{"id":14,"date":"2021-05-10T15:06:00","date_gmt":"2021-05-10T15:06:00","guid":{"rendered":""},"modified":"2021-09-23T17:56:58","modified_gmt":"2021-09-23T15:56:58","slug":"docker-and-container-registry-in-azure","status":"publish","type":"post","link":"http:\/\/panahy.nl\/index.php\/2021\/05\/10\/docker-and-container-registry-in-azure\/","title":{"rendered":"Docker and Container Registry in Azure"},"content":{"rendered":"<p><span style=\"background-color: white; color: #172b4d; font-size: 16px; letter-spacing: -0.08px; white-space: pre-wrap;\">The purpose of this page is to show the steps to create a simple webapp running as a docker container in Azure.<\/span><\/p>\n<div style=\"background-color: white; clear: both; display: flex; flex-direction: row; margin: 20px 0px 0px; padding: 0px;\" data-layout-section=\"true\">\n<div style=\"flex: 1 1 66.66%; margin: 0px; min-width: 0px; padding: 0px;\" data-column-width=\"66.66\" data-layout-column=\"true\">\n<div style=\"margin: 0px; padding: 0px; position: relative; width: 902.672px;\">\n<h2 style=\"color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 1.43em; font-style: inherit; font-weight: normal; letter-spacing: -0.008em; line-height: 1.2; margin: 1.8em 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"116\">Create Container Registry<button style=\"color: #42526e; cursor: pointer; display: inline; font-family: inherit; opacity: 0; outline: none; padding-left: 0px; padding-right: 0px; right: 0px; transform: translate(-8px, 0px); transition: opacity 0.2s ease 0s, transform 0.2s ease 0s; border: initial none initial;\"><\/button><\/h2>\n<p style=\"color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 1em; letter-spacing: -0.005em; line-height: 1.714; margin: 0.75rem 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"143\">I am using a new Azure Container Registry in my resource group called SecuredContainerRegistry which I will refer to throughout this page. I have created this using a Basic SKU which is sufficient enough for this purpose. If you need a <strong data-renderer-mark=\"true\">private endpoint<\/strong> you need to change he SKU to premium.<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"json\">\"resources\": [{\r\n        \"type\": \"Microsoft.ContainerRegistry\/registries\",\r\n        \"apiVersion\": \"2020-11-01-preview\",\r\n        \"name\": \"SecuredContainerRegistry\",\r\n        \"location\": \"[resourceGroup().location]\",\r\n        \"dependsOn\": [],\r\n        \"tags\": \"[variables('tagsArray')]\",\r\n        \"sku\": {\r\n            \"name\": \"Basic\",\r\n            \"tier\": \"Basic\"\r\n        },\r\n        \"properties\": {\r\n            \"adminUserEnabled\": true,\r\n            \"publicNetworkAccess\": \"Enabled\",\r\n            \"zoneRedundancy\": \"Disabled\"\r\n        }\r\n    }\r\n<\/pre>\n<p style=\"color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 1em; letter-spacing: -0.005em; line-height: 1.714; margin: 0.75rem 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"1040\">The main change after creating the Container Registry using Default options is to <strong data-renderer-mark=\"true\">enable Admin user<\/strong> which allows us to login used by docker.<\/p>\n<p style=\"color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 1em; letter-spacing: -0.005em; line-height: 1.714; margin: 0.75rem 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"1182\">Next important change we do on this resource is to register this resource in AAD by giving it a <strong data-renderer-mark=\"true\">System assigned Identity<\/strong> using the portal.<\/p>\n<h2 style=\"color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 1.43em; font-style: inherit; font-weight: normal; letter-spacing: -0.008em; line-height: 1.2; margin: 1.8em 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"1322\">Add Service connection<button style=\"color: #42526e; cursor: pointer; display: inline; font-family: inherit; opacity: 0; outline: none; padding-left: 0px; padding-right: 0px; right: 0px; transform: translate(-8px, 0px); transition: opacity 0.2s ease 0s, transform 0.2s ease 0s; border: initial none initial;\"><\/button><\/h2>\n<p style=\"color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 1em; letter-spacing: -0.005em; line-height: 1.714; margin: 0.75rem 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"1346\">Next you need to add a service connection in your Azure Devops project using <strong data-renderer-mark=\"true\">service principal authentication<\/strong> that to get access to Azure Container Registry. In the popup select <em data-renderer-mark=\"true\">Azure Container registery<\/em> as Registry type, then select your azure container registry and give the service connection a name.