在專用的代理程式組件區上執行 ACR 工作Run an ACR task on a dedicated agent pool

設定 Azure 管理的 VM 集區 (代理程式 集區) ,以在專用計算環境中執行您的 Azure Container Registry 工作。Set up an Azure-managed VM pool (agent pool) to enable running your Azure Container Registry tasks in a dedicated compute environment. 在登錄中設定一或多個集區之後,您可以選擇一個集區來執行工作,以取代服務的預設計算環境。After you've configured one or more pools in your registry, you can choose a pool to run a task in place of the service's default compute environment.

代理程式組件區提供:An agent pool provides:

  • 虛擬網路支援 -將代理程式組件區指派給 Azure vnet,以提供對 VNet 中資源的存取權,例如容器登錄、金鑰保存庫或儲存體。Virtual network support - Assign an agent pool to an Azure VNet, providing access to resources in the VNet such as a container registry, key vault, or storage.
  • 視需要調整 -增加代理程式組件區中的實例數目以進行計算密集型工作,或調整為零。Scale as needed - Increase the number of instances in an agent pool for compute-intensive tasks, or scale to zero. 計費是以集區配置為基礎。Billing is based on pool allocation. 如需詳細資訊,請參閱 定價For details, see Pricing.
  • 彈性的選項 -從不同的 集區層 和調整選項中進行選擇,以符合您的工作負載需求。Flexible options - Choose from different pool tiers and scale options to meet your task workload needs.
  • Azure 管理 -工作集區會由 azure 修補及維護,並提供保留配置,而不需要維護個別 vm。Azure management - Task pools are patched and maintained by Azure, providing reserved allocation without the need to maintain the individual VMs.

進階 容器登錄服務層級中提供這項功能。This feature is available in the Premium container registry service tier. 如需登錄服務層和限制的相關資訊,請參閱 Azure Container Registry skuFor information about registry service tiers and limits, see Azure Container Registry SKUs.

重要

此功能目前在預覽階段,但有某些限制This feature is currently in preview, and some limitations apply. 若您同意補充的使用規定即可取得預覽。Previews are made available to you on the condition that you agree to the supplemental terms of use. 在公開上市 (GA) 之前,此功能的某些領域可能會變更。Some aspects of this feature may change prior to general availability (GA).

預覽限制Preview limitations

  • 工作代理程式組件區目前支援 Linux 節點。Task agent pools currently support Linux nodes. 目前不支援 Windows 節點。Windows nodes aren't currently supported.
  • 工作代理程式組件區在以下區域提供預覽:美國西部2、美國中南部、美國東部2、美國東部、美國中部、西歐、北歐、加拿大中部、美國政府亞利桑那州、美國政府德克薩斯州和美國政府弗吉尼亞州。Task agent pools are available in preview in the following regions: West US 2, South Central US, East US 2, East US, Central US, West Europe, North Europe, Canada Central, USGov Arizona, USGov Texas, and USGov Virginia.
  • 針對每個登錄,預設總 vCPU (core) 配額為16(適用于所有標準代理程式組件區),而針對隔離的代理程式組件區則為0。For each registry, the default total vCPU (core) quota is 16 for all standard agent pools and is 0 for isolated agent pools. 開啟 支援要求 以進行其他配置。Open a support request for additional allocation.
  • 您目前無法取消在代理程式組件區上執行的工作。You can't currently cancel a task run on an agent pool.

必要條件Prerequisites

  • 若要使用本文中的 Azure CLI 步驟,需要 Azure CLI 2.3.1 或更新版本。To use the Azure CLI steps in this article, Azure CLI version 2.3.1 or later is required. 如果您需要安裝或升級,請參閱安裝 Azure CLIIf you need to install or upgrade, see Install Azure CLI. 或在 Azure Cloud Shell 中執行。Or run in Azure Cloud Shell.
  • 如果您還沒有容器登錄,請在預覽區域中 建立一個 (進階層) 所需的一層。If you don't already have a container registry, create one (Premium tier required) in a preview region.

集區層Pool tiers

代理程式組件區層會在集區中的每個實例提供下列資源。Agent pool tiers provide the following resources per instance in the pool.

服務層級Tier 類型Type CPUCPU 記憶體 (GB)Memory (GB)
S1S1 標準standard 22 33
S2S2 標準standard 44 88
S3S3 標準standard 88 1616
I6I6 外掛式isolated 6464 216216

建立和管理工作代理程式組件區Create and manage a task agent pool

(選用) 設定預設登錄Set default registry (optional)

若要簡化遵循的 Azure CLI 命令,請執行 az configure 命令來設定預設的登錄:To simplify Azure CLI commands that follow, set the default registry by running the az configure command:

az configure --defaults acr=<registryName>

下列範例假設您已設定預設登錄。The following examples assume that you've set the default registry. 如果沒有,請 --registry <registryName> 在每個命令中傳遞參數 az acrIf not, pass a --registry <registryName> parameter in each az acr command.

