我正在尝试将 azure key vault 启动依赖项添加到我的容器化 .net6 web 应用程序。我可以在本地运行该项目(大概是因为我的应用程序正在利用我的 Visual Studio 凭据),但是当我在本地运行容器时,该应用程序无法进行身份验证(看起来
Az.Account
模块没有安装在容器中,但是我找不到如何添加这个)。该应用程序已正确注册,我有适当的AzureClientSecret
.
我的
Program.cs
方法是这样的:
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration((_, config) =>
{
var root = config.Build();
var vaultName = root["KeyVault:Vault"];
if (!string.IsNullOrEmpty(vaultName))
{
var secretClient = new SecretClient(
new Uri(vaultName),
new DefaultAzureCredential());
config.AddAzureKeyVault(secretClient, new KeyVaultSecretManager());
}
})
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
我的 Dockerfile 看起来像这样:
FROM mcr.microsoft.com/dotnet/nightly/sdk:6.0 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
FROM mcr.microsoft.com/dotnet/nightly/sdk:6.0 AS build
WORKDIR /src
ARG PAT
RUN wget -qO- https://raw.githubusercontent.com/Microsoft/artifacts-credprovider/master/helpers/installcredprovider.sh | bash
ENV NUGET_CREDENTIALPROVIDER_SESSIONTOKENCACHE_ENABLED true
ENV DOTNET_SYSTEM_NET_HTTP_USESOCKETSHTTPHANDLER=0
ENV VSS_NUGET_EXTERNAL_FEED_ENDPOINTS "{\"endpointCredentials\": [{\"endpoint\":\"https://pkgs.dev.azure.com/.../nuget/v3/index.json\", \"password\":\"${PAT}\"}]}"
ARG AspNetCoreEnvironment
ENV ASPNETCORE_ENVIRONMENT ${AspNetCoreEnvironment}
ARG AzureTenantId
ENV AZURE_TENANT_ID ${AzureTenantId}
ARG AzureClientId
ENV AZURE_CLIENT_ID ${AzureClientId}
ARG AzureClientSecret
ENV AZURE_CLIENT_SECRET ${AzureClientSecret}
COPY . .
COPY ["Service/Service.csproj", "Service/"]
RUN dotnet restore "Service/Service.csproj"
COPY . .
WORKDIR "/src/Service"
RUN dotnet build "Service.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "Service.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "Service.dll"]
开始我的构建,我运行:
docker build . -t tag_name --build-args (the ones in the dockerfile)
.
要启动容器,我运行
docker run tag_name
我得到的错误如下:
Unhandled exception. Azure.Identity.CredentialUnavailableException: The ChainedTokenCredential failed to retrieve a token from the included credentials.
- DefaultAzureCredential failed to retrieve a token from the included credentials. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/defaultazurecredential/troubleshoot
- EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
- ManagedIdentityCredential authentication unavailable. Multiple attempts failed to obtain a token from the managed identity endpoint.
- Operating system Linux 5.4.72-microsoft-standard-WSL2 #1 SMP Wed Oct 28 23:40:43 UTC 2020 isn't supported.
- Azure CLI not installed
- Az.Account module >= 2.2.0 is not installed.
- EnvironmentCredential authentication unavailable. Environment variables are not fully configured. See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/environmentcredential/troubleshoot
感觉这应该是一个很好解决的问题,但是我一直很吃力。有没有人在这里有任何经验或对如何更新我的 docker 容器定义有任何建议?