Azure Functions 的存储注意事项Storage considerations for Azure Functions

创建函数应用实例时,Azure Functions 需要 Azure 存储帐户。Azure Functions requires an Azure Storage account when you create a function app instance. 函数应用可以使用以下存储服务:The following storage services may be used by your function app:

存储服务Storage service 函数用法Functions usage
Azure Blob 存储Azure Blob storage 维护绑定状态和函数密钥。Maintain bindings state and function keys.
还由 Durable Functions 中的任务中心使用。Also used by task hubs in Durable Functions.
Azure 文件Azure Files 用于在消耗计划中存储和运行函数应用代码的文件共享。File share used to store and run your function app code in a Consumption Plan.
Azure 队列存储Azure Queue storage Durable Functions 中的任务中心使用。Used by task hubs in Durable Functions.
Azure 表存储Azure Table storage Durable Functions 中的任务中心使用。Used by task hubs in Durable Functions.

重要

使用消耗托管计划时,函数代码和绑定配置文件存储在主存储帐户的 Azure 文件存储中。When using the Consumption hosting plan, your function code and binding configuration files are stored in Azure File storage in the main storage account. 删除主存储帐户时,此内容将随之删除且无法恢复。When you delete the main storage account, this content is deleted and cannot be recovered.

存储帐户要求Storage account requirements

创建函数应用时,必须创建或链接到支持 Blob、队列和表存储的常规用途的 Azure 存储帐户。When creating a function app, you must create or link to a general-purpose Azure Storage account that supports Blob, Queue, and Table storage. 这是因为 Functions 依赖于 Azure 存储,执行管理触发器和记录函数执行等操作。This is because Functions relies on Azure Storage for operations such as managing triggers and logging function executions. 某些存储帐户不支持队列和表。Some storage accounts don't support queues and tables. 这些帐户包括仅限 blob 的存储帐户、Azure 高级存储和使用 ZRS 复制的常规用途存储帐户。These accounts include blob-only storage accounts, Azure Premium Storage, and general-purpose storage accounts with ZRS replication. 创建函数应用时,将从“存储帐户”边栏选项卡中筛选出这些不支持的帐户。These unsupported accounts are filtered out of from the Storage Account blade when creating a function app.

若要了解有关存储帐户类型的详细信息,请参阅 Azure 存储服务简介To learn more about storage account types, see Introducing the Azure Storage Services.

虽然可以将现有存储帐户用于函数应用,不过必须确保它满足这些要求。While you can use an existing storage account with your function app, you must make sure that it meets these requirements. 作为函数应用创建流的一部分创建的存储帐户可保证满足这些存储帐户要求。Storage accounts created as part of the function app create flow are guaranteed to meet these storage account requirements.

存储帐户指导Storage account guidance

每个 Function App 都需要存储帐户才能运行。Every function app requires a storage account to operate. 如果该帐户已删除,则你的函数应用将不会运行。If that account is deleted your function app won't run. 若要对存储相关问题进行故障排除,请参阅如何对存储相关问题进行故障排除To troubleshoot storage-related issues, see How to troubleshoot storage-related issues. 以下附加注意事项适用于函数应用使用的存储帐户。The following additional considerations apply to the Storage account used by function apps.

存储帐户连接设置Storage account connection setting

存储帐户连接在 AzureWebJobsStorage 应用程序设置中进行维护。The storage account connection is maintained in the AzureWebJobsStorage application setting.

重新生成存储密钥时,必须更新存储帐户连接字符串。The storage account connection string must be updated when you regenerate storage keys. 在此处阅读有关存储密钥管理的详细信息Read more about storage key management here.

共享存储帐户Shared storage accounts

多个函数应用可以共享同一个存储帐户,而不会出现任何问题。It's possible for multiple function apps to share the same storage account without any issues. 例如,在 Visual Studio 中,可以使用 Azure 存储仿真器开发多个应用。For example, in Visual Studio you can develop multiple apps using the Azure Storage Emulator. 在这种情况下,仿真器的作用类似于单个存储帐户。In this case, the emulator acts like a single storage account. 函数应用使用的同一个存储帐户也可用于存储应用程序数据。The same storage account used by your function app can also be used to store your application data. 但是在生产环境中,这种方法并不总是个好主意。However, this approach isn't always a good idea in a production environment.

优化存储性能Optimize storage performance

若要最大程度地提高性能,请对每个函数应用使用单独的存储帐户。To maximize performance, use a separate storage account for each function app. 如果有 Durable Functions 或事件中心触发的函数,则请注意,这两种函数都会产生大量存储事务,这一点特别重要。This is particularly important when you have Durable Functions or Event Hub triggered functions, which both generate a high volume of storage transactions. 当应用程序逻辑与 Azure 存储交互时,无论是直接(使用存储 SDK)交互还是通过某个存储绑定进行交互,都应使用专用存储帐户。When your application logic interacts with Azure Storage, either directly (using the Storage SDK) or through one of the storage bindings, you should use a dedicated storage account. 例如,如果有事件中心触发的函数将一些数据写入 blob 存储,请使用两个存储帐户—一个用于函数应用,另一个用于由函数存储的 blob。For example, if you have an Event Hub-triggered function writing some data to blob storage, use two storage accounts—one for the function app and another for the blobs being stored by the function.

存储数据加密Storage data encryption

Azure 存储可对存储帐户中的所有数据进行静态加密。Azure Storage encrypts all data in a storage account at rest. 有关详细信息,请参阅静态数据的 Azure 存储加密For more information, see Azure Storage encryption for data at rest.

默认情况下,数据使用 Microsoft 管理的密钥进行加密。By default, data is encrypted with Microsoft-managed keys. 为了进一步控制加密密钥,可以提供客户管理的密钥,用于对 blob 和文件数据进行加密。For additional control over encryption keys, you can supply customer-managed keys to use for encryption of blob and file data. 这些密钥必须存在于 Azure Key Vault 中,以便 Functions 能够访问存储帐户。These keys must be present in Azure Key Vault for Functions to be able to access the storage account. 若要了解详细信息,请参阅使用客户管理的密钥进行静态加密To learn more, see Encryption at rest using customer-managed keys.

后续步骤Next steps

详细了解 Azure Functions 托管选项。Learn more about Azure Functions hosting options.