There is numbers of options how you can host docker containers on Azure. I will focus only on fully managed services. Some of them are still in preview.
[TOC]
To keep it as simple as possible I will be using multi-platform tools to cover as much scenarios as possible.
We will need:
Azure CLI is a multi-platform tool for managing Azure resources. You can download and install from here.
If you are installing Azure CLI into docker container, use this command.
pip install azure-cli
You are just about to deploy Docker container, so you should have Docker installed, right?. If not download from here.
Same situation. If are reading this article, most probably you do have some Azure subscription. If not go here, please.
Once all tools are install, it is time to setup Azure subscription. Open Azure CLI and run
az login
You will get request for interactive login like:
Please open https://aka.ms/devicelogin and finish authentication.
Maybe you are thinking about some way of automation so interactive login is not an option for you. To do that we will be using service principal next time. To create one we have to chose resource group.
You should get list of subscription after successful login or you can list them by running
az account list
Find you subscription and select it by running
az account set -s <subscription name>
Write down even Subscription ID for later use.
I'd like to simplify command parameters so we can set default location for our resources. Doing them we can let out future --location
az configure --defaults location=<location>
You can list all locations available for selected subscription by running
az account list-locations
Then create resource group
az group create -n <resource group name>
It need for creation service principal
az group list
#TODO NEED A PICTION
az group list --query "[?name=='resource_group_name']"
For service principal (SP) we need to specify a scope. In our case it will be newly created resource group.
Then create SP by running
az ad sp create-for-rbac --role "Contributor" --scopes="/subscriptions/<subscription id>/resourceGroups/<resource group name>"
Btw, take a closer look on output from previous command. Can you see. :-) Yes, you can take the scope from there. So did you write it down manually or copy-and-paste?
You should get response like:
Now it is time to login using SP
az login --service-principal -u <appId> -p <password> -t <Directory ID>
Directory ID aka Tenant ID can be found here
If you also need to have private storage for your Docker containers, there is a service for that named Azure Container Registry (ACR). So firstly let's create out private Docker registry.
To create ACR we just need to specify SKU by running
az acr create --resource-group <resource group name> --name <container registry name> --sku <sku> --admin-enabled true
Let's have your own Docker image ready. Then we have to log-in to ACR by running
az acr login -n <acr name>
Tag image
docker tag <image name> <acr name>.azurecr.io/<image name>
Next we need to authorize docker to ACR. User name is ACR name and password can be retrieved by running
az acr credential show -n <ACR name> -o table
Then just simply
docker login <ACR name>.azurecr.io -u <ACR name> -p <password>
and push the image
docker push <ACR name>.azurecr.io/<image name>
You can double-check by running
az acr repository list -n <ACR name> -o table
az container create -g <resource group> -n <instance name> --image <ACR name>.azurecr.io/<image name> --cpu <#core> --memory <#GB> --os-type <Linux|Windows> --ports <space separated ports> --registry-password <ACR password> --dns-name-label <dns name label for group with public IP>
Full list of parameters here.
Outpus should looks like this:
{
"additionalProperties": {},
"containers": [
{
"additionalProperties": {},
"command": null,
"environmentVariables": [],
"image": "pospascontainerregistry.azurecr.io/nginx",
"instanceView": null,
"name": "pospasinstance",
"ports": [
{
"additionalProperties": {},
"port": 80,
"protocol": null
}
],
"resources": {
"additionalProperties": {},
"limits": null,
"requests": {
"additionalProperties": {},
"cpu": 1.0,
"memoryInGb": 1.0
}
},
"volumeMounts": null
}
],
"id": "/subscriptions/58f7e072-a001-45c1-a786-26e8da50e91a/resourceGroups/DockerOnAzure/providers/Microsoft.ContainerInstance/containerGroups/pospasinstance",
"imageRegistryCredentials": [
{
"additionalProperties": {},
"password": null,
"server": "pospascontainerregistry.azurecr.io",
"username": "pospascontainerregistry"
}
],
"instanceView": {
"additionalProperties": {},
"events": [],
"state": "Pending"
},
"ipAddress": {
"additionalProperties": {},
"dnsNameLabel": "pospasinstance",
"fqdn": "pospasinstance.westeurope.azurecontainer.io",
"ip": "13.80.153.169",
"ports": [
{
"additionalProperties": {},
"port": 80,
"protocol": "TCP"
}
]
},
"location": "westeurope",
"name": "pospasinstance",
"osType": "Linux",
"provisioningState": "Creating",
"resourceGroup": "DockerOnAzure",
"restartPolicy": "Always",
"tags": null,
"type": "Microsoft.ContainerInstance/containerGroups",
"volumes": null
}
Find parameter fqdn or IP under ipAddress and open it. Of course in case there is a web app inside the container. :-)
If you get error message like Subscription is not registered for Microsoft.ContainerInstance namespace, please run
az provider register -n Microsoft.ContainerInstance
This command must be be running not under SP we have created, but ideally under subscription owner. Best way how to do that is using build-in CLI in Azure Portal or re-login using interactive log-in
Now let's try to do the same for Web App.
We have to start with the App Service Plan (ASP) to have hosting environment for out app.
az appservice plan create -n <ASP name> -g <resource group> --sku <sku> --is-linux
SKUs can be found here.
Next Web App
az webapp create -g <resource group name> -p <ASP name> -n <app name> -r <anything :-)>
And as a last step, we need to configure Web App to tun our Docker container
az webapp config container set -n <app name> -g <resource group name> -i <ACR name>.azurecr.io/<image name> -r https://<ACR name>.azurecr.io -u <ACR name> -p <ACR password>
Firstly, AKS is not a typo. Acure Container Service abbreviation is really AKS. ACS stands for Access Control Service
//ToDo