Azure 认知服务容器Azure Cognitive Services containers

Azure 认知服务提供了多个 Docker 容器,可让你在本地使用 Azure 中提供的相同 API。Azure Cognitive Services provides several Docker containers that let you use the same APIs that are available in Azure, on-premises. 借助这些容器,你能够灵活地将认知服务移至更接近你的数据的位置,以满足合规性、安全性或其他操作目的。Using these containers gives you the flexibility to bring Cognitive Services closer to your data for compliance, security or other operational reasons.

容器支持目前适用于部分 Azure 认知服务,包括以下部分:Container support is currently available for a subset of Azure Cognitive Services, including parts of:

容器化是一种软件分发方法,其中应用程序或服务(包括其依赖关系和配置)被一起打包为容器映像。Containerization is an approach to software distribution in which an application or service, including its dependencies & configuration, is packaged together as a container image. 如果几乎不进行修改,可将容器映像部署在容器主机上。With little or no modification, a container image can be deployed on a container host. 容器彼此隔离并与基础操作系统隔离,内存占用小于虚拟机。Containers are isolated from each other and the underlying operating system, with a smaller footprint than a virtual machine. 容器可以从容器映像中实例化以用于短期任务,并在不再需要时将其删除。Containers can be instantiated from container images for short-term tasks, and removed when no longer needed.

认知服务资源可在 Azure 上获得。Cognitive Services resources are available on Azure. 登录到 Azure 门户,创建和浏览适用于这些服务的 Azure 资源。Sign into the Azure portal to create and explore Azure resources for these services.

功能和优势Features and benefits

  • 不可变的基础结构:使 DevOps 团队能够利用一组一致且可靠的已知系统参数,同时能够适应变化。Immutable infrastructure: Enable DevOps teams' to leverage a consistent and reliable set of known system parameters, while being able to adapt to change. 通过容器,可灵活地在可预测生态系统内进行透视,并避免配置偏移。Containers provide the flexibility to pivot within a predictable ecosystem and avoid configuration drift.
  • 对数据的控制:选择认知服务处理数据的位置。Control over data: Choose where your data gets processed by Cognitive Services. 如果无法将数据发送到云,但需要访问认知服务 API,则此操作可能很重要。This can be essential if you can't send data to the cloud but need access to Cognitive Services APIs. 支持混合环境中的一致性 - 跨数据、管理、标识和安全性。Support consistency in hybrid environments - across data, management, identity, and security.
  • 对模型更新的控制:其解决方案中部署的模型的版本控制和更新方面的灵活性。Control over model updates: Flexibility in versioning and updating of models deployed in their solutions.
  • 可移植的体系结构:支持创建可在 Azure、本地和边缘部署的可移植应用程序体系结构。Portable architecture: Enables the creation of a portable application architecture that can be deployed on Azure, on-premises and the edge. 可直接将容器部署到 Azure Kubernetes 服务Azure 容器实例,或部署到 Azure StackKubernetes 集群。Containers can be deployed directly to Azure Kubernetes Service, Azure Container Instances, or to a Kubernetes cluster deployed to Azure Stack. 有关详细信息,请参阅将 Kubernetes 部署到 Azure StackFor more information, see Deploy Kubernetes to Azure Stack.
  • 高吞吐量/低延迟:通过使以物理方式运行的认知服务更深入了解其应用程序逻辑和数据,为客户提供缩放功能,以满足高吞吐量和低延迟扩展要求。High throughput / low latency: Provide customers the ability to scale for high throughput and low latency requirements by enabling Cognitive Services to run physically close to their application logic and data. 容器不限制每秒综合事务数 (TPS),如果提供了必要的硬件资源,它还可进行纵向或横向扩展,来应对需求。Containers do not cap transactions per second (TPS) and can be made to scale both up and out to handle demand if you provide the necessary hardware resources.
  • 可伸缩性:随着容器化和容器业务流程软件(如 Kubernetes)的日益普及,可伸缩性已成为技术进步的前沿领域。Scalability: With the ever growing popularity of containerization and container orchestration software, such as Kubernetes; scalability is at the forefront of technological advancements. 基于可缩放的群集的应用程序开发可满足高可用性的需要。Building on a scalable cluster foundation, application development caters to high availability.

Azure 认知服务中的容器Containers in Azure Cognitive Services

Azure 认知服务容器提供以下一组 Docker 容器,其中每个容器都包含 Azure 认知服务中的服务的功能子集:Azure Cognitive Services containers provide the following set of Docker containers, each of which contains a subset of functionality from services in Azure Cognitive Services:

服务Service 支持的定价层Supported Pricing Tier 容器Container 描述Description
人脸Face F0、S0F0, S0 人脸Face 检测图像中的人脸并标识属性,包括人脸特征(例如,鼻子和眼睛)、性别、年龄和其他计算机预测的面部特征。Detects human faces in images, and identifies attributes, including face landmarks (such as noses and eyes), gender, age, and other machine-predicted facial features. 除检测外,“人脸”还可以使用置信评分检查同一/不同图像中的两张人脸,或根据数据库比较人脸,以查看是否已存在类似或相同的人脸。In addition to detection, Face can check if two faces in the same image or different images are the same by using a confidence score, or compare faces against a database to see if a similar-looking or identical face already exists. 还可以使用共享视觉特征将类似人脸整理为许多组。It can also organize similar faces into groups, using shared visual traits.
LUISLUIS F0、S0F0, S0 LUIS映像LUIS (image) 可将已训练或已发布的语言理解模型(也称为 LUIS 应用)加载到 docker 容器中并提供对容器的 API 终结点中的查询预测的访问权限。Loads a trained or published Language Understanding model, also known as a LUIS app, into a docker container and provides access to the query predictions from the container's API endpoints. 可以从容器中收集查询日志并将这些日志上传回 LUIS 门户以提高应用的预测准确性。You can collect query logs from the container and upload these back to the LUIS portal to improve the app's prediction accuracy.
文本分析Text Analytics F0、SF0, S 关键短语提取(映像Key Phrase Extraction (image) 提取关键短语,以标识要点。Extracts key phrases to identify the main points. 例如,针对输入文本“The food was delicious and there were wonderful staff”,该 API 会返回谈话要点:“food”和“wonderful staff”。For example, for the input text "The food was delicious and there were wonderful staff", the API returns the main talking points: "food" and "wonderful staff".
文本分析Text Analytics F0、SF0, S 语言检测(映像Language Detection (image) 针对多达 120 种语言,检测输入文本是使用哪种语言编写的,并报告请求中提交的每个文档的单个语言代码。For up to 120 languages, detects which language the input text is written in and report a single language code for every document submitted on the request. 语言代码与表示评分强度的评分相搭配。The language code is paired with a score indicating the strength of the score.
文本分析Text Analytics F0、SF0, S 情绪分析 v3(映像Sentiment Analysis v3 (image) 分析原始文本,获取正面或负面情绪的线索。Analyzes raw text for clues about positive or negative sentiment. 此版本的情绪分析为每个文档以及其中的句子返回情绪标签(例如正面或负面) 。This version of sentiment analysis returns sentiment labels (for example positive or negative) for each document and sentence within it.
文本分析Text Analytics F0、SF0, S 运行状况文本分析Text Analytics for health 从非结构化临床文本中提取医疗信息并进行标记。Extract and label medical information from unstructured clinical text.

