I have an Azure Container Instance (ACI) that is deployed from a custom container image, which I stored in Azure Container Registry (ACR).
The container image runs a simple Python script (background worker, no exposed ports), which works locally on my Windows 11 system, using Docker Desktop. The script prints some logging text using the print() function, so I can see what's going on inside the application.
While ACI starts the container, it doesn't show any events, under the container Events tab, and it also doesn't show any logs, under the Logs tab.
However, the container is actually running, and I can use the Connect tab to open an interactive shell into the container. I can run ps -aux and see that the Python script (entrypoint) is actually running.
Question: Why are the Events and Logs not populating in the Azure Container Instances service, even though the container is successfully up and running?
NOTE: I am deploying to the West Central US Azure region.
under the container Events tab, and it also doesn't show any logs, under the Logs tab.
We have another option in Azure CLI to get the Logs of Azure Container Instance.
In Azure Portal, Open Cloud shell.
Run the below command in Azure Cloudshell - Bash.
az container logs --name YourContanerInstanceName --resource-group YourRGName
OutPut of Logs:
To get the Events, use the below CLI Command.
az container show --resource-group YourRGName --name YourContanerInstanceName
Output of Events:
Why are the Events and Logs not populating in the Azure Container Instances service, even though the container is successfully up and running?
Also refer Options to View Container Logs.
Reference taken from MSDoc Container logs and Diagnostic Events.
Related
I'm trying to Connect a Azure Webb app (containers) to an Azure Container Registry Using the Azure CLI. I have an Azure Container Registry located in the same Ressouce Group as the Webb App.
My command looks like this:
az webapp config container set --name "containerbugdemo" --resource-group "Containerbug" --docker-custom-image-name "application/helloworld:latest" --docker-registry-server-url "https://"$arcName.azurecr.io" --docker-registry-server-password "****" --docker-registry-server-user "***"
After running the command the container settings blade shows the following error:
Failed to get a list of tags.
And the Container fails to get pulled by the WebApp.
If I try the same procedure only using the graphical interface through the Azure portal, everything works as expected.
It seems you set the wrong image name. If you use the image in the ACR, you need to set the image name as acrname.azurecr.io/repository:tag, both when you create the web app and container setting, not just repository:tag. And the server URL is also a mistake that one more double quote in the question.
Let's say we have a (containerized) backend which is only sparely used. Maybe once every couple of days or so, a (static) web front-end calls an API endpoint of that backend.
The backend conveniently happens to be stateless. No data store or anything.
We want to minimize the hosting cost for it, and ideally would like per-second billing. It's only gonna be running for a few minutes every month, and we only want to be charged for that usage. Basically, we want Function as a Service (FaaS), but for a whole backend and not just a single function.
Azure Container Instances appears to be great fit for this scenario. It can spin up the backend in a container when needed. The backend then can shut itself down again after a certain period of non-usage.
So, let's create a container instance...
az container create \
--resource-group myResourceGroup \
--name mycontainer \
--image mycontainerimage \
--restart-policy Never
--dns-name-label mybackend123
--ports 80
Great, our backend is live at its FQDN http://mybackend123.eastus.azurecontainer.io!
As stated above, it'll shut itself down after a period of non-usage. Thanks to --restart-policy Never, ACI won't restart the container but keep it around in status Stopped.
My question is: is there any way to automatically start the container again if a web request to the FQDN arrives?
Sure, we can wake it up ourselves by running...
az container start --resource-group myResourceGroup --name mycontainer
... or with an equivalent API call. But then the service that does that needs to be running all the time! Ideally, I'd like the container to start itself whenever a request comes in.
Azure Container Instances don't have a wehbook or HTTP trigger that will start them. However, you could use an Azure Function or Logic App that would effectively run az container start for you and then call THAT with HTTP. With either of those approaches, you'd have to setup some IAM permissions to give the Function or Logic App permissions to the ACI resource to start it.
One approach would be to:
Create an Azure Function with an HTTP trigger and a managed identity
Give the Managed identity contributor access to ACI container group
Run az container start or the equivalent REST call inside the function to start the ACI container
Call the Azure function (using the function token) to start the container.
In azure web app we have two option to publish our code:
Via Code
Via Docker image
is there any way i can switch between this two.
Actually if you select Publish Profile as Connection Type you cannot deploy docker image. Please check this:
for Azure Resource Manager you can select container deployment:
but for Publish Profile you don't have this choice:
The same apply for YAML version.
I'm afraid that you can not change from code to container , but you can have two instances of your code, one using code and one using container within the same service app. You can re-created your webapp with the same name but with a different deployment method in the portal.
For details , please refer to this ticket with similar issue.
To switch the publish method from docker to code you can set the linuxFxVersion via Azure CLI. For example:
az webapp config set --name myWebApp --resource-group rgname --linux-fx-version 'DOTNETCORE|3.1'
To switch from code to docker you can just deploy a docker container and the web app will automatically switch to the docker publish method. For example:
Set-AzureRmWebApp -ResourceGroupName rgName -Name myWebApp -ContainerImageName imageName:tag -ContainerRegistryUser userName -ContainerRegistryPassword $passwordSecure -ContainerRegistryUrl url
I have not tested it for windows apps but I supect it will behave similarly.
I have successfully created a docker image that runs inside a docker container. The container successfully executes the image (a .NET app) but the image crashes shortly after startup because it encounters an error with Azure Services. The reason is because the docker container is attempting to access Azure Services to fetch an authorization token (to fetch secrets from a key vault) and does not have authority to do so.
I should note that it is possible to run the app locally outside of a container via the Azure CLI after using az login to verify my credentials. Then, when the app is started via Azure CLI, it is 'allowed' to access Azure Services to get autho tokens and consequentially fetch data from my key vault.
Would like to know if there is a way to run an az login script with credentials inside a docker container before the .NET app image executes, so that I can start the application from within the Azure CLI (inside the container) after my credentials have been verified. I have looked through the documentation and have not seen a way to configure something like this.
To use the Azure CLI and login inside the container, you need to install the Azure CLI inside the container, then login with an non-interactive model. I would recommend the service principal. You can take a look at the command:
az login --service-principal -u <app-url> -p <password-or-cert> --tenant <tenant>
For more details, see Create an Azure service principal with Azure CLI. After login, then you can start your application as need.
Here are 2 options which don't require Azure CLI in the container, Azure Managed Identity from within a docker container running locally,
inject an access token into the container using ENV variable
use device authentication flow to obtain an access token
I read this answers a while ago. I was looking for the similar solution but using the service principal. I found that Docker can run Kubernetes and there is AAD-Pod-Identity https://github.com/Azure/aad-pod-identity which can do work for me, but it doesn't work for Docker Kubernetes. I forked their Go repository and make modification for mic component. Now it works for Docker Kubernetes, not sure whether Azure team has plans get these modifications on board or not.
You can get detailed instructions how to get things running here: https://github.com/Wallsmedia/aad-pod-identity
Azure CLI would not work for a Docker, because you have setup Azure CLI and login and then run your application.
I am working on a research project on how to integrate Microsoft Business Central with other applications.
Therefore, I have created a Windows Container
within the Azure environment where I have deployed the image mcr.microsoft.com/businesscentral/sandbox
as a container into an Azure Container Service.
We have created custom data within the container, but when I stop the container using the Azure CLI with "az stop"
and start the container with "az container start -g ContainerGroupName -n ContainerName" again, all test data is lost.
The "az start" command seems to create a blank, new container from the image.
Is there a way to start a container within Azure Container Service,
like the docker commands "docker start/stop <containerid>", so that custom data remains in the container when a container is stopped?