您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 认知服务中的容器支持Container support in Azure Cognitive Services

Azure 认知服务中的容器支持让开发人员能够使用与 Azure 中可用的 API 一样丰富的 API,并能够灵活地选择部署和托管随附 Docker 容器的服务的位置。Container support in Azure Cognitive Services allows developers to use the same rich APIs that are available in Azure, and enables flexibility in where to deploy and host the services that come with Docker containers. 目前已在 Azure 认知服务的子集中发布容器支持预览版,这些服务包括:Container support is currently available in preview for a subset of Azure Cognitive Services, including parts of:

容器化是一种软件分发方法,其中应用程序或服务(包括其依赖关系和配置)被一起打包为容器映像。Containerization is an approach to software distribution in which an application or service, including its dependencies & configuration, is packaged together as a container image. 如果几乎不进行修改,可将容器映像部署在容器主机上。With little or no modification, a container image can be deployed on a container host. 容器彼此隔离并与基础操作系统隔离,内存占用小于虚拟机。Containers are isolated from each other and the underlying operating system, with a smaller footprint than a virtual machine. 容器可以从容器映像中实例化以用于短期任务,并在不再需要时将其删除。Containers can be instantiated from container images for short-term tasks, and removed when no longer needed.

认知服务资源可在 Microsoft Azure 上获得。Cognitive Services resources are available on Microsoft Azure. 登录到 Azure 门户,创建和浏览适用于这些服务的 Azure 资源。Sign into the Azure portal to create and explore Azure resources for these services.

功能和优势Features and benefits

  • 对数据的控制:允许客户选择认知服务在何处处理其数据。Control over data: Allow customers to choose where these Cognitive Services process their data. 对于不能将数据发送到云,但需要访问认知服务技术的客户,此功能非常重要。This is essential for customers that cannot send data to the cloud but need access to Cognitive Services technology. 支持混合环境中的一致性 - 跨数据、管理、标识和安全性。Support consistency in hybrid environments – across data, management, identity, and security.
  • 对模型更新的控制:为客户提供其解决方案中部署的模型的版本控制和更新方面的灵活性。Control over model updates: Provide customers flexibility in versioning and updating of models deployed in their solutions.
  • 可移植的体系结构:支持创建可在 Azure、本地和边缘部署的可移植应用程序体系结构。Portable architecture: Enable the creation of a portable application architecture that can be deployed on Azure, on-premises and the edge. 可直接将容器部署到 Azure Kubernetes 服务Azure 容器实例,或部署到 Azure StackKubernetes 集群。Containers can be deployed directly to Azure Kubernetes Service, Azure Container Instances, or to a Kubernetes cluster deployed to Azure Stack. 有关详细信息,请参阅将 Kubernetes 部署到 Azure StackFor more information, see Deploy Kubernetes to Azure Stack.
  • 高吞吐量/低延迟:通过使以物理方式运行的认知服务更深入了解其应用程序逻辑和数据,为客户提供缩放功能,以满足高吞吐量和低延迟扩展要求。High throughput / low latency: Provide customers the ability to scale for high throughput and low latency requirements by enabling Cognitive Services to run physically close to their application logic and data. 容器不限制每秒综合事务数 (TPS),如果提供了必要的硬件资源,它还可进行纵向或横向扩展,来应对需求。Containers do not cap transactions per second (TPS) and can be made to scale both up and out to handle demand if you provide the necessary hardware resources.

Azure 认知服务中的容器Containers in Azure Cognitive Services

Azure 认知服务容器提供以下一组 Docker 容器,其中每个容器都包含 Azure 认知服务中的服务的功能子集:Azure Cognitive Services containers provide the following set of Docker containers, each of which contains a subset of functionality from services in Azure Cognitive Services:

服务Service 支持的定价层Supported Pricing Tier 容器Container 描述Description
异常检测器Anomaly detector F0、S0F0, S0 异常检测器Anomaly-Detector 通过异常检测器 API,可使用机器学习监视和检测时序数据中的异常。The Anomaly Detector API enables you to monitor and detect abnormalities in your time series data with machine learning.
请求访问权限Request access
计算机视觉Computer Vision F0、S1F0, S1 读取Read 从具有不同表面和背景的各种对象的图像中提取打印文本,例如收据、海报和名片。Extracts printed text from images of various objects with different surfaces and backgrounds, such as receipts, posters, and business cards. 读取容器还检测图像中的手写文本,并提供 PDF/TIFF/多页面支持。The Read container also detects handwritten text in images and provides PDF/TIFF/multi-page support.

