how can I deploy Keycloak docker in an azure container instance?
keycloak docker image that is provided by jboss/keyckloak keeps restarting in azure container instance after deployment. need help
You don`t need to deploy keycloak in the Azure container registry. You can use jboss/keyckloak docker image. In my experience, reload might happen in case of resource luck or wrong configurations. Try to pick a bigger VM.
Related
At my company, we're setting up an on-prem k8s cluster in combination with a private image repository hosted on Azure (Azure Container Registry).
For development purposes, I'd like our developers to be able to run the apps they create locally using minikube. ACR offers several ways to authenticate, including:
Indiviual login
Access Token
Service Principal
When developing locally, and using the Docker CLI, individual authentication can be setup by running az acr login -n my-repository.azurecr.io. We manage all SSO authentication through Azure Active Directory, and Docker Desktop comes with the docker-credentials-wincred.exe extension, to delegate handling of authentication to the Windows Credential Store. This is specified in ~\.docker\config.json. Pretty neat and seamless, love it.
However, when authenticating k8s to work with a ACR, most documentation steers you towards setting up a Service Principal, and storing credentials in a k8s secret. For a production environment this makes perfect sense, but for a developer machine it feels a bit weird to authenticate using headless credentials.
An alternative is to pull images manually, and set imagePullPolicy to IfNotPresent in the k8s manifest. The tricky part here is that Minikube runs in a separate VM, with its own Docker daemon. By default, Docker CLI is not configured to connect with this daemon. Minikube exposes some control over the daemon through the minikube CLI (e.g. minikube image pull) but here we run into authorization issues. Alternatively, we can configure the Docker CLI - which is already configured to use the Windows credentials store - to connect to the minikube daemon. This is pretty straight-forward using minikube docker-env.
So, this works... but my question is: isn't there a more sensible way to do this? Can't minikube image somehow be configured to work with the windows credentials store?
We just deployed our custom docker image on Azure Webapp services. I think the docker is running fine but we need to know the container-id of the specific webapp service.
We checked the logs on Azure portal for the app service instance; had no luck.
We tried to SSH to the container to grab the container ID; had a "connection refused" error.
Does anyone know how to easily grab the container id of a webapp that runs based on docker on Azure?
Thanks
I'm not sure what do you mean by container id, but what you can get from the Web App are the instance id and container name. Both of them you can get from the logs in the container setting.
And that you want to connect to the container but it failed. The reason is that you didn't enable the SSH in your custom image. You can follow the steps here to enable the SSH in the custom image.
I currently have a simple app consisting of a few micro services (database, front-end node app, user services, etc.) each with its own Dockerfile, and a docker-compose.yml file to get them all up on a local deployment environment. So everything works fine doing docker-compose up.
For production, I was looking for a Heroku (open to other PaaS), which do not support Docker Compose. Not specially nice, but could live with it for now.
The thing is that with Docker Compose on local deployment, the different services are linked via its hostname automatically (if the mongo database service is called "mydatabase", I can do mongodb://mydatabase/whatever within my other services).
So, the question is, what happens with those links on Heroku? What are the best practices to have the different services linked consistently between development and production in this case?
Thanks!
Docker compose creates a docker virtual network which allows you to connect the containers using the container name as a hostname. Heroku doesn't directly support docker-compose, as Docker compose is really intended for
local development on your own machine and not for production.
For production Docker has Docker swarm, which is very similar to Docker compose, however is intended for production environments. You can use the same docker-compose file (called stackfile in swarm) to deploy on swarm.
In docker swarm, you can connect the containers that you have using the same service name just like you would do in docker-compose.
Heroku supports Docker swarm via the DockerHero add-on which you can use to to have your Docker container connected and running on Heroku.
In case anyone else comes across this in their current searches for solutions, Heroku offers an approach using a file similar to docker-compose.yml, called heroku.yml. You simply put it in the root of your project and structure it to call your Dockerfiles: https://devcenter.heroku.com/articles/build-docker-images-heroku-yml
I found a lot of resources online on using docker with Azure virtual machines. But didn't find any on using docker with Azure Webapps. Is this possible?
Things are changing fast in the cloud. Since November 2016, it is now possible on linux web apps to run docker containers. You can read about it here. https://buildazure.com/2016/11/18/deploy-docker-containers-to-azure-web-apps-on-linux
No. Web Apps are a Platform-as-a-Service from Azure which use a bespoke packaging and runtime, you can't just create a Web App, point it to a Docker image and run it as a container.
If you want to run Docker on Azure, you can spin up a VM to use as a single host - you can use an Ubuntu image for Linux containers or a Windows Server 2016 image for Windows containers (currently in preview).
To create a Docker Swarm running on Azure you can use Azure Container Service or Docker for Azure.
No, because a webapp is a PaaS that Azure provides, that allows you to push a website with there settings (to simplify it) with ease.
But, you can push a website onto docker using Azure.
Web Apps, running under App Service, is Webapp-as-a-Service. Nothing to do with Docker. It has its specific methods of code deployment built-in, and does not support Docker images.
That's not to say you cannot have Web Apps and Docker images communicate between each other - you can certainly have, say, your database in a Docker container, being called by your Web App.
I am trying to use docker-machine to manage the docker instance running in our VM. I had started the VM a while back, and I believe had also installed docker via the "Azure Docker extension".
When I try to set things up with docker-machine, I noticed that I didn't have the certs on my laptop. Logging in to the VM, I found out that there are no certs in /etc/docker. I also noticed that the docker image on the server is pretty old (1.8.1).
How can I upgrade docker to the latest version on this VM? Would I lose my VMs if I did so? I'm not sure how to deal with this "Azure Docker extension".
Would this also re-generate the certs in /etc/docker, so that I can set up docker-machine?
One way to update the certs from the Azure portal : you can add the docker extension again on your VM and in the extension options you can specify the new certificates you want to use. You will probably also have to reboot the VM after re-applying the extension to make it work properly.