Docker images version change do not trigger terraform container update - azure

I'm using terraform to create container on Azure using azure_container_group. My container is based on a docker image stored on a private registry. When I update this image by pushing a new version with the latest tag my docker image have a new SHA256 ... but terraform seems not able to trigger this update.
Am i missing something ?
Thanks,
Dan

First of all, Azure Container Instance does not have the feature that automatically updates the images. So you need to update the images yourself manually. And Terraform is just a tool to create the Azure Container Instance, you can use it to create a trigger to update the images, but you cannot use Terraform itself to do it.
To automatically update the images, I recommend you use the Azure Container Registry, it provides the trigger on the commit to update the images. Take a look at Automate container image builds in the cloud when you commit source code.

Related

Azure AppService continuous deployment from container registry tag selection

I have an AppService which uses Azure Container Registry.
The docker images are built by the pipeline and pushed with a 'Docker push' task in Azure Release.
I am using semantic versioning, I put the version into the BuildNumber and to the image name.
I can see my images being available in the DeploymentCenter, along with all the tags that have been pushed so far.
However, whenever I create a Release in AZ DevOps, it does not automatically get deployed to the AppService.
I have to go to the DeploymentCenter, pick the newest tag and then redeploy again (restarting the app didn't seem to work, but am no 100% sure).
In any case, I would like the AppService to be updated and run the latest image automatically when the release succeeds in DevOps.
Is that possible with the Docker push task to ACR?
Also, I wonder - I have the 'Include latest tag' tickbox checked, but the 'latest' tag is not available in the tag dropdown in Deployment Center. Why is that?
Is that possible with the Docker push task to ACR?
Of course, yes. But the thing you need to know is the continuous deployment of the App Service only triggers for the one tag can it can't change. Generally, we use the certain tag latest. So you need to create the image with the tag latest all the time, don't use the default tag $(Build.BuildId) in DevOps.
I have the 'Include latest tag' tickbox checked, but the 'latest' tag
is not available in the tag dropdown in Deployment Center. Why is
that?
I'm not familiar with DevOps, but I think the include latest tag means the latest Build.BuildId, not one certain tag, so it will change each time when you create the image and push it. And it won't work for App Service Continuous Deployment.

Azure App service Keeps pulling docker image from docker hub

I have a azure app service to host a docker image from out Azure Container Registry.
The full process is as follow:
Run Pipeline
Run Release pipeline
Azure app pulls the latest release from azure container registry
But what happen is that after Each realise, for some reason, the app service tries to pull the image from Docker Hubinstead of pulling from azure Container Registry.
Can somebody help to understand where is the issue here?
For your issue, I can guess the problem you made, you must set the image with the tag as, for example, nginx:latest. But if you push the image in the ACR and need to pull it from the ACR, you must set the image with the tag as myacr.azurecr.io/nginx:latest. In addition, you also need to configure the credential for your ACR.

How can I update all images in azure container registry when base image is updated

I have a bunch of repositories in an Azure container registry. Each repository can have several versions of an image, tagged like this, imagename:v_1_0 or imagename:v_1_2. Almost all of these images uses the base image mcr.microsoft.com/dotnet/aspnet:5.0-buster-slim.
My question is, how do I create an acr task that updates all of my images when that base image is updated by microsoft? I have seen tutorials on creating an acr task but almost all of them assume that the source code is pushed from github and that I am only updating a single image. I would like to avoid creating a task for n number of images in each repository but I suppose I could create a job that automatically creates a task whenever I publish from visual studio.
Has anyone else solved this problem?
So, if you are building your images via ACR tasks they do that automatically for the following base images:
The same Azure container registry where the task runs
Another private Azure container registry in the same or a different region
A public repo in Docker Hub
A public repo in Microsoft Container Registry
https://learn.microsoft.com/en-us/azure/container-registry/container-registry-tasks-base-images#base-image-notifications
if you are building them outside of ACR and pushing to ACR - you probably need to handle that in the same place you are building them. ACR cant do that for images its not building (seems fair).

How to retrieve a trained model docker image deployed to ACI?

I've trained a model and deployed it to ACI using Azure ML studio. It works as expected. Now I want to download the docker image and use it in my local environment. Is it possible to download the image using CLI?
Azure ML Studio must have pushed a container image somewhere before spinning up a container instance on ACI. You might be able to find out the image name by using Docker's ACI integration. For instance, you could run...
$ docker login azure
$ docker context create aci myacicontext
$ docker ps
... and check the IMAGE value of your running container, and see if you can pull that image to your local machine. If not, you might be able to create a new one using docker commit.
Now I want to download the docker image and use it in my local
environment. Is it possible to download the image using CLI?
It's possible to download the Docker image via CLI. When you trained a model and deployed it to ACI using Azure ML studio, there must be a place to store the images. Private registry or the public registry. You can see the tutorial, you can use a private registry such as the ACR, or other private registries. You can also use the Azure Machine Learning base images stored in the Microsoft registry, it's similar to the Docker hub.
If you have known where is the docker images stored, then you can download the docker images to your local environment.
From the public registry such as the Docker hub, you can pull the images directly:
docker pull image:tag
If it's a private registry, you need to log in with the credential first, for example, you use the Azure Container Registry:
docker login myacr.azurecr.io -u username -p password
docker pull myacr.azurecr.io/image:tag
Of course, you need to install the Docker server in your local environment first.

How to update deployment image on Azure Kubernetes Service with same image tag via an Azure pipeline?

I am trying to update my deployment with latest image content on Azure Kubernetes Service every time some code is committed to github . I have made a stage in my build pipeline to build and push the image on docker hub which is working perfectly fine. however in my release pipeline the image is being used as an artifact and is being deployed to the Azure Kubernetes Service , but the problem is that the image on AKS in not updating according to the image pushed on Docker Hub with latest code.
Right now each time some commit happens i have to manually update the image on AKS via the Command
kubectl set image deployment/demo-microservice demo-microservice=customerandcontact:contact
My Yaml File
Can anyone tell the error/changes if any in my yaml file to automatically update the image on AKS.
When you relese a new image to the container registry under the same tag it does not mean anything to Kubernetes. If you run kubectl apply -f ... and the image name and tag remains the same, it still won't do anything as there is no configuration change. There are two options:
Give a new tag on each build and change the :contact to the new tag in the yaml and run kubectl apply
For dev environment only (do not do it in Stage or Prod) leave the same tag (usually a tag :latest is used) and after a new image is deployed to registry run kubectl delete pod demo-microservice. Since you've set image pull policy to Always, this will cause Kubernetes pull a new image from the registry and redeploy the pod.
The second approach is a workaround just for testing.
When you specify your image with the specific image tag Kubernetes will default container's imagePullPolicy to IfNotPresent, which means that image won't be pulled again, and previously pulled image will be deployed.
Kubernetes will change policy to Always only if tag is not present (which is effectively same as latest or if tag is set to latest explicitly.
Check what is actual imagePull policy on your Deployment template for particular container.
kubectl get pod demo-microservice -o yaml | grep imagePullPolicy -A 1
Try patching deployment
kubectl patch deployment demo-microservice -p
'{"spec": { "template" :
{ "spec" : { "containers" :
[{"name" : "demo-microservice",
"image" : "repo/image:tag",
"imagePullPolicy": "Always" }]}}}}'
Make sure that imagePullPolicy for the container in question is set to Always.

Resources