将静态出站IP地址分配给Azure容器实例
问题描述 投票:0回答:2
我需要进行设置,在其中可以从驻留在azure容器实例中的python脚本读取和写入外部sql db。为了完成这项工作,我需要为容器分配一个静态IP。
因为我无法将容器实例与专用ip关联,所以我必须进行设置以使用以下资源:vnet,网关和公共IP。
我从https://godatadriven.com/blog/azure-container-instance-example/中部分借鉴了设置,其绘制方式如下:
我已经建立了一个dev-ops构建和发布管道。我使用ARM模板创建发行版(模板的资源如下):
"resources": [
{
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('vnetName')]",
"apiVersion": "2019-07-01",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnet2Name')]",
"properties": {
"addressPrefix": "[parameters('subnet2AddressPrefix')]",
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
},
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetAddressPrefix')]",
"delegations": [
{
"name": "DelegationService",
"properties": {
"serviceName": "Microsoft.ContainerInstance/containerGroups"
}
}
],
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
}
]
}
},
{
"apiVersion": "2018-07-01",
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard",
"tier": "Regional"
},
"properties": {
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"idleTimeoutInMinutes": 4,
"dnsSettings": {
"domainNameLabel": "[parameters('dnsName')]"
}
}
},
{
"apiVersion": "2019-08-01",
"name": "[variables('applicationGatewayName')]",
"type": "Microsoft.Network/applicationGateways",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks/', parameters('vnetName'))]",
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.ContainerInstance/containerGroups/', parameters('containerInstanceName'))]"
],
"properties": {
"sku": {
"name": "[parameters('skuName')]",
"tier": "Standard_v2",
"capacity": "[variables('capacity')]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"frontendIPConfigurations": [
{
"name": "appGatewayFrontendIP",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"PublicIPAddress": {
"id": "[variables('publicIPRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "appGatewayFrontendPort",
"properties": {
"Port": 80
}
}
],
"backendAddressPools": [
{
"name": "appGatewayBackendPool",
"properties": {
"backendAddresses": [
{
"IpAddress": "[parameters('backendIP')]"
}
]
}
}
],
"backendHttpSettingsCollection": [
{
"name": "appGatewayBackendHttpSettings",
"properties": {
"Port": 80,
"Protocol": "Http",
"CookieBasedAffinity": "Disabled"
}
}
],
"httpListeners": [
{
"name": "appGatewayHttpListener",
"properties": {
"FrontendIPConfiguration": {
"Id": "[resourceId('Microsoft.Network/applicationGateways/frontendIPConfigurations', variables('applicationGatewayName'), 'appGatewayFrontendIP')]"
},
"FrontendPort": {
"Id": "[resourceId('Microsoft.Network/applicationGateways/frontendPorts', variables('applicationGatewayName'), 'appGatewayFrontendPort')]"
},
"Protocol": "Http",
"SslCertificate": null
}
}
],
"requestRoutingRules": [
{
"Name": "rule1",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[resourceId('Microsoft.Network/applicationGateways/httpListeners', variables('applicationGatewayName'), 'appGatewayHttpListener')]"
},
"backendAddressPool": {
"id": "[resourceId('Microsoft.Network/applicationGateways/backendAddressPools', variables('applicationGatewayName'), 'appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', variables('applicationGatewayName'), 'appGatewayBackendHttpSettings')]"
