview' = {
  parent: sqlServer
  name: sqlDatabaseName
  location: location
  sku: {
    name: sqlDatabaseSku.name
    tier: sqlDatabaseSku.tier
  }
}

resource appServicePlan 'Microsoft.Web/serverfarms@2023-01-01' = {
  name: appServicePlanName
  location: location
  sku: {
    name: appServicePlanSku.name
    tier: appServicePlanSku.tier
    capacity: appServicePlanInstanceCount
  }
  kind: 'linux'
  properties: {
    reserved: true
  }
}

resource appServiceApp 'Microsoft.Web/sites@2023-01-01' = {
  name: appServiceAppName
  location: location
  kind: 'app,linux,container'
  identity: {
    type: 'UserAssigned'
    userAssignedIdentities: {
      '${managedIdentity.id}': {}
    }
  }
  properties: {
    serverFarmId: appServicePlan.id
    httpsOnly: true
    siteConfig: {
      linuxFxVersion: 'DOTNETCORE|8.0'
      acrUseManagedIdentityCreds: true // --this is new to test the managed identity
      acrUserManagedIdentityID: managedIdentity.id
    }
  }
}

resource logs 'Microsoft.Web/sites/config@2023-01-01' = {
  name: 'logs'
  parent: appServiceApp
  properties: {
    applicationLogs: {
      fileSystem: { level: 'Verbose' }
    }
    detailedErrorMessages: { enabled: true }
    httpLogs: {
      fileSystem: { retentionInDays: 7, enabled: true }
    }
  }
}

以下是在 UI 中手动设置身份的示例: Manually setting the Identity

azure azure-devops azure-web-app-service azure-bicep
1个回答
0
投票

Bicep 模板指定一个运行时堆栈,它为基于代码的部署配置您的应用服务:

linuxFxVersion: 'DOTNETCORE|8.0'

从您的屏幕截图来看,您似乎想改用基于容器的部署。为此,二头肌模板需要类似

linuxFxVersion: 'DOCKER|${yourRegistryName}.azurecr.io:myimage:latest'

然后托管身份将需要注册表上的 RBAC - 可能是 acrPull 权限。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.