Run Azure Container Instances from Cloud shell

Introduction

The official Azure Container Instances (ACI) documentation provides a three-part tutorial that starts on the following pages and is a great place to start if you want to try it out.

Tutorial - Prepare container image for deployment - Azure Container Instances

However, to follow along with this tutorial, you need a local environment that includes the Azure CLI and Docker engine, as noted in the notes.

⚠️Important
Azure Cloud Shell does not include the Docker daemon, so you must install both the Azure CLI and the Docker engine yourself on your local computer to complete this tutorial. You can’t use the Azure Cloud Shell with this tutorial.

In this article, based on the above official tutorial, I will show you how to set up a sample application on ACI only in Azure environment without preparing local environment.

Clone application code

Launch Azure Cloud Shell. Once the console is up, get the sample application with the Git command from the official tutorial.

git clone https://github.com/Azure-Samples/aci-helloworld.git

After this, the docker buildcommand continues in the official tutorial, but Azure Cloud Shell does not include the Docker daemon and when I run it I get an error. Therefore, proceed to the next step here.

Prepare ACR (Azure Container Registry)

Get an Azure Container Registry (ACR) ready but first, create a resource group and ACR.

az group create --name test-weu-rg --location westeurope
az acr create --resource-group test-weu-rg --name acr4test--sku Basic

Official tutorial Step 2 creates a local image and pushes it to ACR.

Tutorial - Prepare container registry to deploy image - Azure Container Instances

However, you can’t create an image with Azure Cloud Shell. Therefore, we will utilize the ACR task, which is a function of ACR.

Build and push image with ACR task

In short a , the ACR task is a container image build service on the cloud. This feature allows you to build images that you couldn’t do with Azure Cloud Shell.

More details regarding ACR task we can find in documentation

ACR Tasks overview - Azure Container Registry

Ok so now let’s build and push the image with the ACR task with the following commands:

az acr build --image sample-aci-image:latest \
  --registry acr4test \
  --file ./aci-helloworld/Dockerfile ./aci-helloworld

Check the ACR image list and sample-aci-image:latest for make sure that exists, for do this run command

az acr repository list --name acr4test --output table

We can also check tags

az acr repository show-tags --name acr4test --repository sample-aci-image:latest --output table

Create a service principal

Next, we will create the service principal which is required for ACI to pull the image stored in ACR. Creating a service principal is introduced on the following pages.

Access from Container Instances - Azure Container Registry

For this we can use script from the documentation above. Create new file called service-principal.sh and paste the script inside

#!/bin/bash
ACR_NAME=acr4test
SERVICE_PRINCIPAL_NAME=acr-service-principal
SP_PASSWD=$(az ad sp create-for-rbac --name http://$SERVICE_PRINCIPAL_NAME --scopes $ACR_REGISTRY_ID --role acrpull --query password --output tsv)
SP_APP_ID=$(az ad sp show --id http://$SERVICE_PRINCIPAL_NAME --query appId --output tsv)

echo "Service principal ID: $SP_APP_ID"
echo "Service principal password: $SP_PASSWD"

Go back to the Azure Cloud Shell and run the script with the following command.

chmod 744 service-principal.sh
./service-principal.sh

When you run the script then in output as a result you should se:

• Service principal ID
• Service principal password

Make a note of these values ​​as they will be used in the next step.

Deploy container with ACI

The rest is step 3 of the official tutorial.

Tutorial - Deploy container app to container instance - Azure Container Instances

Gets the ACR login server name.

az acr show --name acr4test --query loginServer

Finally deployment

az container create --resource-group test-weu-rg \
  --name sample-aci-image \
  --image <acrServer>/sample-aci-image:latest \
  --cpu 1 --memory 1 \
  --registry-login-server <acrServer> \
  --registry-username <service-principal-ID> \
  --registry-password <service-principal-password> \
  --dns-name-label <DnsName> --ports 80

Explanation

• <acrServer> this is the login server name you obtained from the command above
• <service-principal-ID> , <service-principal-password> this is the value you wrote down in the previous step.
• <DnsName> this is an arbitrary DNS name which must be unique.

If you want to to check the progress of the deployment, use the following command.

az container show --resource-group test-weu-rg --name sample-aci-image --query instanceView.state

If the output is output Running, then the deployment is complete and now we can check the FQDN with the following command:

az container show --resource-group test-weu-rg --name sample-aci-image --query ipAddress.fqdn

You can also output the log by returning to Azure Cloud Shell and executing the following command.

az container logs --resource-group test-weu-rg --name sample-aci-image

Cleanup

If you are done testing the azure container registry and are no longer using them don’t forget to delete the resource group at the end.

az group delete --name test-weu-rg