Skip to content

Container

  • Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to provision any virtual machines and without having to adopt a higher-level service
  • Image source
  • Quickstart images
  • Azure Container Registry
  • Docker Hub or others
  • One container instance can have multiple containers (container groups)

Container groups

  • A collection of containers. In the end it's still a container instance!
  • Same host machine, network and volumes
  • Can be deployed with ARM or YAML
  • For yamls, it receives the field type: Microsoft.ContainerInstance/containerGroups
  • To reference services between containers in the same container group you must use localhost (not the dns of the container)
# create container group from yaml
az container create \
  --resource-group "demo-rg" \
  --name "demo-container-group" \
  --file "container-group.yaml"

apiVersion: 2019-12-01
type: Microsoft.ContainerInstance/containerGroups
name: AppGroup
location: northeurope
properties:
  osType: Linux
  containers:
    - name: db
      properties:
        image: hvitoi.azurecr.io/customsql:latest
        resources:
          requests:
            cpu: 1
            memoryInGb: 1.5
        ports:
          - port: 3306
    - name: web
      properties:
        image: hvitoi.azurecr.io/sqlapp:latest
        resources:
          requests:
            cpu: 1
            memoryInGb: 1.5
        ports:
          - port: 80
  ipAddress:
    type: Public
    ports:
      - protocol: tcp
        port: 80
  imageRegistryCredentials:
    - server: appregistry100012.azurecr.io
      username: appregistry100012
      password: oYS=UdwYHQEGuRWCzj/oI9=q04BEL04s

Containerized dotnet application

FROM mcr.microsoft.com/dotnet/aspnet:5.0
WORKDIR /app
COPY ./bin/Release/net5.0/publish/. .
ENV ASPNETCORE_URLS=http://+:5000
EXPOSE 5000
ENTRYPOINT ["dotnet", "app.dll"]

docker image build -t app .
docker container run -d -p 5000:5000 app

Pull images from ACR

  • Admin user in ACR must be enabled
  • To pull images from ACR, admin user must be enabled under Access Keys
apiVersion: 2019-12-01
type: Microsoft.ContainerInstance/containerGroups
name: demo-container # name of the container instance
location: eastus
tags: null
properties:
  osType: Linux
  containers:
    - name: nginx
      properties:
        image: hvitoi.azurecr.io/nginx
        resources:
          requests:
            cpu: 1
            memoryInGb: 1.5
        ports:
          - port: 80
        volumeMounts:
          - mountPath: /mounts/secrets
            name: volumesecret
  volumes:
    - name: volumesecret
      secret:
        storage-connection: base64-encoded-connection-string # storage account credentials
  imageRegistryCredentials:
    - server: hvitoi.azurecr.io
      username: hvitoi
      password: pass1234 # container registry credentials
  ipAddress:
    type: Public # associate a public ip address to the container instance
    ports:
      - protocol: tcp
        port: 80 # expose port 80

Secrets

  • Read all files from the secret volume
string mountPath = "/mounts/secrets";

// Get the secrets mounted into the container
var folders = Directory.GetDirectories(mountPath);
foreach(var folder in folders)
{
  Console.WriteLine($"Folder : {folder.ToString()}");
  var AllFiles = Directory.GetFiles(folder);
  foreach(var file in AllFiles)
  {
    storageconnstring = File.ReadAllText(file);
    Console.WriteLine(storageconnstring);
  }
}
  • Read connection string from the secret volume
private static string container_name = "data";
private static string local_blob = "/app/data/commands.txt";
private static string blob_name = "commands.txt";
private static string secretname = "/mounts/secrets/storage-connection";
static void Main(string[] args)
{
  string blobConnectionString = File.ReadAllText(secretname);
  BlobServiceClient blobServiceClient = new BlobServiceClient(blobConnectionString);
  BlobContainerClient containerClient = blobServiceClient.GetBlobContainerClient(container_name);
  BlobClient blobClient = containerClient.GetBlobClient(blobName);
  blobClient.DownloadTo(local_blob);
  Console.WriteLine("Blob downloaded");
}

Volumes

  • Assuming a containerized blob client
  • E.g., Files shares: files will be saved to the mounted volume inside of the container. The volume mounted is the file share itself. Therefore, all the changes are reflected to the file share
apiVersion: 2019-12-01
type: Microsoft.ContainerInstance/containerGroups
name: AppGroup
location: northeurope
properties:
  osType: Linux
  restartPolicy: Never
  containers:
    - name: my-blob-client
      properties:
        image: hvitoi.azurecr.io/blobproject:latest
        resources:
          requests:
            cpu: 1
            memoryInGb: 1.5
        volumeMounts:
          - mountPath: /app/data
            name: filesharevolume
  volumes:
    - name: filesharevolume
      azureFile:
        sharename: share-name
        storageAccountName: hvitoi
        storageAccountKey: storage-account-key
    - name: accesskey
      secret:
        key: my-file
  imageRegistryCredentials:
    - server: hvitoi.azurecr.io
      username: username
      password: pasword

BlobServiceClient blobServiceClient = new BlobServiceClient(connectionString);
BlobContainerClient containerClient = _client.GetBlobContainerClient(containerName);
BlobClient blobClient = containerClient.GetBlobClient(blobName);

Console.WriteLine("Initiating download");
blobClient.DownloadTo('/app/data/file.json');
Console.WriteLine("Blob downloaded");