Azure App Provider has supported operating packing containers for some time now, each in usual App Provider and in Azure Purposes. Atmosphere this up during the UI is beautiful easy, then again, growing the similar setup the usage of Infrastructure as code generally is a bit tough. There are a number of other configuration settings that wish to be added that aren’t all the time glaring. On this article, we can duvet them what those are and when to make use of them and put all of them in combination in a single position.
Plan Settings
First issues, we wish to arrange the app plan with the suitable SKU and settings. For Linux packing containers, you’ll be able to use the elemental or above SKU (now not loose or shared), for Home windows you wish to have to make use of the top class plan. As well as, you additionally wish to set the “reserved” belongings to true.
useful resource appServicePlan 'Microsoft.Internet/[email protected]' = {
call: appServicePlanName
location: location
type: 'linux'
houses: {
reserved: true
}
sku: {
call: 'B1',
tier: 'Elementary'
}
}
Container Reference
Subsequent, we wish to inform the internet app what container to make use of and which registry to get it from. There are in reality two tactics to try this, by the use of the linuxFxVersion environment or the DOCKER_CUSTOM_IMAGE_NAME app environment. Either one of those will paintings, however linuxFxVersion takes priority so I might suggest the usage of this.
useful resource webApp 'Microsoft.Internet/[email protected]' = {
call: webAppName
location: location
tags: {}
houses: {
siteConfig: mcr.microsoft.com/appsvc/staticsite:newest'
serverFarmId: appServicePlan.identification
}
}
Non-public Registry Authentication
In case your symbol is coming from a public repository then this is all you wish to have to do. Alternatively, if you’re the usage of a non-public registry then you wish to have to authenticate. There are two tactics to try this.
Supply Login Credentials
The primary possibility works with any more or less non-public repo, and that’s offering a username and password. Those are set as app config settings within the app provider:
- DOCKER_REGISTRY_SERVER_USERNAME
- DOCKER_REGISTRY_SERVER_URL (complete URL, ex:
https://<server-name>.azurecr.io) - DOCKER_REGISTRY_SERVER_PASSWORD
useful resource webApp 'Microsoft.Internet/[email protected]' = {
call: webAppName
location: location
tags: {}
houses: {
siteConfig: {
appSettings: [ {
name: 'DOCKER_REGISTRY_SERVER_PASSWORD'
value: dockerRegistryPassword
}
{
name: 'DOCKER_REGISTRY_SERVER_URL'
value: '${registryName}.azurecr.io'
}
{
name: 'DOCKER_REGISTRY_SERVER_USERNAME'
value: dockerRegistryUserName
}]
linuxFxVersion: 'DOCKER|${registryName}.azurecr.io:myimage:newest'
}
serverFarmId: appServicePlan.identification
}
}
Controlled Id
Then again, if you’re pulling your symbol from Azure Container Registry then you’ll be able to use a controlled id to attach fairly than offering credentials. First we wish to create a controlled id (or use the gadget assigned id) and grant it permissions to drag packing containers from the ACR. Then we wish to set the acrUseManagedIdentityCreds belongings to true. If we’re the usage of a person assigned controlled id then we additionally wish to set the acrUserManagedIdentityID worth because the ID of the controlled Id.
useful resource webApp 'Microsoft.Internet/[email protected]' = {
call: webAppName
location: location
id: {
sort: 'UserAssigned'
userAssignedIdentities: {
'${managedIdentity.identification}': {}
}
}
tags: {}
houses: {
siteConfig: {
acrUseManagedIdentityCreds: true
acrUserManagedIdentityID: managedIdentity.identification
appSettings: []
linuxFxVersion: 'DOCKER|${registryName}.azurecr.io:myimage:newest'
}
serverFarmId: appServicePlan.identification
}
}
The usage of Non-public Hyperlink
Prior to now all of the connections to the container registry have assumed it’s to be had over the general public web and now not community limited. Alternatively, in case your ACR is at the back of a non-public endpoint you’ll be able to have the app provider use this. It is important to sign up for the App Provider to the vNet first in order that it could be in contact with the non-public endpoints. Then you wish to have to set the vnetRouteAllEnabled belongings to true and upload the WEBSITE_PULL_IMAGE_OVER_VNET app environment.
useful resource webApp 'Microsoft.Internet/[email protected]' = {
call: webAppName
location: location
id: {
sort: 'UserAssigned'
userAssignedIdentities: {
'${managedIdentity.identification}': {}
}
}
tags: {}
houses: {
virtualNetworkSubnetId: appServiceSubnetId
siteConfig: {
vnetRouteAllEnabled: true
acrUseManagedIdentityCreds: true
acrUserManagedIdentityID: managedIdentity.identification
appSettings: [
{
name: 'WEBSITE_PULL_IMAGE_OVER_VNET'
value: 'true'
}
]
linuxFxVersion: 'DOCKER|${registryName}.azurecr.io:myimage:newest'
}
serverFarmId: appServicePlan.identification
}
}
