英文:
Starting a container instance from Python SDK - problems with permissions
问题
以下是翻译好的内容:
我正在尝试从我的容器注册表在Azure上运行一个Docker容器。通过CLI,可以通过以下命令成功运行:
az login
az container create -g RESOURCE-GROUP --name INSTANCE-GROUP --image workers.azurecr.io/MY-IMAGE:latest --registry-username USERNAME --registry-password PSWD
然而,我似乎无法在Python中让它工作(以下是代码)。我遇到了以下错误:
Code: InaccessibleImage
Message: 容器组中的镜像'MY-ACR.azurecr.io/MY-IMAGE:latest'不可访问。请检查镜像和注册表凭据。
我在Azure中创建了一个应用程序,并设置了相应的AZURE_CLIENT_ID、AZURE_TENANT_ID和AZURE_CLIENT_SECRET作为环境变量。该应用程序在正确的资源组中具有Contributor和AcrPull角色。有人知道为什么我无法获得访问权限吗?
Python代码:
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
from azure.mgmt.containerinstance.models import (
ContainerGroup,
Container,
EnvironmentVariable,
ResourceRequests,
ResourceRequirements,
)
# 用你自己的值替换这些
subscription_id = "..."
resource_group_name = "..."
aci_name = "..."
acr_name = "..."
acr_username = "..."
acr_password = "..."
image = "MY-ACR.azurecr.io/MY-IMAGE:latest"
cpu_cores = 1.0
memory_in_gb = 1.5
location = "North Europe"
# 创建凭据对象
credential = DefaultAzureCredential()
# 创建ACI管理客户端
client = ContainerInstanceManagementClient(credential, subscription_id)
# 创建容器组定义
env_vars = [
EnvironmentVariable(name="KEY", value="VAL"),
]
# 设置内存和CPU
container_resource_requests = ResourceRequests(memory_in_gb=memory_in_gb, cpu=cpu_cores)
container_resource_requirements = ResourceRequirements(
requests=container_resource_requests
)
container = Container(
name=aci_name,
image=image,
resources=container_resource_requirements,
environment_variables=env_vars,
)
# 创建容器组
container_group = ContainerGroup(
location=location,
containers=[container],
os_type="Linux",
restart_policy="Always",
)
client.container_groups.begin_create_or_update(
resource_group_name, aci_name, container_group
)
英文:
I am trying to run a docker container on Azure from my container registry. With the CLI, it works beautifully through:
az login
az container create -g RESOURCE-GROUP --name INSTANCE-GROUP --image workers.azurecr.io/MY-IMAGE:latest --registry-username USERNAME --registry-password PSWD
However, I just can't seem to get it working in python (code below). I get the following error:
Code: InaccessibleImage
Message: The image 'MY-ACR.azurecr.io/MY-IMAGE:latest' in container group 'INSTANCE-GROUP' is not accessible. Please check the image and registry credential.
I have created an application in Azure, and set the corresponding AZURE_CLIENT_ID, AZURE_TENANT_ID, and AZURE_CLIENT_SECRET as environmental variables. The app has both Contributor and AcrPull roles in the correct resource group. Does anyone know why I can't seem to get access?
Python code:
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
from azure.mgmt.containerinstance.models import (
ContainerGroup,
Container,
EnvironmentVariable,
ResourceRequests,
ResourceRequirements,
)
# Replace these values with your own
subscription_id = "..."
resource_group_name = "..."
aci_name = "..."
acr_name = "..."
acr_username = "..."
acr_password = "..."
