通过Bicep部署更改Azure容器应用程序的“Ingress流量”设置

wydwbb8l 于 2023-03-24 发布在其他

关注(0)|答案(1)|浏览(125)

我正在尝试连接到使用以下Bicep部署脚本部署的Azure Container App（不是Azure容器示例！）：

vnet

resource vnet 'Microsoft.Network/virtualNetworks@2021-08-01' = {
  name: vnetName
  location: location
  properties: {
    addressSpace: {
      addressPrefixes: [
        vnetAddressPrefix
      ]
    }
    subnets: [
      {
        name: subnetName
        properties: {
          privateEndpointNetworkPolicies: 'Enabled'
          addressPrefix: vnetAddressPrefix
        }
      }
    ]
  }
}

appEnv

resource appEnv 'Microsoft.App/managedEnvironments@2022-10-01' = {
  name: containerAppEnvName
  location: location
  properties: {
    vnetConfiguration: {
      infrastructureSubnetId: vnet.properties.subnets[0].id
      internal: false
    }
    zoneRedundant: false
  }
}

容器应用

resource containerApp 'Microsoft.App/containerApps@2022-10-01' = {
  name: containerAppName
  location: location
  properties: {
    environmentId: appEnv.id
    configuration: {
      secrets: [
        {
          name: 'password'
          value: '...'
        }
      ]      
      registries: [
        {
          server: '...'
          username: '...'
          passwordSecretRef: 'password'
        } 
      
      ]
      ingress: {
        external: true
        targetPort: 7687
        exposedPort: 7687
        transport: 'tcp'
      }
    }
    template: {
      containers: [
        {
          image: '...'
          name: 'neo4j'
          env: []
          resources: {
            cpu: 2
            memory: '4Gi'
          }
        }
      ]
      scale: {
        minReplicas: 1
        maxReplicas: 1
      }
    }
  }
  dependsOn: [
    vnet
  ]
}

这一切都成功了：在Azure Portal中成功创建了所有资源。但是，如果我尝试连接到Azure容器应用程序，则会收到一般的ServiceUnavailable错误：

[error] session error - ServiceUnavailable: Neo4jError: WebSocket connection failure. ...

当我在Azure Portal中查找容器应用程序并选择Ingress刀片时，我看到了以下内容：

我想尝试选择选项Accept traffic from anywhere 1（屏幕截图中的红色箭头），但无法选择。在Bicep文档中，我找不到容器应用程序环境的参数internalOnly（在vnetConfiguration中更改internal: ...不起作用）。
问题：如何更改Bicep展开脚本以选择Accept traffic from anywhere？
1我们正处于类似POC的阶段，因此安全性目前不是首要任务。

Azure

来源：https://stackoverflow.com/questions/75767464/change-ingress-traffic-setting-for-azure-container-application-through-bicep-d

1条答案

按热度按时间

vhmi4jdf1#

我成功地设置了一个具有公共TCP入口的容器应用程序。负责Accept traffic from anywhere的设置在容器环境中（vnetConfiguration.internal必须是false）。然而，我需要在将此更改为false后删除并重新创建环境，以实际获得所需的更改。
这是我的bicep模板：

resource logAnalytics 'Microsoft.OperationalInsights/workspaces@2020-10-01' = {
  name: logname
  location: location
  properties: {
    sku: {
      name: 'PerGB2018'
    }
  }
}

resource vnet 'Microsoft.Network/virtualNetworks@2021-08-01' = {
  name: vnetname
  location: location
  properties: {
    addressSpace: {
      addressPrefixes: [
        '10.10.0.0/16'
      ]
    }
    subnets: [
      {
        name: 'helloworld'
        properties: {
          privateEndpointNetworkPolicies: 'Enabled'
          addressPrefix: '10.10.0.0/16'
        }
      }
    ]
  }
}

resource containerAppEnv 'Microsoft.App/managedEnvironments@2022-03-01' = {
  name: containerappenv
  location: location
  properties: {
    appLogsConfiguration: {
      destination: 'log-analytics'
      logAnalyticsConfiguration: {
        customerId: logAnalytics.properties.customerId
        sharedKey: logAnalytics.listKeys().primarySharedKey
      }
    }
    vnetConfiguration: {
      infrastructureSubnetId: vnet.properties.subnets[0].id
      internal: false
    }
  }
}

resource containerApp 'Microsoft.App/containerApps@2022-10-01' = {
  name: containerappname
  location: location
  properties: {
    managedEnvironmentId: containerAppEnv.id
    configuration: {
      ingress: {
        external: true
        targetPort: targetPort
        exposedPort: 3000
        transport: 'tcp'
        allowInsecure: false
        traffic: [
          {
            latestRevision: true
            weight: 100
          }
        ]
      }
      registries: [
        {
            server: registry
            identity: identity
        }
      ]
    }
    template: {
      revisionSuffix: 'secondrevision'
      containers: [
        {
          name: ...
          image: containerImage
          resources: {
            cpu: json(cpuCore)
            memory: '${memorySize}Gi'
          }
        }
      ]
      scale: {
        minReplicas: minReplicas
        maxReplicas: maxReplicas
      }
    }
  }
}

赞(0）回复(0）举报 2023-03-24

我来回答

通过Bicep部署更改Azure容器应用程序的“Ingress流量”设置

vnet

appEnv

容器应用

1条答案

相关问题

热门标签

最新问答