从Python SDK启动容器实例 – 权限问题

huangapple go评论71阅读模式
英文:

Starting a container instance from Python SDK - problems with permissions

问题

以下是翻译好的内容:

我正在尝试从我的容器注册表在Azure上运行一个Docker容器通过CLI可以通过以下命令成功运行

az login
az container create -g RESOURCE-GROUP --name INSTANCE-GROUP --image workers.azurecr.io/MY-IMAGE:latest --registry-username USERNAME --registry-password PSWD

然而我似乎无法在Python中让它工作以下是代码)。我遇到了以下错误

Code: InaccessibleImage
Message: 容器组中的镜像'MY-ACR.azurecr.io/MY-IMAGE:latest'不可访问请检查镜像和注册表凭据

我在Azure中创建了一个应用程序并设置了相应的AZURE_CLIENT_IDAZURE_TENANT_ID和AZURE_CLIENT_SECRET作为环境变量该应用程序在正确的资源组中具有Contributor和AcrPull角色有人知道为什么我无法获得访问权限吗

Python代码

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
from azure.mgmt.containerinstance.models import (
    ContainerGroup,
    Container,
    EnvironmentVariable,
    ResourceRequests,
    ResourceRequirements,
)

# 用你自己的值替换这些
subscription_id = "..."
resource_group_name = "..."
aci_name = "..."
acr_name = "..."
acr_username = "..."
acr_password = "..."
image = "MY-ACR.azurecr.io/MY-IMAGE:latest"
cpu_cores = 1.0
memory_in_gb = 1.5
location = "North Europe"

# 创建凭据对象
credential = DefaultAzureCredential()

# 创建ACI管理客户端
client = ContainerInstanceManagementClient(credential, subscription_id)

# 创建容器组定义
env_vars = [
    EnvironmentVariable(name="KEY", value="VAL"),
]

# 设置内存和CPU
container_resource_requests = ResourceRequests(memory_in_gb=memory_in_gb, cpu=cpu_cores)
container_resource_requirements = ResourceRequirements(
    requests=container_resource_requests
)

container = Container(
    name=aci_name,
    image=image,
    resources=container_resource_requirements,
    environment_variables=env_vars,
)

# 创建容器组
container_group = ContainerGroup(
    location=location,
    containers=[container],
    os_type="Linux",
    restart_policy="Always",
)

client.container_groups.begin_create_or_update(
    resource_group_name, aci_name, container_group
)
英文:

I am trying to run a docker container on Azure from my container registry. With the CLI, it works beautifully through:

az login
az container create -g RESOURCE-GROUP --name INSTANCE-GROUP --image workers.azurecr.io/MY-IMAGE:latest --registry-username USERNAME --registry-password PSWD

However, I just can't seem to get it working in python (code below). I get the following error:

Code: InaccessibleImage
Message: The image 'MY-ACR.azurecr.io/MY-IMAGE:latest' in container group 'INSTANCE-GROUP' is not accessible. Please check the image and registry credential. 

I have created an application in Azure, and set the corresponding AZURE_CLIENT_ID, AZURE_TENANT_ID, and AZURE_CLIENT_SECRET as environmental variables. The app has both Contributor and AcrPull roles in the correct resource group. Does anyone know why I can't seem to get access?

Python code:

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
from azure.mgmt.containerinstance.models import (
ContainerGroup,
Container,
EnvironmentVariable,
ResourceRequests,
ResourceRequirements,
)
# Replace these values with your own
subscription_id = "..."
resource_group_name = "..."
aci_name = "..."
acr_name = "..."
acr_username = "..."
acr_password = "..."
image = MY-ACR.azurecr.io/MY-IMAGE:latest"
cpu_cores = 1.0
memory_in_gb = 1.5
location = "North Europe"
# Create the credential object
credential = DefaultAzureCredential()
# Create the ACI management client
client = ContainerInstanceManagementClient(credential, subscription_id)
# Create the container group definition
env_vars = [
EnvironmentVariable(name="KEY", value="VAL"),
]
# set memory and cpu
container_resource_requests = ResourceRequests(memory_in_gb=memory_in_gb, cpu=cpu_cores)
container_resource_requirements = ResourceRequirements(
requests=container_resource_requests
)
container = Container(
name=aci_name,
image=image,
resources=container_resource_requirements,
environment_variables=env_vars,
)
# Create the container group
container_group = ContainerGroup(
location=location,
containers=[container],
os_type="Linux",
restart_policy="Always",
)
client.container_groups.begin_create_or_update(
resource_group_name, aci_name, container_group
)

