在对Azure使用YAML部署文件时移除正斜杠
在对Azure使用YAML部署文件时移除正斜杠
提问于 2022-06-16 12:19:00
我试图使用Powershell中的Azure在azure中的一个组中部署两个容器。因为我希望容器具有私有ip地址,所以我使用以下模板:
apiVersion: 2022-04-01-preview
name: uptime-kuma
properties:
containers:
- name: nginx-with-ssl
properties:
image: mcr.microsoft.com/oss/nginx/nginx:1.15.5-alpine
ports:
- port: 443
protocol: TCP
resources:
requests:
cpu: 1.0
memoryInGB: 1.5
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx
- name: uptime-kuma-app
properties:
image: louislam/uptime-kuma:latest
ports:
- port: 3001
protocol: TCP
resources:
requests:
cpu: 1.0
memoryInGB: 1.5
volumeMounts:
- name: uptime-kuma
mountPath: /app/data
volumes:
- secret:
ssl.crt: <removed for this post>
ssl.key: <removed for this post>
nginx.conf: <removed for this post>
name: nginx-config
- name: uptime-kuma
emptyDir: {}
ipAddress:
type: Private
ports:
- protocol: tcp
port: 443
osType: Linux
restartPolicy: Always
subnetIds:
- id: '/subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks/S2S_LAN/subnets'
name: 'IPSEC_LAN'
tags: null
type: Microsoft.ContainerInstance/containerGroups它在subnetIds.id部件上出错,我得到以下错误:
(InvalidVirtualNetworkLocation) Container group 'uptime-kuma' is in location 'westeurope' while virtual network 'subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks' is in location '<null>'. The container group and virtual network should be in same location.
Code: InvalidVirtualNetworkLocation
Message: Container group 'uptime-kuma' is in location 'westeurope' while virtual network 'subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks' is in location '<null>'. The container group and virtual network should be in same location.正如您所看到的,对于virual网络来说,位置是因为在“订阅/”之前有一个/缺失的虚拟网络而找不到。当我再加一个的时候,它会是:
subnetIds:
- id: '//subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks/S2S_LAN/subnets'然后,位置是正确的,可以找到,但我得到的错误是,权限是错误的,因为它认为它如下:
The client '<removed for this post>' with object id '<removed for this post>' has permission to perform action 'Microsoft.ContainerInstance/containerGroups/write' on scope '/subscriptions/<removed for this post>/resourcegroups/Homelab/providers/Microsoft.ContainerInstance/containerGroups/uptime-kuma'; however, it does not have permission to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' on the linked scope(s) '//subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks/S2S_LAN/subnets' or the linked scope(s) are invalid.我不知道怎么解决这个..。以前有人遇到过这种情况吗?我在寻求帮助。
编辑:在将其重建为Bicep模板后,我会得到相同的问题。所以它必须是组件的API版本,所以我尝试了不同的版本,所有相同的问题。
回答 1
Stack Overflow用户
发布于 2022-06-17 05:57:22
在我的环境中进行测试,得到您所面临的准确错误。
您需要将角色https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles?toc=%2Fazure%2Fvirtual-network%2Ftoc.json#network-contributor构建Microsoft.Network/virtualNetworks/subnets/join/action分配给您的托管identity.You,可以在您自己的Azure自定义角色中使用这些操作来为Azure中的资源提供粒度访问控制。我无法在我的环境中进行测试,因为我对分配给资源的角色没有特权,您需要管理权限将这个角色分配给您的资源。
类似的问题也在微软问答上提出,微软也提出了同样的建议。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/72645747
复制相关文章
相似问题
腾讯云开发者
