There is numbers of options how you can host docker containers on Azure. I will focus only on fully managed services. Some of them are still in preview.

[TOC]

To keep it as simple as possible I will be using multi-platform tools to cover as much scenarios as possible.

We will need:

• Azure CLI
• Docker
• Azure Subscription

Azure CLI is a multi-platform tool for managing Azure resources. You can download and install from here.

If you are installing Azure CLI into docker container, use this command.

pip install azure-cli

You are just about to deploy Docker container, so you should have Docker installed, right?. If not download from here.

• Docker CE for Windows
• Docker CE for Mac
• Docker CE for Ubuntu

Same situation. If are reading this article, most probably you do have some Azure subscription. If not go here, please.

• Azure free trial
• Buy Azure
• Azure Pass
• Visual Studio Essential with Azure

Once all tools are install, it is time to setup Azure subscription. Open Azure CLI and run

az login

You will get request for interactive login like:

Please open https://aka.ms/devicelogin and finish authentication.

Maybe you are thinking about some way of automation so interactive login is not an option for you. To do that we will be using service principal next time. To create one we have to chose resource group.

You should get list of subscription after successful login or you can list them by running

az account list

Find you subscription and select it by running

az account set -s <subscription name>

Write down even Subscription ID for later use.

I'd like to simplify command parameters so we can set default location for our resources. Doing them we can let out future --location

az configure --defaults location=<location>

You can list all locations available for selected subscription by running

az account list-locations

Then create resource group

az group create -n <resource group name>

It need for creation service principal

az group list

#TODO NEED A PICTION

az group list --query "[?name=='resource_group_name']"

For service principal (SP) we need to specify a scope. In our case it will be newly created resource group.

Then create SP by running

az ad sp create-for-rbac --role "Contributor" --scopes="/subscriptions/<subscription id>/resourceGroups/<resource group name>"

Btw, take a closer look on output from previous command. Can you see. :-) Yes, you can take the scope from there. So did you write it down manually or copy-and-paste?

You should get response like:

Now it is time to login using SP

az login --service-principal -u <appId> -p <password> -t <Directory ID>

Directory ID aka Tenant ID can be found here

If you also need to have private storage for your Docker containers, there is a service for that named Azure Container Registry (ACR). So firstly let's create out private Docker registry.

To create ACR we just need to specify SKU by running

az acr create --resource-group <resource group name> --name <container registry name> --sku <sku> --admin-enabled true

Let's have your own Docker image ready. Then we have to log-in to ACR by running

az acr login -n <acr name>

Tag image

docker tag <image name> <acr name>.azurecr.io/<image name>

Next we need to authorize docker to ACR. User name is ACR name and password can be retrieved by running

az acr credential show -n <ACR name> -o table

Then just simply

docker login <ACR name>.azurecr.io -u <ACR name> -p <password>

and push the image

docker push <ACR name>.azurecr.io/<image name>

You can double-check by running

az acr repository list -n <ACR name> -o table

az container create -g <resource group> -n <instance name> --image <ACR name>.azurecr.io/<image name> --cpu <#core> --memory <#GB> --os-type <Linux|Windows> --ports <space separated ports> --registry-password <ACR password> --dns-name-label <dns name label for group with public IP>

Full list of parameters here.

Outpus should looks like this:

{
  "additionalProperties": {},
  "containers": [
    {
      "additionalProperties": {},
      "command": null,
      "environmentVariables": [],
      "image": "pospascontainerregistry.azurecr.io/nginx",
      "instanceView": null,
      "name": "pospasinstance",
      "ports": [
        {
          "additionalProperties": {},
          "port": 80,
          "protocol": null
        }
      ],
      "resources": {
        "additionalProperties": {},
        "limits": null,
        "requests": {
          "additionalProperties": {},
          "cpu": 1.0,
          "memoryInGb": 1.0
        }
      },
      "volumeMounts": null
    }
  ],
  "id": "/subscriptions/58f7e072-a001-45c1-a786-26e8da50e91a/resourceGroups/DockerOnAzure/providers/Microsoft.ContainerInstance/containerGroups/pospasinstance",
  "imageRegistryCredentials": [
    {
      "additionalProperties": {},
      "password": null,
      "server": "pospascontainerregistry.azurecr.io",
      "username": "pospascontainerregistry"
    }
  ],
  "instanceView": {
    "additionalProperties": {},
    "events": [],
    "state": "Pending"
  },
  "ipAddress": {
    "additionalProperties": {},
    "dnsNameLabel": "pospasinstance",
    "fqdn": "pospasinstance.westeurope.azurecontainer.io",
    "ip": "13.80.153.169",
    "ports": [
      {
        "additionalProperties": {},
        "port": 80,
        "protocol": "TCP"
      }
    ]
  },
  "location": "westeurope",
  "name": "pospasinstance",
  "osType": "Linux",
  "provisioningState": "Creating",
  "resourceGroup": "DockerOnAzure",
  "restartPolicy": "Always",
  "tags": null,
  "type": "Microsoft.ContainerInstance/containerGroups",
  "volumes": null
}

Find parameter fqdn or IP under ipAddress and open it. Of course in case there is a web app inside the container. :-)

If you get error message like Subscription is not registered for Microsoft.ContainerInstance namespace, please run

az provider register -n Microsoft.ContainerInstance

This command must be be running not under SP we have created, but ideally under subscription owner. Best way how to do that is using build-in CLI in Azure Portal or re-login using interactive log-in

Now let's try to do the same for Web App.

We have to start with the App Service Plan (ASP) to have hosting environment for out app.

az appservice plan create -n <ASP name> -g <resource group> --sku <sku> --is-linux

SKUs can be found here.

Next Web App

az webapp create -g <resource group name> -p <ASP name> -n <app name> -r <anything :-)>

And as a last step, we need to configure Web App to tun our Docker container

az webapp config container set -n <app name> -g <resource group name> -i <ACR name>.azurecr.io/<image name> -r https://<ACR name>.azurecr.io -u <ACR name> -p <ACR password>

Firstly, AKS is not a typo. Acure Container Service abbreviation is really AKS. ACS stands for Access Control Service

//ToDo