我正在构建一个部署web应用程序、sql数据库和密钥库的arm模板。
web应用程序将使用
1-系统标识(将用于访问密钥库)。
webapp需要在keyvault之前部署,因此当部署keyvault时,它可以找到webapp标识,从而为其创建访问策略。
但是这种方法的问题是,当连接字符串作为webapp的一部分添加时,keyvault还不存在,因此@microsoft.keyvault访问秘密的方式也不起作用,即使在部署了keyvault之后,我得到了下面的结果
我如何部署包含keyvault访问方式的连接字符串,webapp很高兴并可以访问其中的连接字符串?
您可以使用取决于keyvault上的条件。我首先创建了一个Keyvault,并添加了
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('appBaseName'))]"
同时设置访问策略。
因此完整的模板将是:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"appBaseName": {
"type": "string"
},
"sqlName": {
"type": "string"
},
"adminLogin": {
"type": "string"
},
"secretValue": {
"type": "securestring"
},
"adminPassword": {
"type": "securestring"
},
"appInsights": {
"type": "string"
},
"collation": {
"type": "string",
"defaultValue": "Arabic_CI_AS"
},
"edition": {
"type": "string",
"defaultValue": "Basic"
},
"secretsPermissions": {
"type": "array",
"defaultValue": [
"get",
"list"
]
},
"objectiveName": {
"type": "string",
"defaultValue": "Basic"
},
"keyVaultName": {
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.KeyVault/vaults",
"apiVersion": "2019-09-01",
"name": "[parameters('keyVaultName')]",
"location": "[resourceGroup().location]",
"properties": {
"enabledForDeployment": false,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": false,
"tenantId": "[subscription().tenantId]",
"accessPolicies": [
{
"objectId": "[reference(concat('Microsoft.Web/sites/', parameters('appBaseName')), '2018-11-01','Full').identity.principalId]",
"tenantId": "[subscription().tenantId]",
"permissions": {
"secrets": "[parameters('secretsPermissions')]"
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('appBaseName'))]"
]
}
],
"sku": {
"name": "Standard",
"family": "A"
},
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Allow"
}
}
},
{
"type": "Microsoft.KeyVault/vaults/secrets",
"apiVersion": "2019-09-01",
"name": "[concat(parameters('keyVaultName'), '/', 'connectionString')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.KeyVault/vaults', parameters('keyVaultName'))]"
],
"properties": {
"value": "[parameters('secretValue')]"
}
},
{
"name": "[parameters('appInsights')]",
"type": "microsoft.insights/components",
"location": "[resourceGroup().location]",
"apiVersion": "2020-02-02",
"kind": "web",
"properties": {
"ApplicationId": "[parameters('appInsights')]",
"Application_Type": "web",
"Flow_Type": "Bluefield",
"Request_Source": "rest"
}
},
{
"name": "[parameters('appBaseName')]",
"type": "Microsoft.Web/serverfarms",
"location": "[resourceGroup().location]",
"apiVersion": "2015-08-01",
"sku": {
"name": "F1"
},
"dependsOn": [],
"tags": {
"displayName": "appBaseName"
},
"properties": {
"name": "[parameters('appBaseName')]",
"numberOfWorkers": 1
}
},
{
"name": "[parameters('appBaseName')]",
"type": "Microsoft.Web/sites",
"location": "[resourceGroup().location]",
"apiVersion": "2015-08-01",
"identity": { "type": "SystemAssigned" },
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', parameters('appBaseName'))]",
"[resourceId('microsoft.insights/components', parameters('appInsights'))]"
],
"tags": {
"[concat('hidden-related:', resourceId('Microsoft.Web/serverfarms', parameters('appBaseName')))]": "Resource",
"displayName": "appBaseName"
},
"properties": {
"name": "[parameters('appBaseName')]",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('appBaseName'))]",
"siteConfig": {
"location": "[resourceGroup().location]",
"appSettings" : [
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(concat('microsoft.insights/components/', parameters('appInsights')), '2015-05-01').InstrumentationKey]"
}],
"connectionStrings": [
{
"name": "connectionString",
"connectionString": "[concat('@Microsoft.KeyVault(SecretUri=https://', parameters('keyVaultName'),'.vault.azure.net/secrets/connectionString)')]",
"type": 1
}
]
}
}
},
{
"name": "[parameters('sqlName')]",
"type": "Microsoft.Sql/servers",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01",
"dependsOn": [],
"properties": {
"administratorLogin": "[parameters('adminLogin')]",
"administratorLoginPassword": "[parameters('adminPassword')]"
},
"resources": [
{
"name": "AllowAllWindowsAzureIps",
"type": "firewallRules",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('sqlName'))]"
],
"properties": {
"startIpAddress": "0.0.0.0",
"endIpAddress": "0.0.0.0"
}
},
{
"name": "[parameters('sqlName')]",
"type": "databases",
"location": "[resourceGroup().location]",
"apiVersion": "2014-04-01",
"dependsOn": [
"[resourceId('Microsoft.Sql/servers', parameters('sqlName'))]"
],
"properties": {
"collation": "[parameters('collation')]",
"edition": "[parameters('edition')]",
"maxSizeBytes": "1073741824",
"requestedServiceObjectiveName": "[parameters('objectiveName')]"
}
}
]
}
],
"outputs": {}
}
我已经创建了服务主体,并授予了他对密钥库的所有权限。此外,我还在ARM模板中为密钥库启用了访问秘密。 使用powershell,我可以作为部署SP登录并检索秘密(证书)。 但是,在部署带有密钥存储库引用的ARM模板时,这不起作用。我得到以下错误:
我创建了一个ARM模板,用于创建App Service(web应用程序)和与此模板相似的application Insights资源(https://github.com/tomasr/webapp-appInsights)。App insights连接到web App,并且一切正常,唯一的问题是App insights自动生成请求到我的web App的根,作为可用性测试的一部分,总是返回错误,因
null https://imgur.com/a/kbkkbtg 正如您所看到的,我使用了来自KeyVault的引用,其形式如下: @microsoft.keyvault(Secreturi=https://xxx.vault.azure.net/secrets/mysecret/xxxzxxzxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
我在运行单个节点的火花。 我的应用程序(java-web)使用的内存比可用的少。我发现这条线很有用。 对于本地模式,您只有一个执行器,而这个执行器是您的驱动程序,所以您需要设置驱动程序的内存。*也就是说,在本地模式下,当您运行spark-submit时,JVM已经启动了默认内存设置,因此在conf中设置“spark.driver.memory”实际上不会对您有任何帮助。相反,您需要运行spark-
我已经开发了azure定时器触发函数。我从功能应用程序的应用程序设置中获取计时器时间表,如下所示。 函数. json 这对于给定的静态时间表来说工作正常。但是当用户需要更改时间表时,该时间表应该能够根据另一个Web应用程序的用户要求进行更改。 我正在努力从外部应用程序动态地更改计划参数。我尝试的是部署一个ARM模板,从下面的ARM模板注入新的时间表值。 但是,这不是重写现有的appSettings
问题内容: 我想在Django模板标签中连接一个字符串,例如: 这是我的变量,我想将其与其余路径连接起来。 假设我有并且我想要结果扩展。 问题答案: 用于: