当前位置: 文江博客话题详情

使用YAML部署文件作为Azure时,向前斜杠被删除

发布于 2025-02-08 04:41:22 字数 3123 浏览 3 评论 0原文

我试图通过使用PowerShell中的Azure-CLI在Azure中的一个组中部署2个容器。 因为我想要带有私有IP地址的容器,我使用以下模板:

apiVersion: 2022-04-01-preview
name: uptime-kuma
properties:
  containers:
  - name: nginx-with-ssl
    properties:
      image: mcr.microsoft.com/oss/nginx/nginx:1.15.5-alpine
      ports:
      - port: 443
        protocol: TCP
      resources:
        requests:
          cpu: 1.0
          memoryInGB: 1.5
      volumeMounts:
      - name: nginx-config
        mountPath: /etc/nginx
  - name: uptime-kuma-app
    properties:
      image: louislam/uptime-kuma:latest
      ports:
      - port: 3001
        protocol: TCP
      resources:
        requests:
          cpu: 1.0
          memoryInGB: 1.5
      volumeMounts:
      - name: uptime-kuma
        mountPath: /app/data
  volumes:
  - secret:
      ssl.crt: <removed for this post>
      ssl.key: <removed for this post>
      nginx.conf: <removed for this post>
    name: nginx-config
  - name: uptime-kuma
    emptyDir: {}
  ipAddress:
    type: Private
    ports:
    - protocol: tcp
      port: 443
  osType: Linux
  restartPolicy: Always
  subnetIds:
   - id:  '/subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks/S2S_LAN/subnets'
     name: 'IPSEC_LAN'
tags: null
type: Microsoft.ContainerInstance/containerGroups

在subnetids.id零件上确实错误,我会收到以下错误:

(InvalidVirtualNetworkLocation) Container group 'uptime-kuma' is in location 'westeurope' while virtual network 'subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks' is in location '<null>'. The container group and virtual network should be in same location.
Code: InvalidVirtualNetworkLocation
Message: Container group 'uptime-kuma' is in location 'westeurope' while virtual network 'subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks' is in location '<null>'. The container group and virtual network should be in same location.

如您所见,它对属性网络说,该位置是因为虚拟的无法找到网络,因为“订阅 /”之前存在A /丢失。 当我添加另一个时,它将是:

subnetIds:
   - id:  '//subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks/S2S_LAN/subnets'

那么位置是正确的,可以找到它,但是我会发现权限错误的错误是因为它看到了:

The client '<removed for this post>' with object id '<removed for this post>' has permission to perform action 'Microsoft.ContainerInstance/containerGroups/write' on scope '/subscriptions/<removed for this post>/resourcegroups/Homelab/providers/Microsoft.ContainerInstance/containerGroups/uptime-kuma'; however, it does not have permission to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' on the linked scope(s) '//subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks/S2S_LAN/subnets' or the linked scope(s) are invalid.

我不知道如何解决此问题。 。我正在寻求帮助。

编辑:将其重建为二头肌模板后,我遇到了同样的问题。因此,它必须是组件的API版本,因此我尝试了不同的版本,所有的问题都相同。

原文

Im trying to deploy 2 containers in a group within Azure by using the azure-cli in Powershell.
Becuase i want the containers with a private ip address i use the following template:

apiVersion: 2022-04-01-preview
name: uptime-kuma
properties:
  containers:
  - name: nginx-with-ssl
    properties:
      image: mcr.microsoft.com/oss/nginx/nginx:1.15.5-alpine
      ports:
      - port: 443
        protocol: TCP
      resources:
        requests:
          cpu: 1.0
          memoryInGB: 1.5
      volumeMounts:
      - name: nginx-config
        mountPath: /etc/nginx
  - name: uptime-kuma-app
    properties:
      image: louislam/uptime-kuma:latest
      ports:
      - port: 3001
        protocol: TCP
      resources:
        requests:
          cpu: 1.0
          memoryInGB: 1.5
      volumeMounts:
      - name: uptime-kuma
        mountPath: /app/data
  volumes:
  - secret:
      ssl.crt: <removed for this post>
      ssl.key: <removed for this post>
      nginx.conf: <removed for this post>
    name: nginx-config
  - name: uptime-kuma
    emptyDir: {}
  ipAddress:
    type: Private
    ports:
    - protocol: tcp
      port: 443
  osType: Linux
  restartPolicy: Always
  subnetIds:
   - id:  '/subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks/S2S_LAN/subnets'
     name: 'IPSEC_LAN'
tags: null
type: Microsoft.ContainerInstance/containerGroups

It does wrong on the subnetIds.id part, i get the following error:

(InvalidVirtualNetworkLocation) Container group 'uptime-kuma' is in location 'westeurope' while virtual network 'subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks' is in location '<null>'. The container group and virtual network should be in same location.
Code: InvalidVirtualNetworkLocation
Message: Container group 'uptime-kuma' is in location 'westeurope' while virtual network 'subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks' is in location '<null>'. The container group and virtual network should be in same location.

As you can see, it says for the virual network that the location is because the virtual network can not be found because there is a / missing before "subscriptions/".
When i add another one, so it will be:

subnetIds:
   - id:  '//subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks/S2S_LAN/subnets'

Then the location is correct and it can be found, but then i get the error that the permission are wrong because it sees it as this :

The client '<removed for this post>' with object id '<removed for this post>' has permission to perform action 'Microsoft.ContainerInstance/containerGroups/write' on scope '/subscriptions/<removed for this post>/resourcegroups/Homelab/providers/Microsoft.ContainerInstance/containerGroups/uptime-kuma'; however, it does not have permission to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' on the linked scope(s) '//subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks/S2S_LAN/subnets' or the linked scope(s) are invalid.

I don't know how to fix this.. has anyone encountered this before? I'm in search for help.

EDIT: After rebuilding it to a Bicep template i get the same issues. So it has to be the API version of the component, so i tried different versions, all the same issues.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

り繁华旳梦境 2025-02-15 04:41:22

在我的环境中进行测试时,您会面对确切的错误。

您需要分配 网络贡献者 在角色microsoft中构建。网络/virtualnetworks/subnets/join/action to to tocaned Identity。 -Access-control/custom-proles“ rel =“ nofollow noreferrer”> azure自定义角色为Azure中的资源提供粒状访问控制。我无法在环境中进行测试,因为我没有特权将角色分配给您需要管理特权的资源,以将这些角色分配给您的资源。

类似的问题也在 Microsoft Q&amp; a 和MSFT也提出了同样的建议。

Tested in my environment getting the exact error as you are facing .

enter image description here

You need to assigned a Network contributor build in role Microsoft.Network/virtualNetworks/subnets/join/action to your managed identity.You can use these operations in your own Azure custom roles to provide granular access control to resources in Azure. I can not test in my environment as I don't have privileged to assigned roles to the resources you require admin privilege to assigned this roles to your resources.

Similar kind of issue has also raise on Microsoft Q&A and MSFT has suggested the same.

回复 原文
~没有更多了~

关于作者

冬天旳寂寞

暂无简介

文章
评论
923 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

空城旧梦

文章 0 评论 0

破晓

文章 0 评论 0

半仙

文章 0 评论 0

宫墨修音

文章 0 评论 0

17780639550

文章 0 评论 0

潮男不是我

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文