在对Azure使用YAML部署文件时移除正斜杠

Question

我试图使用Powershell中的Azure在azure中的一个组中部署两个容器。因为我希望容器具有私有ip地址，所以我使用以下模板：

apiVersion: 2022-04-01-preview
name: uptime-kuma
properties:
  containers:
  - name: nginx-with-ssl
    properties:
      image: mcr.microsoft.com/oss/nginx/nginx:1.15.5-alpine
      ports:
      - port: 443
        protocol: TCP
      resources:
        requests:
          cpu: 1.0
          memoryInGB: 1.5
      volumeMounts:
      - name: nginx-config
        mountPath: /etc/nginx
  - name: uptime-kuma-app
    properties:
      image: louislam/uptime-kuma:latest
      ports:
      - port: 3001
        protocol: TCP
      resources:
        requests:
          cpu: 1.0
          memoryInGB: 1.5
      volumeMounts:
      - name: uptime-kuma
        mountPath: /app/data
  volumes:
  - secret:
      ssl.crt: <removed for this post>
      ssl.key: <removed for this post>
      nginx.conf: <removed for this post>
    name: nginx-config
  - name: uptime-kuma
    emptyDir: {}
  ipAddress:
    type: Private
    ports:
    - protocol: tcp
      port: 443
  osType: Linux
  restartPolicy: Always
  subnetIds:
   - id:  '/subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks/S2S_LAN/subnets'
     name: 'IPSEC_LAN'
tags: null
type: Microsoft.ContainerInstance/containerGroups

它在subnetIds.id部件上出错，我得到以下错误：

(InvalidVirtualNetworkLocation) Container group 'uptime-kuma' is in location 'westeurope' while virtual network 'subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks' is in location '<null>'. The container group and virtual network should be in same location.
Code: InvalidVirtualNetworkLocation
Message: Container group 'uptime-kuma' is in location 'westeurope' while virtual network 'subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks' is in location '<null>'. The container group and virtual network should be in same location.

正如您所看到的，对于virual网络来说，位置是因为在“订阅/”之前有一个/缺失的虚拟网络而找不到。当我再加一个的时候，它会是：

subnetIds:
   - id:  '//subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks/S2S_LAN/subnets'

然后，位置是正确的，可以找到，但我得到的错误是，权限是错误的，因为它认为它如下：

The client '<removed for this post>' with object id '<removed for this post>' has permission to perform action 'Microsoft.ContainerInstance/containerGroups/write' on scope '/subscriptions/<removed for this post>/resourcegroups/Homelab/providers/Microsoft.ContainerInstance/containerGroups/uptime-kuma'; however, it does not have permission to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' on the linked scope(s) '//subscriptions/<removed for this post>/resourceGroups/Homelab/providers/Microsoft.Network/virtualNetworks/S2S_LAN/subnets' or the linked scope(s) are invalid.

我不知道怎么解决这个..。以前有人遇到过这种情况吗？我在寻求帮助。

编辑:在将其重建为Bicep模板后，我会得到相同的问题。所以它必须是组件的API版本，所以我尝试了不同的版本，所有相同的问题。

Answer 1

在我的环境中进行测试，得到您所面临的准确错误。

​

​

您需要将角色https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles?toc=%2Fazure%2Fvirtual-network%2Ftoc.json#network-contributor构建Microsoft.Network/virtualNetworks/subnets/join/action分配给您的托管identity.You，可以在您自己的Azure自定义角色中使用这些操作来为Azure中的资源提供粒度访问控制。我无法在我的环境中进行测试，因为我对分配给资源的角色没有特权，您需要管理权限将这个角色分配给您的资源。

类似的问题也在微软问答上提出，微软也提出了同样的建议。