重要提示: Read 容器当前仅适用于英语。Important: The Read container currently works only with English.
请求访问权限Request access
计算机视觉Computer Vision F0、S1F0, S1 识别文本Recognize Text 从具有不同表面和背景的各种对象的图像中提取打印文本,例如收据、海报和名片。Extracts printed text from images of various objects with different surfaces and backgrounds, such as receipts, posters, and business cards.

重要提示: 识别文本容器目前仅适用于英语。Important: The Recognize Text container currently works only with English.
请求访问权限Request access
人脸Face F0、S0F0, S0 人脸Face 检测图像中的人脸并标识属性,包括人脸特征(例如,鼻子和眼睛)、性别、年龄和其他计算机预测的面部特征。Detects human faces in images, and identifies attributes, including face landmarks (such as noses and eyes), gender, age, and other machine-predicted facial features. 除检测外,人脸还可以使用置信分数检查同一/不同图像中的两张人脸,或根据数据库比较人脸,以查看是否已存在类似或相同的人脸。In addition to detection, Face can check if two faces in the same image or different images are the same by using a confidence score, or compare faces against a database to see if a similar-looking or identical face already exists. 还可以使用共享视觉特征将类似人脸整理为许多组。It can also organize similar faces into groups, using shared visual traits.
请求访问权限Request access
表单识别器Form recognizer F0、S0F0, S0 表单识别器Form Recognizer 表单理解应用机器学习技术从表单中识别和提取键值对和表。Form Understanding applies machine learning technology to identify and extract key-value pairs and tables from forms.
请求访问权限Request access
LUISLUIS F0、S0F0, S0 LUIS映像LUIS (image) 可将已训练或已发布的语言理解模型(也称为 LUIS 应用)加载到 docker 容器中并提供对容器的 API 终结点中的查询预测的访问权限。Loads a trained or published Language Understanding model, also known as a LUIS app, into a docker container and provides access to the query predictions from the container's API endpoints. 可以从容器中收集查询日志并将这些日志上传回 LUIS 门户以提高应用的预测准确性。You can collect query logs from the container and upload these back to the LUIS portal to improve the app's prediction accuracy.
语音服务 APISpeech Service API F0、S0F0, S0 语音转文本Speech-to-text 将连续的实时语音转换为文本。Transcribes continuous real-time speech into text.
请求访问权限Request access
语音服务 APISpeech Service API F0、S0F0, S0 文本转语音Text-to-speech 将文本转换为自然发音的语音。Converts text to natural-sounding speech.
请求访问权限Request access
文本分析Text Analytics F0、SF0, S 关键短语提取(映像Key Phrase Extraction (image) 提取关键短语,以标识要点。Extracts key phrases to identify the main points. 例如,针对输入文本“The food was delicious and there were wonderful staff”,该 API 会返回谈话要点:“food”和“wonderful staff”。For example, for the input text "The food was delicious and there were wonderful staff", the API returns the main talking points: "food" and "wonderful staff".
文本分析Text Analytics F0、SF0, S 语言检测(映像Language Detection (image) 针对多达 120 种语言,检测输入文本是使用哪种语言编写的,并报告请求中提交的每个文档的单个语言代码。For up to 120 languages, detects which language the input text is written in and report a single language code for every document submitted on the request. 语言代码与表示评分强度的评分相搭配。The language code is paired with a score indicating the strength of the score.
文本分析Text Analytics F0、SF0, S 情绪分析(映像Sentiment Analysis (image) 分析原始文本,获取正面或负面情绪的线索。Analyzes raw text for clues about positive or negative sentiment. 此 API 针对每个文档返回介于 0 和 1 之间的情绪评分,1 是最积极的评分。This API returns a sentiment score between 0 and 1 for each document, where 1 is the most positive. 分析模型已使用 Microsoft 提供的大量文本正文和自然语言技术进行预先训练。The analysis models are pre-trained using an extensive body of text and natural language technologies from Microsoft. 对于选定的语言,该 API 可以分析和评分提供的任何原始文本,并直接将结果返回给调用方应用程序。For selected languages, the API can analyze and score any raw text that you provide, directly returning results to the calling application.

此外,认知服务一体化产品/服务资源密钥支持某些容器。In addition, some containers are supported in Cognitive Services All-In-One offering resource keys. 可以为以下服务创建单个认知服务一体化资源,并在支持的服务之间使用相同的计费密钥:You can create one single Cognitive Services All-In-One resource and use the same billing key across supported services for the following services:

  • 计算机视觉Computer Vision
  • 人脸Face
  • LUISLUIS
  • 文本分析Text Analytics

Azure 认知服务中的容器可用性Container availability in Azure Cognitive Services

Azure 认知服务容器通过 Azure 订阅公开发布,并可以从 Microsoft 容器注册表或 Docker 中心拉取 Docker 容器映像。Azure Cognitive Services containers are publicly available through your Azure subscription, and Docker container images can be pulled from either the Microsoft Container Registry or Docker Hub. 可以使用 docker pull 命令从相应注册表下载容器映像。You can use the docker pull command to download a container image from the appropriate registry.