答案1

得分: 1

在我的环境中尝试后,获得了以下结果:

最初,我尝试使用查询中提到的相同代码,并获得了相同的错误:

从Python SDK启动容器实例 – 权限问题

上述错误表示容器实例无法访问Azure容器注册表(ACR)中指定的映像,因为映像要么不可用,要么用于访问注册表的凭据不正确。

在相同的代码中,我添加了**imageregistrycredentials**以进行映像身份验证。添加后,成功创建了容器组并执行了它。

代码:

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
from azure.mgmt.containerinstance.models import (ContainerGroup,
                                                 Container,
                                                 ContainerGroupNetworkProtocol,
                                                 ImageRegistryCredential,
                                                 ContainerPort,
                                                 IpAddress,
                                                 Port,
                                                 ResourceRequests,
                                                 ResourceRequirements)
subscription_id="<Your subscription id>"
resource_group_name = "your resource grp name"
container_group_name="your_conatiner_group_name"
location="location"
credential=DefaultAzureCredential()
container_client = ContainerInstanceManagementClient(credential,subscription_id)
container_image_name = "your image name"
user_name = "username"
password= "password"
    # 配置容器
container_resource_requests = ResourceRequests(memory_in_gb=1, cpu=1.0)
container_resource_requirements = ResourceRequirements(requests=container_resource_requests)
container = Container(name=container_group_name,image=container_image_name,resources=container_resource_requirements,ports=[ContainerPort(port=80)])

imagecredentials= ImageRegistryCredential(server="registry.azurecr.io",username=user_name,password=password)
container_group= ContainerGroup(location=location,containers=[container], os_type="linux",restart_policy="Always",image_registry_credentials=[imagecredentials])
    # 创建容器组
container_client.container_groups.begin_create_or_update(resource_group_name,container_group_name,container_group)
print("Container Group is created")

输出:

从Python SDK启动容器实例 – 权限问题

门户网站:

从Python SDK启动容器实例 – 权限问题

参考资料:

如何使用Python在Azure VNet中创建新的容器组 - Stack Overflow 由 Ansuman Bal。

英文:

I tried in my environment and got below results:

Initially, I tried with the same code mentioned in the query and got the same error:

从Python SDK启动容器实例 – 权限问题

The above error indicates that the container instance is unable to access the specified image in the Azure Container Registry (ACR) because it is either not available or the credentials used to access the registry are incorrect.

In same code, I added imageregistrycredentials to authenticate with image. After adding it created container group and executed successfully.

Code:

from azure.identity import DefaultAzureCredential
from azure.mgmt.containerinstance import ContainerInstanceManagementClient
from azure.mgmt.containerinstance.models import (ContainerGroup,
Container,
ContainerGroupNetworkProtocol,
ImageRegistryCredential,
ContainerPort,
IpAddress,
Port,
ResourceRequests,
ResourceRequirements)
subscription_id=&quot;&lt;Your subscription id&gt;&quot;
resource_group_name = &quot;your resource grp name&quot;
container_group_name=&quot;your_conatiner_group_name&quot;
location=&quot;location&quot;
credential=DefaultAzureCredential()
container_client = ContainerInstanceManagementClient(credential,subscription_id)
container_image_name = &quot;your image name&quot;
user_name = &quot;username&quot;
password= &quot;password&quot;
# Configure the container
container_resource_requests = ResourceRequests(memory_in_gb=1, cpu=1.0)
container_resource_requirements = ResourceRequirements(requests=container_resource_requests)
container = Container(name=container_group_name,image=container_image_name,resources=container_resource_requirements,ports=[ContainerPort(port=80)])
imagecredentials= ImageRegistryCredential(server=&quot;registry.azurecr.io&quot;,username=user_name,password=password)
container_group= ContainerGroup(location=location,containers=[container], os_type=&quot;linux&quot;,restart_policy=&quot;Always&quot;,image_registry_credentials=[imagecredentials])
# Create the container group
container_client.container_groups.begin_create_or_update(resource_group_name,container_group_name,container_group)
print(&quot;Container Group is created&quot;)

Output:

从Python SDK启动容器实例 – 权限问题

Portal:

从Python SDK启动容器实例 – 权限问题

Reference:

How to create new container group in azure vnet using python - Stack Overflow by Ansuman Bal.

huangapple
  • 本文由 发表于 2023年3月3日 23:22:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/75628914.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定