使用 Bicep 创建 Web 应用程序时,我在设置注册表标识时遇到问题。 当我在 Azure UI 中手动执行此操作时,它可以工作,但我想用 Bicep 执行此操作。
我认为这一部分应该可以解决问题,但由于某种原因它没有分配它。 您知道正确的语法是什么吗?
properties: {
serverFarmId: appServicePlan.id
httpsOnly: true
siteConfig: {
linuxFxVersion: 'DOTNETCORE|8.0'
acrUseManagedIdentityCreds: true // --this is new to test the managed identity
acrUserManagedIdentityID: managedIdentity.id
}
}
这是我的“完整”二头肌脚本:
var appServicePlanName = '${environmentName}-${solutionName}-plan'
var appServiceAppName = '${environmentName}-${solutionName}-app'
var sqlServerName = '${environmentName}-${solutionName}-sql'
var sqlDatabaseName = 'dis-${environmentName}'
var managedIdentityName = '${environmentName}-${solutionName}-mi'
resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = {
name: managedIdentityName
location: location
}
resource sqlServer 'Microsoft.Sql/servers@2023-08-01-preview' = {
name: sqlServerName
location: location
properties: {
administratorLogin: sqlServerLogin
administratorLoginPassword: sqlServerPassword
}
}
resource allowAccessToAzureServices 'Microsoft.Sql/servers/firewallRules@2023-08-01-preview' = {
parent: sqlServer
name: 'AllowAccessToAzureServices'
properties: {
startIpAddress: '0.0.0.0'
endIpAddress: '0.0.0.0'
}
}
resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-08-01-preview' = {
parent: sqlServer
name: sqlDatabaseName
location: location
sku: {
name: sqlDatabaseSku.name
tier: sqlDatabaseSku.tier
}
}
resource appServicePlan 'Microsoft.Web/serverfarms@2023-01-01' = {
name: appServicePlanName
location: location
sku: {
name: appServicePlanSku.name
tier: appServicePlanSku.tier
capacity: appServicePlanInstanceCount
}
kind: 'linux'
properties: {
reserved: true
}
}
resource appServiceApp 'Microsoft.Web/sites@2023-01-01' = {
name: appServiceAppName
location: location
kind: 'app,linux,container'
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${managedIdentity.id}': {}
}
}
properties: {
serverFarmId: appServicePlan.id
httpsOnly: true
siteConfig: {
linuxFxVersion: 'DOTNETCORE|8.0'
acrUseManagedIdentityCreds: true // --this is new to test the managed identity
acrUserManagedIdentityID: managedIdentity.id
}
}
}
resource logs 'Microsoft.Web/sites/config@2023-01-01' = {
name: 'logs'
parent: appServiceApp
properties: {
applicationLogs: {
fileSystem: { level: 'Verbose' }
}
detailedErrorMessages: { enabled: true }
httpLogs: {
fileSystem: { retentionInDays: 7, enabled: true }
}
}
}
Bicep 模板指定一个运行时堆栈,它为基于代码的部署配置您的应用服务:
linuxFxVersion: 'DOTNETCORE|8.0'
从您的屏幕截图来看,您似乎想改用基于容器的部署。为此,二头肌模板需要类似
linuxFxVersion: 'DOCKER|${yourRegistryName}.azurecr.io:myimage:latest'
然后托管身份将需要注册表上的 RBAC - 可能是 acrPull 权限。