建立代理程式組件區Create agent pool

使用 az acr agentpool create 命令建立代理程式組件區。Create an agent pool by using the az acr agentpool create command. 下列範例會建立 (4 個 CPU/實例) 的層 S2 集區。The following example creates a tier S2 pool (4 CPU/instance). 依預設,集區包含1個實例。By default, the pool contains 1 instance.

az acr agentpool create \
    --name myagentpool \
    --tier S2

注意

建立代理程式組件區和其他集區管理作業需要幾分鐘的時間才能完成。Creating an agent pool and other pool management operations take several minutes to complete.

調整集區Scale pool

使用 az acr agentpool update 命令,向上或向下調整集區大小。Scale the pool size up or down with the az acr agentpool update command. 下列範例會將集區調整為2個實例。The following example scales the pool to 2 instances. 您可以調整為0個實例。You can scale to 0 instances.

az acr agentpool update \
    --name myagentpool \
    --count 2

在虛擬網路中建立集區Create pool in a virtual network

新增防火牆規則Add firewall rules

工作代理程式組件區需要存取下列 Azure 服務。Task agent pools require access to the following Azure services. 您必須將下列防火牆規則新增到任何現有的網路安全性群組或使用者定義的路由。The following firewall rules must be added to any existing network security groups or user-defined routes.

方向Direction 通訊協定Protocol 來源Source 來源連接埠Source Port DestinationDestination 目的地埠Dest Port 已使用Used
輸出Outbound TCPTCP VirtualNetworkVirtualNetwork 任意Any AzureKeyVaultAzureKeyVault 443443 預設Default
輸出Outbound TCPTCP VirtualNetworkVirtualNetwork 任意Any 儲存體Storage 443443 預設Default
輸出Outbound TCPTCP VirtualNetworkVirtualNetwork 任意Any EventHubEventHub 443443 預設Default
輸出Outbound TCPTCP VirtualNetworkVirtualNetwork 任意Any AzureActiveDirectoryAzureActiveDirectory 443443 預設Default
輸出Outbound TCPTCP VirtualNetworkVirtualNetwork 任意Any AzureMonitorAzureMonitor 443443 預設Default

注意

如果您的工作需要來自公用網際網路的其他資源,請新增對應的規則。If your tasks require additional resources from the public internet, add the corresponding rules. 例如,需要額外的規則來執行 docker 組建工作,以從 Docker Hub 提取基礎映射,或還原 NuGet 套件。For example, additional rules are needed to run a docker build task that pulls the base images from Docker Hub, or restores a NuGet package.

在 VNet 中建立集區Create pool in VNet

下列範例會在網路 myvnet>mysubnet 子網中建立代理程式組件區:The following example creates an agent pool in the mysubnet subnet of network myvnet:

# Get the subnet ID
subnetId=$(az network vnet subnet show \
        --resource-grop myresourcegroup \
        --vnet-name myvnet \
        --name mysubnetname \
        --query id --output tsv)

az acr agentpool create \
    --name myagentpool \
    --tier S2 \
    --subnet-id $subnetId

在代理程式組件區上執行工作Run task on agent pool

下列範例示範如何在佇列工作時指定代理程式組件區。The following examples show how to specify an agent pool when queuing a task.

注意

若要在 ACR 工作中使用代理程式組件區,請確認集區至少包含1個實例。To use an agent pool in an ACR task, ensure that the pool contains at least 1 instance.

快速工作Quick task

使用 az acr build 命令,將代理程式組件區上的快速工作排入佇列,並傳遞 --agent-pool 參數:Queue a quick task on the agent pool by using the az acr build command and pass the --agent-pool parameter:

az acr build \
    --agent-pool myagentpool \
    --image myimage:mytag \
    --file Dockerfile \
    https://github.com/Azure-Samples/acr-build-helloworld-node.git#main

自動觸發的工作Automatically triggered task

例如,在具有 az acr task create的代理程式組件區上建立排程工作,並傳遞 --agent-pool 參數。For example, create a scheduled task on the agent pool with az acr task create, passing the --agent-pool parameter.

az acr task create \
    --name mytask \
    --agent-pool myagentpool \
    --image myimage:mytag \
    --schedule "0 21 * * *" \
    --file Dockerfile \
    --context https://github.com/Azure-Samples/acr-build-helloworld-node.git#main \
    --commit-trigger-enabled false

若要確認工作設定,請執行 az acr task runTo verify task setup, run az acr task run:

az acr task run \
    --name mytask

查詢集區狀態Query pool status

若要找出代理程式組件區上目前排程的執行數目,請執行 az acr agentpool showTo find the number of runs currently scheduled on the agent pool, run az acr agentpool show.

az acr agentpool show \
    --name myagentpool \
    --queue-count

下一步Next steps

如需雲端中容器映射組建和維護的更多範例,請參閱 ACR 工作的教學課程系列For more examples of container image builds and maintenance in the cloud, check out the ACR Tasks tutorial series.