此外,认知服务 一体化产品/服务资源密钥支持某些容器。In addition, some containers are supported in Cognitive Services All-In-One offering resource keys. 可以为以下服务创建单个认知服务一体化资源,并在支持的服务之间使用相同的计费密钥:You can create one single Cognitive Services All-In-One resource and use the same billing key across supported services for the following services:

  • 计算机视觉Computer Vision
  • 人脸Face
  • LUISLUIS
  • 文本分析Text Analytics

Azure 认知服务中的容器可用性Container availability in Azure Cognitive Services

Azure 认知服务容器通过 Azure 订阅公开发布,并可以从 Microsoft 容器注册表或 Docker 中心拉取 Docker 容器映像。Azure Cognitive Services containers are publicly available through your Azure subscription, and Docker container images can be pulled from either the Microsoft Container Registry or Docker Hub. 可以使用 docker pull 命令从相应注册表下载容器映像。You can use the docker pull command to download a container image from the appropriate registry.

容器存储库和映像Container repositories and images

下表是 Azure 认知服务提供的可用容器映像的列表。The tables below are a listing of the available container images offered by Azure Cognitive Services. 有关所有可用容器映像名称及其可用标记的完整列表,请参阅认知服务容器映像标记For a complete list of all the available container image names and their available tags, see Cognitive Services container image tags.

正式发布Generally available

Microsoft 容器注册表 (MCR) 同步发布了认知服务的所有正式发布的容器。The Microsoft Container Registry (MCR) syndicates all of the generally available containers for Cognitive Services. 还可直接从 Docker Hub 获取容器。The containers are also available directly from the Docker hub.

LUISLUIS

容器Container 容器注册表/存储库/映像名称Container Registry / Repository / Image Name
LUISLUIS mcr.microsoft.com/azure-cognitive-services/language/luis

有关详细信息,请参阅如何运行和安装 LUIS 容器See How to run and install LUIS containers for more information.

文本分析Text Analytics

容器Container 容器注册表/存储库/映像名称Container Registry / Repository / Image Name
情绪分析 v3(英语)Sentiment Analysis v3 (English) mcr.microsoft.com/azure-cognitive-services/textanalytics/sentiment:3.0-en
情绪分析 v3(西班牙语)Sentiment Analysis v3 (Spanish) mcr.microsoft.com/azure-cognitive-services/textanalytics/sentiment:3.0-es
情绪分析 v3(法语)Sentiment Analysis v3 (French) mcr.microsoft.com/azure-cognitive-services/textanalytics/sentiment:3.0-fr
情绪分析 v3(意大利语)Sentiment Analysis v3 (Italian) mcr.microsoft.com/azure-cognitive-services/textanalytics/sentiment:3.0-it
情绪分析 v3(德语)Sentiment Analysis v3 (German) mcr.microsoft.com/azure-cognitive-services/textanalytics/sentiment:3.0-de
情绪分析 v3(简体中文)Sentiment Analysis v3 (Chinese - simplified) mcr.microsoft.com/azure-cognitive-services/textanalytics/sentiment:3.0-zh
情绪分析 v3(繁体中文)Sentiment Analysis v3 (Chinese - traditional) mcr.microsoft.com/azure-cognitive-services/textanalytics/sentiment:3.0-zht
情绪分析 v3(日语)Sentiment Analysis v3 (Japanese) mcr.microsoft.com/azure-cognitive-services/textanalytics/sentiment:3.0-ja
情绪分析 v3(葡萄牙语)Sentiment Analysis v3 (Portuguese) mcr.microsoft.com/azure-cognitive-services/textanalytics/sentiment:3.0-pt
情绪分析 v3(荷兰语)Sentiment Analysis v3 (Dutch) mcr.microsoft.com/azure-cognitive-services/textanalytics/sentiment:3.0-nl

有关详细信息,请参阅如何运行和安装文本分析容器See How to run and install Text Analytics containers for more information.

“非门控式”预览版"Ungated" preview

以下预览版容器现已公开提供。The following preview containers are available publicly. Microsoft 容器注册表 (MCR) 同步发布了认知服务的所有公共可用的“非门控式”容器。The Microsoft Container Registry (MCR) syndicates all of the publicly available ungated containers for Cognitive Services. 还可直接从 Docker Hub 获取容器。The containers are also available directly from the Docker hub.