<\/p>\n<\/div>\n<\/div>\n<div style=\"color: #172b4d; flex: 1 1 33.33%; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 16px; margin: 0px 0px 0px 32px; min-width: 0px; padding: 0px; white-space: pre-wrap;\" data-column-width=\"33.33\" data-layout-column=\"true\">\n<div style=\"margin: 0px; padding: 0px; position: relative; width: 451.328px;\">\n<div style=\"margin: 0px; padding: 0px; position: absolute; width: 451.328px;\"><\/div>\n<div style=\"margin: 0px; padding: 0px;\"><\/div>\n<p style=\"font-size: 1em; letter-spacing: -0.005em; line-height: 1.714; margin: 0.75rem 0px 0px; padding: 0px;\" data-renderer-start-pos=\"1670\">\n<\/div>\n<\/div>\n<\/div>\n<h2 style=\"background-color: white; color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 1.43em; font-weight: normal; letter-spacing: -0.008em; line-height: 1.2; margin: 1.8em 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"1687\">Buid and Deploy Docker project<button style=\"color: #42526e; cursor: pointer; display: inline; font-family: inherit; opacity: 0; outline: none; padding-left: 0px; padding-right: 0px; right: 0px; transform: translate(-8px, 0px); transition: opacity 0.2s ease 0s, transform 0.2s ease 0s; border: initial none initial;\"><\/button><\/h2>\n<p style=\"background-color: white; color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 16px; letter-spacing: -0.005em; line-height: 1.714; margin: 0.75rem 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"1719\">Create a .net core application including a Dockerfile for windows. When you choose in Visual Studio it generates a Dockerfile which is not completely working. The following example is changed version of that file which works fine:<\/p>\n<div style=\"background-color: white; border-radius: 3px; clear: both; display: grid; grid-template-columns: minmax(0px, 1fr); margin: 0.75rem 0px 0px; max-width: 100%; overflow-wrap: normal; padding: 0px; position: relative; tab-size: 4;\">\n<div style=\"--line-number-bg-color: #EBECF0; margin: 0px; padding: 0px; text-align: left;\" data-code-block=\"\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">#See https:\/\/aka.ms\/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.\r\n#Depending on the operating system of the host machines(s) that will build or run the containers, the image specified in the FROM statement may need to be changed.\r\n#For more information, please see https:\/\/aka.ms\/containercompat\r\n\r\n\r\nFROM mcr.microsoft.com\/dotnet\/aspnet:5.0 AS base\r\nWORKDIR \/app\r\nEXPOSE 80\r\nEXPOSE 443\r\n\r\n\r\nFROM mcr.microsoft.com\/dotnet\/sdk:5.0 AS build\r\nWORKDIR \/src\r\nCOPY [\"*.csproj\", \"SecuredWebApi\/\"]\r\nRUN dotnet restore \"SecuredWebApi\/SecuredWebApi.csproj\"\r\nWORKDIR \"\/src\/SecuredWebApi\"\r\nCOPY . .\r\nRUN dotnet build \"SecuredWebApi.csproj\" -c Release -o \/app\/build\r\n\r\n\r\nFROM build AS publish\r\nRUN dotnet publish \"SecuredWebApi.csproj\" -c Release -o \/app\/publish\r\n\r\n\r\nFROM base AS final\r\nWORKDIR \/app\r\nCOPY --from=publish \/app\/publish .\r\nENTRYPOINT [\"dotnet\", \"SecuredWebApi.dll\"]<\/pre>\n<p><span style=\"color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 1.43em; letter-spacing: -0.008em; white-space: pre-wrap;\">Create Container Instance<\/span><\/div>\n<div style=\"--line-number-bg-color: #EBECF0; margin: 0px; padding: 0px; text-align: left;\" data-code-block=\"\"><button style=\"color: #42526e; cursor: pointer; display: inline; font-family: inherit; opacity: 0; outline: none; padding-left: 0px; padding-right: 0px; right: 0px; transform: translate(-8px, 0px); transition: opacity 0.2s ease 0s, transform 0.2s ease 0s; border: initial none initial;\"><\/button><span style=\"color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 1.43em; letter-spacing: -0.008em; white-space: pre-wrap;\">Next step is to create an Azure Container instance. In my example I gave it the name container-instance. During the creation you need to connect this to a container registry. You can choose Azure Container Registry created in the first step above. Once you have a successful build you will have an image available to associate it with it. Based on my sample project I named this instance <\/span><span style=\"-webkit-box-decoration-break: clone; background-color: rgba(9, 30, 66, 0.08); border-radius: 3px; border-style: none; box-shadow: rgba(9, 30, 66, 0.08) -4px 0px 0px 0px, rgba(9, 30, 66, 0.08) 4px 0px 0px 0px; font-size: 13.712px; margin: 0px 4px; overflow: auto; padding: 2px 0px;\" data-renderer-mark=\"true\">secured-container-instance<\/span><span style=\"color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; white-space: pre-wrap; letter-spacing: -0.005em;\"> and Azure portal automatically recognizes the container registery when you select the Image Source from Azure Container Registry. For this project I exposed ports 80 and port 443<\/span><\/div>\n<div data-code-block=\"\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">resources\": [ { \"location\": \"westeurope\", \"name\": \"secured-container-instance\", \"type\": \"Microsoft.ContainerInstance\/containerGroups\", \"apiVersion\": \"2021-03-01\", \"properties\": { \"containers\": [ { \"name\": \"secured-container-instance\", \"properties\": { \"image\": \"securedcontainerregistry.azurecr.io\/securedazurelib:latest\", \"resources\": { \"requests\": { \"cpu\": \"1\", \"memoryInGB\": \"1.5\" } }, \"ports\": [ { \"protocol\": \"TCP\", \"port\": 80 }, { \"protocol\": \"TCP\", \"port\": 443 } ], } } ], \"restartPolicy\": \"[parameters('restartPolicy')]\", \"osType\": \"Linux\", \"imageRegistryCredentials\": [ { \"server\": \"securedcontainerregistry.azurecr.io\", \"username\": \"[parameters('imageUsername')]\", \"password\": \"[parameters('imagePassword')]\" } ], \"ipAddress\": { \"type\": \"Public\", \"ports\": \"80 (TCP), 443 (TCP)\" } }, \"tags\": {} }<\/pre>\n<p><span style=\"color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 1.43em; letter-spacing: -0.008em; white-space: pre-wrap;\">Start the instance<\/span><\/p>\n<\/div>\n<\/div>\n<h2 style=\"background-color: white; color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 1.43em; font-weight: normal; letter-spacing: -0.008em; line-height: 1.2; margin: 1.8em 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"5328\"><\/h2>\n<p style=\"background-color: white; color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 16px; letter-spacing: -0.005em; line-height: 1.714; margin: 0.75rem 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"5348\">By starting the instance on Container the image gets pulled and deployed in the container instance. On the Azure Portal you can look into the public ip adress and check the website is running and accessible.<\/p>\n<p style=\"background-color: white; color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 16px; letter-spacing: -0.005em; line-height: 1.714; margin: 0.75rem 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"5557\">A container instance can be started using docker command: <span style=\"-webkit-box-decoration-break: clone; background-color: rgba(9, 30, 66, 0.08); border-radius: 3px; border-style: none; box-shadow: rgba(9, 30, 66, 0.08) -4px 0px 0px 0px, rgba(9, 30, 66, 0.08) 4px 0px 0px 0px; font-size: 13.712px; margin: 0px 4px; overflow: auto; padding: 2px 0px;\" data-renderer-mark=\"true\">docker run securedcontainerregistry.azurecr.io\/securedazurelib:latest<\/span> The following job tasks will start an instance in an Azure pipeline<\/p>\n<div style=\"background-color: white; border-radius: 3px; clear: both; display: grid; grid-template-columns: minmax(0px, 1fr); margin: 0.75rem 0px 0px; max-width: 100%; overflow-wrap: normal; padding: 0px; position: relative; tab-size: 4;\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">jobs:\r\n  - job: RunTest\r\n    workspace:\r\n      clean: all\r\n    pool:\r\n      vmImage: 'ubuntu-latest'\r\n    steps:\r\n    - task: Docker@2\r\n      displayName: Login to ACR\r\n      inputs:\r\n        command: login\r\n        containerRegistry: securedcontainerregistry\r\n    - script: |\r\n        docker run securedcontainerregistry.azurecr.io\/somerepo\/securedazurelib:latest<\/pre>\n<\/div>\n<h2 style=\"background-color: white; color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 1.43em; font-weight: normal; letter-spacing: -0.008em; line-height: 1.2; margin: 1.8em 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"6083\">Security<button style=\"color: #42526e; cursor: pointer; display: inline; font-family: inherit; opacity: 0; outline: none; padding-left: 0px; padding-right: 0px; right: 0px; transform: translate(-8px, 0px); transition: opacity 0.2s ease 0s, transform 0.2s ease 0s; border: initial none initial;\"><\/button><\/h2>\n<p style=\"background-color: white; color: #172b4d; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Noto Sans', Ubuntu, 'Droid Sans', 'Helvetica Neue', sans-serif; font-size: 16px; letter-spacing: -0.005em; line-height: 1.714; margin: 0.75rem 0px 0px; padding: 0px; white-space: pre-wrap;\" data-renderer-start-pos=\"6093\">You can register the container instance in AAD using Manage Identity and then assign a role in KeyVault for that identity to allow access to secrets.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The purpose of this page is to show the steps to create a simple webapp running as a docker container in Azure. Create Container Registry I am using a new Azure Container Registry in my resource group called SecuredContainerRegistry which I will refer to throughout this page. I have created this using a Basic SKU &hellip; <a href=\"http:\/\/panahy.nl\/index.php\/2021\/05\/10\/docker-and-container-registry-in-azure\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Docker and Container Registry in Azure&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,11],"tags":[],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"post-thumbnail":false},"uagb_author_info":{"display_name":"Pouya Panahy","author_link":"http:\/\/panahy.nl\/index.php\/author\/pouya\/"},"uagb_comment_info":0,"uagb_excerpt":"The purpose of this page is to show the steps to create a simple webapp running as a docker container in Azure. Create Container Registry I am using a new Azure Container Registry in my resource group called SecuredContainerRegistry which I will refer to throughout this page. I have created this using a Basic SKU&hellip;","_links":{"self":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts\/14"}],"collection":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/comments?post=14"}],"version-history":[{"count":4,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts\/14\/revisions"}],"predecessor-version":[{"id":183,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts\/14\/revisions\/183"}],"wp:attachment":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/media?parent=14"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/categories?post=14"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/tags?post=14"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}