}
}
}
]
}
},
{
"name": "[parameters('networkProfileName')]",
"type": "Microsoft.Network/networkProfiles",
"apiVersion": "2018-07-01",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]"
],
"properties": {
"containerNetworkInterfaceConfigurations": [
{
"name": "[variables('interfaceConfigName')]",
"properties": {
"ipConfigurations": [
{
"name": "[variables('interfaceIpConfig')]",
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subnetName'))]"
}
}
}
]
}
}
]
}
},
{
"name": "[parameters('containerInstanceName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2018-10-01",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/networkProfiles', parameters('networkProfileName'))]"
],
"properties": {
"containers": [
{
"name": "[parameters('containerName')]",
"properties": {
"image": "[parameters('registryImageUri')]",
"ports": [{
"port": "[variables('port')]"
}],
"resources": {
"requests": {
"cpu": "[variables('cpuCores')]",
"memoryInGb": "[variables('memoryInGb')]"
}
}
}
}
],
"imageRegistryCredentials": [
{
"server": "[parameters('registryLoginServer')]",
"username": "[parameters('registryUserName')]",
"password": "[parameters('registryPassword')]"
}
],
"diagnostics": {
"logAnalytics": {
"workspaceId": "[parameters('LogAnalyticsID')]",
"workspaceKey": "[parameters('LogAnalyticsKEY')]"
}
},
"networkProfile": {
"Id": "[resourceId('Microsoft.Network/networkProfiles', parameters('networkProfileName'))]"
},
"osType": "Linux",
"ipAddress": {
"ports": [{
"protocol": "tcp",
"port": 80
}],
"type": "private",
"ip": "[parameters('backendIP')]"
},
"restartPolicy": "[parameters('restartPolicy')]"
}
}
]
该版本有效,但是当我运行时,我尝试运行容器实例,每次都使用不同的ip。
我在做什么错?
2个回答
1
投票
投票
由于您使用的是Azure提供的SQL,因此建议您利用Azure提供的私有VNET产品。
您应该考虑使用专用子网配置ACIhttps://docs.microsoft.com/en-us/azure/container-instances/container-instances-vnet
并且还要为您的SQL Server设置vnet规则
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview
Virtual network rules are one firewall security feature that controls whether the database server for your single databases and elastic pool in Azure SQL Database or for your databases in Azure Synapse Analytics accepts communications that are sent from particular subnets in virtual networks.
同样重要的是,还要在ACI子网中为SQL启用SQL服务终结点。
这将避免您必须在SQL防火墙中管理出站IP白名单。
1
投票
投票
[根据您所做的事情,我认为您误解了Azure容器实例的网络。 ACI的“公用”或“专用”类型仅适用于入站流量,不适用于出站流量。即使使用私有类型,实例也可以在没有任何其他资源的情况下访问Internet,但是在这种类型下,您将无法从Internet访问它。
不幸的是,当您使用公共类型时,入站和出站的公共IP地址可能甚至都不相同。对于Azure容器实例,我们无法控制可以使用的IP地址。因此,当您想使用静态公共IP地址访问SQL DB时,Azure容器实例不适合,我建议您使用VM,它更可控且更合适。
最新问题
- 从控制器底座以表格形式显示错误
- 在 Azure 上托管的 React 应用程序中,Url 无法刷新
- 如何在 Filament PHP 中有条件地渲染默认的管理导航链接?
- 如何将点值分配给多行和范围中的值
- 是否可以让 Azure 策略比较特定标签键的标签值?
- 项目集合管理员的 Azure DevOps 权限:EffectiveAllow 为 112
- 使用 JVM 代理拦截 OutOfMemoryErrors
- 有没有办法在生成的 html 报告中包含 JUnit 5 标签
- 得到结果后如何进行重定向?
- 如何在具有多个条目列的 Tkinter 框架中插入水平滚动条?
- npm安装react-google-login不起作用
- 从左上角而不是左下角开始绘制
- 使用 Flutter 生成音频文件的音频流生成器
- 如何从 terra SpatRaster 构建 lon、lat、值数据框
- TYPO3:覆盖插件 Flexform 的 RTE CKEditor 配置预设
- 如何在shell中等待文件创建并监听其内容直到超时
- R - 选择最后 2 列
- 交集以不同方式对待“数字”和“布尔值”
- 如何执行一个程序,并将所有输出重定向到一个文件,然后读取该文件并显示它
- Bootstrap Modal header css 变量未定义 - var(--bs-modal-header-padding) 未定义
© www.soinside.com 2019 - 2024. All rights reserved.