服务Service 容器Container 容器注册表/存储库/映像名称Container Registry / Repository / Image Name
文本分析Text Analytics 关键短语提取Key Phrase Extraction mcr.microsoft.com/azure-cognitive-services/textanalytics/keyphrase
文本分析Text Analytics 语言检测Language Detection mcr.microsoft.com/azure-cognitive-services/textanalytics/language

“门控式”预览版"Gated" preview

以前,门控式预览版容器托管在 containerpreview.azurecr.io 存储库中。Previously, gated preview containers were hosted on the containerpreview.azurecr.io repository. 从 2020 年 9 月 22 日开始,这些容器(“运行状况文本分析”除外)托管在 Microsoft 容器注册表 (MCR) 中,下载它们不需要使用 docker login 命令。Starting September 22nd 2020, these containers (except Text Analytics for health) are hosted on the Microsoft Container Registry (MCR), and downloading them doesn't require using the docker login command. 若要使用容器,你将需要:To use the container you will need to:

  1. 使用 Azure 订阅 ID 和用户方案填写请求表单Complete a request form with your Azure Subscription ID and user scenario.
  2. 获得批准后,从 MCR 下载容器。Upon approval, download the container from the MCR.
  3. 使用相应 Azure 资源中的密钥和终结点在运行时进行容器身份验证。Use the key and endpoint from an appropriate Azure resource to authenticate the container at runtime.
服务Service 容器Container 容器注册表/存储库/映像名称Container Registry / Repository / Image Name
计算机视觉Computer Vision Read v2.0Read v2.0 mcr.microsoft.com/azure-cognitive-services/vision/read:2.0-preview
计算机视觉Computer Vision Read v3.1Read v3.1 mcr.microsoft.com/azure-cognitive-services/vision/read:3.1-preview
运行状况文本分析Text Analytics for health 运行状况文本分析Text Analytics for health containerpreview.azurecr.io/microsoft/cognitive-services-healthcare

先决条件Prerequisites

使用 Azure 认知服务容器之前,必须先满足以下先决条件:You must satisfy the following prerequisites before using Azure Cognitive Services containers:

Docker 引擎:必须在本地安装 Docker 引擎。Docker Engine: You must have Docker Engine installed locally. Docker 提供用于在 macOSLinuxWindows 上配置 Docker 环境的包。Docker provides packages that configure the Docker environment on macOS, Linux, and Windows. 在 Windows 上,必须将 Docker 配置为支持 Linux 容器。On Windows, Docker must be configured to support Linux containers. 还可直接将 Docker 容器直接部署到 Azure Kubernetes 服务Azure 容器实例Docker containers can also be deployed directly to Azure Kubernetes Service or Azure Container Instances.

必须将 Docker 配置为允许容器连接 Azure 并向其发送账单数据。Docker must be configured to allow the containers to connect with and send billing data to Azure.

熟悉 Microsoft 容器注册表和 Docker:应对 Microsoft 容器注册表和 Docker 概念有基本的了解,例如注册表、存储库、容器和容器映像,以及基本的 docker 命令的知识。Familiarity with Microsoft Container Registry and Docker: You should have a basic understanding of both Microsoft Container Registry and Docker concepts, like registries, repositories, containers, and container images, as well as knowledge of basic docker commands.

有关 Docker 和容器的基础知识,请参阅 Docker 概述For a primer on Docker and container basics, see the Docker overview.

各容器还可以有其自己的要求,包括服务器和内存分配要求。Individual containers can have their own requirements, as well, including server and memory allocation requirements.