image = MY-ACR.azurecr.io/MY-IMAGE:latest"
cpu_cores = 1.0
memory_in_gb = 1.5
location = "North Europe"
# Create the credential object
credential = DefaultAzureCredential()
# Create the ACI management client
client = ContainerInstanceManagementClient(credential, subscription_id)
# Create the container group definition
env_vars = [
EnvironmentVariable(name="KEY", value="VAL"),
]
# set memory and cpu
container_resource_requests = ResourceRequests(memory_in_gb=memory_in_gb, cpu=cpu_cores)
container_resource_requirements = ResourceRequirements(
requests=container_resource_requests
)
container = Container(
name=aci_name,
image=image,
resources=container_resource_requirements,
environment_variables=env_vars,
)
# Create the container group
container_group = ContainerGroup(
location=location,
containers=[container],
os_type="Linux",
restart_policy="Always",
)
client.container_groups.begin_create_or_update(
resource_group_name, aci_name, container_group
)
答案1
得分: 1
在我的环境中尝试后,获得了以下结果:
最初,我尝试使用查询中提到的相同代码,并获得了相同的错误:
上述错误表示容器实例无法访问Azure容器注册表(ACR)中指定的映像,因为映像要么不可用,要么用于访问注册表的凭据不正确。
在相同的代码中,我添加了**imageregistrycredentials
**以进行映像身份验证。添加后,成功创建了容器组并执行了它。
代码:
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
from azure.mgmt.containerinstance.models import (ContainerGroup,
Container,
ContainerGroupNetworkProtocol,
ImageRegistryCredential,
ContainerPort,
IpAddress,
Port,
ResourceRequests,
ResourceRequirements)
subscription_id="<Your subscription id>"
resource_group_name = "your resource grp name"
container_group_name="your_conatiner_group_name"
location="location"
credential=DefaultAzureCredential()
container_client = ContainerInstanceManagementClient(credential,subscription_id)
container_image_name = "your image name"
user_name = "username"
password= "password"
# 配置容器
container_resource_requests = ResourceRequests(memory_in_gb=1, cpu=1.0)
container_resource_requirements = ResourceRequirements(requests=container_resource_requests)
container = Container(name=container_group_name,image=container_image_name,resources=container_resource_requirements,ports=[ContainerPort(port=80)])
imagecredentials= ImageRegistryCredential(server="registry.azurecr.io",username=user_name,password=password)
container_group= ContainerGroup(location=location,containers=[container], os_type="linux",restart_policy="Always",image_registry_credentials=[imagecredentials])
# 创建容器组
container_client.container_groups.begin_create_or_update(resource_group_name,container_group_name,container_group)
print("Container Group is created")
输出:
门户网站:
参考资料:
如何使用Python在Azure VNet中创建新的容器组 - Stack Overflow 由 Ansuman Bal。
英文:
I tried in my environment and got below results:
Initially, I tried with the same code mentioned in the query and got the same error:
The above error indicates that the container instance is unable to access the specified image in the Azure Container Registry (ACR) because it is either not available or the credentials used to access the registry are incorrect.
In same code, I added imageregistrycredentials
to authenticate with image. After adding it created container group and executed successfully.
Code:
from azure.identity import DefaultAzureCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
from azure.mgmt.containerinstance.models import (ContainerGroup,
Container,
ContainerGroupNetworkProtocol,
ImageRegistryCredential,
ContainerPort,
IpAddress,
Port,
ResourceRequests,
ResourceRequirements)
subscription_id="<Your subscription id>"
resource_group_name = "your resource grp name"
container_group_name="your_conatiner_group_name"
location="location"
credential=DefaultAzureCredential()
container_client = ContainerInstanceManagementClient(credential,subscription_id)
container_image_name = "your image name"
user_name = "username"
password= "password"
# Configure the container
container_resource_requests = ResourceRequests(memory_in_gb=1, cpu=1.0)
container_resource_requirements = ResourceRequirements(requests=container_resource_requests)
container = Container(name=container_group_name,image=container_image_name,resources=container_resource_requirements,ports=[ContainerPort(port=80)])
imagecredentials= ImageRegistryCredential(server="registry.azurecr.io",username=user_name,password=password)
container_group= ContainerGroup(location=location,containers=[container], os_type="linux",restart_policy="Always",image_registry_credentials=[imagecredentials])
# Create the container group
container_client.container_groups.begin_create_or_update(resource_group_name,container_group_name,container_group)
print("Container Group is created")
Output:
Portal:
Reference:
How to create new container group in azure vnet using python - Stack Overflow by Ansuman Bal.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论