Az-204 - Prep - How To - Creating a container and access its service in Azure environment with ACR

  September 13, 2021 Raaz   , , , , , ,   No comments   Edit

Hello Team, 

Below commands can be used to create a container with image from ACR and to access the container service.


az login \
--username <> \
--password <> \

az group list | select -p name

# Deploying a container from public registry
az container create \
--resource-group "1-028b2503-playground-sandbox" \
--name psdemo-hello-world-cli-010 \
--dns-name-label psdemo-hello-world-cli-010 \
--image mcr.microsoft.com/azuredocs/aci-helloworld \
--ports 80

# show the container info
az container show --resource-group "1-5e3dbe31-playground-sandbox" \
--name "psdemo-hello-world-cli-009"

# Retrieve the container URL to access it over internet
URL=$(az container show --resource-group '1-5e3dbe31-playground-sandbox' \
--name 'psdemo-hello-world-cli-009' --query ipAddress.fqdn | tr -d '"')
echo "https://$URL"

# Demo 1 - Deploy container from azure container registry
## STEP 0 SET ENVIRONMENT VARIABLES
ACR_NAME="grsr18"
ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query id --output tsv)
ACR_LOGINSERVER=$(az acr show --name $ACR_NAME --query loginServer --output tsv)

echo "ACR ID: $ACR_REGISTRY_ID"
echo "ACR_LOGINSERVER $ACR_LOGINSERVER"

## STEP 1 create a service principal and get the password and ID,
## this will allow azure container instances to pull
SP_NAME=acr-service-principal
SP_PASSWD=$(az ad sp create-for-rbac \
--name http://$ACR_NAME-pull \
--scopes $ACR_REGISTRY_ID \
--role acrpull \
--query password \
--output tsv)
SP_APPID=$(az ad sp show --id http://$ACR_NAME-pull --query appId --output tsv)

echo "Servce Princial ID : $SP_APPID"
echo "Service Princial Password $SP_PASSWD"

## STEP 2
az container create \
--resource-group "1-5e3dbe31-playground-sandbox" \
--name "psdemo-webapp-cli" \
--dns-name-label psdemo-webapp-cli \
--ports 80 \
--image $ACR_LOGINSERVER/webappimage:v1 \
--registry-login-server $ACR_LOGINSERVER \
--registry-username $SP_APPID \
--registry-password $SP_PASSWD

# due to permission issues if you cant create service princial
# then you can use your acr login creds to pull image
az container create --resource-group "1-028b2503-playground-sandbox" \
--name "psdemo-webapp-cli" --dns-name-label "psdemo-webapp-cli" \
--ports 80 --image $ACR_LOGINSERVER/webappimage:v1 \
--registry-login-server $ACR_LOGINSERVER --registry-username "GRSR18" \
--registry-password "xx=xxxxx=xxxxx+xxxxx"

# get the container status
az container show --resource-group "1-028b2503-playground-sandbox" \
--name "psdemo-webapp-cli"
az container show --resource-group "1-028b2503-playground-sandbox" \
--name "psdemo-webapp-cli" --query instanceView.state

# get the FQDN to access
url=$(az container show --resource-group "1-028b2503-playground-sandbox" \
--name "psdemo-webapp-cli" --query ipAddress.fqdn | tr -d '"')
echo http://$url
curl http://$url

# Get contianer logs
az container logs --resource-group "1-028b2503-playground-sandbox" \
--name "psdemo-webapp-cli"

# Delete the running container
az container delete --resource-group "1-028b2503-playground-sandbox" \
--name "psdemo-webapp-cli" --yes

# Cleanup from our demos, all ACIs and ACR Deployed in the resource group
az group delete --name "1-028b2503-playground-sandbox" --yes
docker image rm grsr18.azureacr.ip/webappimage:v1
docker image rm webappimage:v1



0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)