Azure 认知服务容器安全性Azure Cognitive Services container security

开发应用程序时,安全性是主要关注因素。Security should be a primary focus whenever you're developing applications. 安全性重要是因为它是成功的指标。The importance of security is a metric for success. 构建包含认知服务容器的软件解决方案时,必须了解你所受的限制和能够使用的功能。When you're architecting a software solution that includes Cognitive Services containers, it's vital to understand the limitations and capabilities available to you. 有关网络安全性的详细信息,请参阅配置 Azure 认知服务虚拟网络For more information about network security, see Configure Azure Cognitive Services virtual networks.

重要

默认情况下,认知服务容器 API 上没有安全措施。By default there is no security on the Cognitive Services container API. 之所以这样设置,是因为大多数情况下容器会作为 Pod 的一部分运行,而 Pod 受网络桥的保护,与外部隔离。The reason for this is that most often the container will run as part of a pod which is protected from the outside by a network bridge. 但是,可以在启用身份验证时,让其工作起来与访问基于云的认知服务时使用的身份验证完全相同。However, it is possible to enable authentication which works identically to the authentication used when accessing the cloud-based Cognitive Services.

下图演示了默认的 非安全 方法:The diagram below illustrates the default and non-secure approach:

容器安全性

认知服务容器的所有者可以通过一个前置组件来增强容器,让容器终结点保持专用,这是一种替代的安全方法。As an alternative and secure approach, consumers of Cognitive Services containers could augment a container with a front-facing component, keeping the container endpoint private. 让我们考虑一个方案,在该方案中,我们使用 Istio 作为入口网关。Let's consider a scenario where we use Istio as an ingress gateway. Istio 支持 HTTPS/TLS 和客户端证书身份验证。Istio supports HTTPS/TLS and client-certificate authentication. 在此方案中,Istio 前端会公开容器访问权限,提供的客户端证书已事先通过 Istio 获得批准。In this scenario, the Istio frontend exposes the container access, presenting the client certificate that is approved beforehand with Istio.

在同一类别中,Nginx 是另一常用的选择。Nginx is another popular choice in the same category. Istio 和 Nginx 都充当服务网格,并提供其他功能,例如负载均衡、路由和速率控制。Both Istio and Nginx act as a service mesh and offer additional features including things like load-balancing, routing, and rate-control.

容器网络Container networking

若要提交计费所需的计量信息,则需要认知服务容器。The Cognitive Services containers are required to submit metering information for billing purposes. 如果无法允许列出认知服务容器依赖的各种网络通道,则容器不能正常运行。Failure to allow list various network channels that the Cognitive Services containers rely on will prevent the container from working.

允许列出认知服务域和端口Allow list Cognitive Services domains and ports

主机应该允许列出 端口 443 和以下域:The host should allow list port 443 and the following domains:

  • *.cognitive.azure.cn
  • *.cognitiveservices.azure.cn

禁用深度行数据包检查Disable deep packet inspection

深度数据包检查 (DPI) 是一种数据处理,它会详细检查通过计算机网络发送的数据,并且通常会对其采取阻止、重新路由或日志记录等相应操作。Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and usually takes action by blocking, re-routing, or logging it accordingly.

在认知服务容器创建的通往 Microsoft 服务器的安全通道上禁用 DPI。Disable DPI on the secure channels that the Cognitive Services containers create to Microsoft servers. 如果不能这样做,则容器无法正常运行。Failure to do so will prevent the container from functioning correctly.

博客文章Blog posts

开发人员示例Developer samples

可在 GitHub 存储库中查看开发人员示例。Developer samples are available at our GitHub repository.

观看网络研讨会View webinar

加入网络研讨会了解:Join the webinar to learn about:

  • 如何将认知服务部署到任何使用 Docker 的计算机How to deploy Cognitive Services to any machine using Docker
  • 如何将认知服务部署到 AKSHow to deploy Cognitive Services to AKS

后续步骤Next steps

安装和浏览 Azure 认知服务中的容器提供的功能:Install and explore the functionality provided by containers in Azure Cognitive Services: