Azure Container Instances Overview
You will need to be familiar with Azure Container Instances if you are taking the AZ-204 Azure Developer Associate certification exam.
This is some of the exam preparation notes I have taken for the Azure Container Instance service.
You can check out my other exam prepation notes for other Azure services covered on the AZ-204 exam here.
Describe the benefits of Azure Container Instances and how resources are grouped
Benefits of Azure Container Instances
- Fast and simple way to run a container in Azure
- Avoid the need to run a virtual machine
- Can expose your containers to the Internet and offer an IP address and fully qualified domain name
- Support for Linux and Windows containers
- Supports container image pulls from Azure Container Registry and other third-party container registries such as DockerHub
- Usage based billing by the second based on resources consumed
- Offers a discount when running as Azure Spot Container Instances
Azure Container Instance Resources
- Azure Container Instances are placed into a Container Group
- Container Groups are placed inside a Resource Group which is located into a particular regional location
- Container Groups define are allocated a number of CPU cores and a number of GBs of memory
- Each Container Group shares it’s resources across all of their Container Instances
graph TB
AS[Azure Subscription] -- Resource Group has a Region --> RG[Resource Group]
RG -- Each Container Group has a # of CPU cores & memory in GB allocated --> CG1[Container Group]
CG1 -- Sharing Container Group resources --> CI1[Container Instance]
CG1 -- Sharing Container Group resources --> CI2[Container Instance]
RG -- Each Container Group has a # of CPU cores & memory in GB allocated --> CG2[Container Group]
CG2 -- Sharing Container Group resources --> CI3[Container Instance]
Deploy a container instance in Azure by using the Azure CLI
az container create --resource-group cloudengineerskills-aci-rg --name containergroup --image mcr.microsoft.com/azuredocs/aci-helloworld --dns-name-label cloudengineerskills-helloworld-aci --ports 80 --cpu 2 --memory 2
See Deploy an Azure Container Instance using the Azure CLI for further explaination
Start and stop containers using policies
When creating Azure Container Instances you can set a restart policy for the Container Group will determine what will happen to your container when it terminates.
You have three options for the Azure Container Instance restart policy:
Always: this is the default option, containers in the container group are always automatically restarted on terminationNever: containers in the container group are not automatically restarted on terminationOnFailure: containers in the container group are automatically restarted only if it terminates with a failure
When creating a Container Group with an Azure Container Instance using the Azure command line interface, specify the restart policy by using the --restart-policy parameter.
1
2
3
4
5
az container create \
--resource-group myResourceGroup \
--name mycontainer \
--image mycontainerimage \
--restart-policy OnFailure
You can also manually restart, start or stop all containers inside the container group using the az container restart, az container start and az container stop commands.
1
2
3
az container restart --name mycontainer --resource-group myResourceGroup
az container start --name mycontainer --resource-group myResourceGroup
az container stop --name mycontainer --resource-group myResourceGroup
Set environment variables in your container instances
For non secure environment variables you can provide them to your Azure Container Instances in the --environment-variables flag on the ac container create command.
For example:
1
2
3
4
5
6
az container create \
--resource-group myResourceGroup \
--name mycontainer2 \
--image mcr.microsoft.com/azuredocs/aci-wordcount:latest
--restart-policy OnFailure \
--environment-variables 'NumWords'='5' 'MinLength'='8'\
In the case of environment variables that you need to keep secure, you can provide these to your Azure Container Instances in the --file flag providing the path to a YAML file.
In the YAML file you will describe the complete configuration of your container group and container instances and for the sensitive enviroment variables define them under the environmentVariables properties with the property of secureValue.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
apiVersion: 2018-10-01
location: eastus
name: securetest
properties:
containers:
- name: mycontainer
properties:
environmentVariables:
- name: "NOTSECRET"
value: "my-exposed-value"
- name: "SECRET"
secureValue: "my-secret-value"
image: nginx
ports: []
resources:
requests:
cpu: 1.0
memoryInGB: 1.5
osType: Linux
restartPolicy: Always
tags: null
type: Microsoft.ContainerInstance/containerGroups
az container create --resource-group myResourceGroup --file secure-env.yaml
Mount file shares in your container instances
See How to Mount an Azure File Share to Azure Container Instances.
By default Azure Container Instances are stateless, if you would like to persist data for after a container stops one option you have is to mount Azure file shares using Azure Files. Azure Files uses the Server Message Block (SMB) protocol.
1
az container create --resource-group $ACI_PERS_RESOURCE_GROUP --name hellofiles --image mcr.microsoft.com/azuredocs/aci-hellofiles --dns-name-label aci-demo --ports 80 --azure-file-volume-account-name $ACI_PERS_STORAGE_ACCOUNT_NAME --azure-file-volume-account-key $STORAGE_KEY --azure-file-volume-share-name $ACI_PERS_SHARE_NAME --azure-file-volume-mount-path /aci/logs/
--azure-file-volume-account-name: the name of the storage account that contains the Azure File share--azure-file-volume-account-key: the storage account access key used to access the Azure File share--azure-file-volume-share-name: the name of the Azure File share to be mounted as a volume--azure-file-volume-mount-path: the path within the container where the azure file volume should be mounted. Must not contain colon ‘:’
If you want to mount more than 1 volume you need to use an Azure Resource Manager template or a YAML file.