重要

目前,你必须完成注册过程才能访问以下容器,在此过程中,你需要填写并提交一份调查问卷,其中包含有关你、你的公司以及你要实施这些容器的用例的问题。Currently, you must complete a sign-up process to access the following containers, in which you fill out and submit a questionnaire with questions about you, your company, and the use case for which you want to implement the containers. 一旦被授予访问权限并提供了凭据,你就可以从 Azure 容器注册表托管的专用容器注册表中拉取容器映像。Once you're granted access and provided credentials, you can then pull the container images from a private container registry hosted by Azure Container Registry.

容器存储库和映像Container repositories and images

下表列出了 Azure 认知服务提供的可用容器映像。The tables below are a listing of the available container images offered by Azure Cognitive Services. 有关所有可用容器映像名称及其可用标记的完整列表,请参阅认知服务容器映像标记For a complete list of all the available container image names and their available tags, see Cognitive Services container image tags.

公共“非封闭”(容器注册表:mcr.microsoft.comPublic "Ungated" (container registry: mcr.microsoft.com)

Microsoft 容器注册表(MCR) syndicates 了用于认知服务的所有公开发布的 "无选通" 容器。The Microsoft Container Registry (MCR) syndicates all of the publicly available "ungated" containers for Cognitive Services. 它们也可以直接从Docker 中心获得。They are also available directly from the Docker hub.

服务Service 容器Container 容器注册表/存储库/映像名称Container Registry / Repository / Image Name
LUISLUIS LUISLUIS mcr.microsoft.com/azure-cognitive-services/luis
文本分析Text Analytics 关键短语提取Key Phrase Extraction mcr.microsoft.com/azure-cognitive-services/keyphrase
文本分析Text Analytics 语言检测Language Detection mcr.microsoft.com/azure-cognitive-services/language
文本分析Text Analytics 情绪分析Sentiment Analysis mcr.microsoft.com/azure-cognitive-services/sentiment

公共“门控”预览版(容器注册表:containerpreview.azurecr.ioPublic "Gated" Preview (container registry: containerpreview.azurecr.io)

容器预览注册表托管认知服务的所有公共可用“门控”容器。The Container Preview registry hosts all of the publicly available "gated" containers for Cognitive Services. 这些容器需要正式的访问请求才能使用它们。These containers require a formal request for access in order to consume them.

服务Service 容器Container 容器注册表/存储库/映像名称Container Registry / Repository / Image Name
异常检测器Anomaly detector 异常检测器Anomaly Detector containerpreview.azurecr.io/microsoft/cognitive-services-anomaly-detector
计算机视觉Computer Vision 读取Read containerpreview.azurecr.io/microsoft/cognitive-services-read
人脸Face 人脸Face containerpreview.azurecr.io/microsoft/cognitive-services-face
表单识别器Form recognizer 表单识别器Form Recognizer containerpreview.azurecr.io/microsoft/cognitive-services-form-recognizer
语音服务 APISpeech Service API 语音转文本Speech-to-text containerpreview.azurecr.io/microsoft/cognitive-services-speech-to-text
语音服务 APISpeech Service API 自定义语音到文本Custom Speech-to-text containerpreview.azurecr.io/microsoft/cognitive-services-custom-speech-to-text
语音服务 APISpeech Service API 文本转语音Text-to-speech containerpreview.azurecr.io/microsoft/cognitive-services-text-to-speech
语音服务 APISpeech Service API 自定义文本到语音转换Custom Text-to-speech containerpreview.azurecr.io/microsoft/cognitive-services-custom-text-to-speech

先决条件Prerequisites

使用 Azure 认知服务容器之前,必须先满足以下先决条件:You must satisfy the following prerequisites before using Azure Cognitive Services containers:

Docker 引擎:必须在本地安装 Docker 引擎。Docker Engine: You must have Docker Engine installed locally. Docker 提供用于在 macOSLinuxWindows 上配置 Docker 环境的包。Docker provides packages that configure the Docker environment on macOS, Linux, and Windows. 在 Windows 上,必须将 Docker 配置为支持 Linux 容器。On Windows, Docker must be configured to support Linux containers. 还可直接将 Docker 容器直接部署到 Azure Kubernetes 服务Azure 容器实例Docker containers can also be deployed directly to Azure Kubernetes Service or Azure Container Instances.

必须将 Docker 配置为允许容器连接 Azure 并向其发送账单数据。Docker must be configured to allow the containers to connect with and send billing data to Azure.

熟悉 Microsoft 容器注册表和 Docker:应对 Microsoft 容器注册表和 Docker 概念有基本的了解,例如注册表、存储库、容器和容器映像,以及基本的 docker 命令的知识。Familiarity with Microsoft Container Registry and Docker: You should have a basic understanding of both Microsoft Container Registry and Docker concepts, like registries, repositories, containers, and container images, as well as knowledge of basic docker commands.

有关 Docker 和容器的基础知识,请参阅 Docker 概述For a primer on Docker and container basics, see the Docker overview.

各容器还可以有其自己的要求,包括服务器和内存分配要求。Individual containers can have their own requirements, as well, including server and memory allocation requirements.

Azure 认知服务容器安全性Azure Cognitive Services container security

无论何时开发应用程序,安全性都应该是主要关注点。Security should be a primary focus whenever you're developing applications. 安全的重要性是成功的指标。The importance of security is a metric for success. 构建包含认知服务容器的软件解决方案时,请务必了解可用的限制和功能。When you're architecting a software solution that includes Cognitive Services containers, it's vital to understand the limitations and capabilities available to you. 有关网络安全的详细信息,请参阅配置 Azure 认知服务虚拟网络For more information about network security, see Configure Azure Cognitive Services virtual networks.

重要

默认情况下,认知服务容器 API没有安全性By default there is no security on the Cognitive Services container API. 这样做的原因是:容器最常见的情况是,容器将作为 pod 的一部分运行,而该 pod 由网桥保护。The reason for this is that most often the container will run as part of a pod which is protected from the outside by a network bridge. 但是,可以启用与访问基于云的认知服务时所使用的身份验证相同的身份验证。However, it is possible to enable authentication which works identically to the authentication used when accessing the cloud-based Cognitive Services.

下图说明了默认方法和非安全方法:The diagram below illustrates the default and non-secure approach:

容器安全性

认知服务容器的使用者是一种替代和安全的方法,可以使用正面组件扩充容器,使容器终结点专用。As an alternative and secure approach, consumers of Cognitive Services containers could augment a container with a front-facing component, keeping the container endpoint private. 让我们考虑一种方案,其中使用Istio作为入口网关。Let's consider a scenario where we use Istio as an ingress gateway. Istio 支持 HTTPS/SSL 和客户端证书身份验证。Istio supports HTTPS/SSL and client-certificate authentication. 在这种情况下,Istio 前端将公开容器访问权限,并在 Istio 的后面呈现客户端证书。In this scenario, the Istio frontend exposes the container access, presenting the client certificate that is whitelisted beforehand with Istio.

Nginx是同一类别中的另一种常用选择。Nginx is another popular choice in the same category. Istio 和 Nginx 都充当服务网格,提供其他功能,包括负载平衡、路由和速率控制等功能。Both Istio and Nginx act as a service mesh and offer additional features including things like load-balancing, routing, and rate-control.

容器网络Container networking

出于计费目的,需要认知服务容器来提交计量信息。The Cognitive Services containers are required to submit metering information for billing purposes. 唯一的例外情况是脱机容器,因为它们遵循不同的计费方法。The only exception, is Offline containers as they follow a different billing methodology. 如果无法允许列出认知服务容器所依赖的各种网络通道,则会阻止容器工作。Failure to allow list various network channels that the Cognitive Services containers rely on will prevent the container from working.

允许列出认知服务域和端口Allow list Cognitive Services domains and ports

主机应允许列出端口 443和以下域:The host should allow list port 443 and the following domains:

  • *.cognitive.microsoft.com
  • *.cognitiveservices.azure.com

禁用深层数据包检查Disable deep packet inspection

深度数据包检查(DPI)是一种数据处理方式,用于检查通过计算机网络发送的数据,并且通常通过阻止、重新路由或记录它来采取措施。Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and usually takes action by blocking, re-routing, or logging it accordingly.

禁用认知服务容器为 Microsoft 服务器创建的安全通道上的 DPI。Disable DPI on the secure channels that the Cognitive Services containers create to Microsoft servers. 否则,将无法正常运行容器。Failure to do so will prevent the container from functioning correctly.

博客文章Blog posts

开发人员示例Developer samples

可在 GitHub 存储库中查看开发人员示例。Developer samples are available at our GitHub repository.

观看网络研讨会View webinar

加入网络研讨会了解:Join the webinar to learn about:

  • 如何将认知服务部署到任何使用 Docker 的计算机How to deploy Cognitive Services to any machine using Docker
  • 如何将认知服务部署到 AKSHow to deploy Cognitive Services to AKS

后续步骤Next steps

了解可用于认知服务的容器食谱Learn about container recipes you can use with the Cognitive Services.

安装和浏览 Azure 认知服务中的容器提供的功能:Install and explore the functionality provided by containers in Azure Cognitive Services: