We use Web App for Containers to operate Docker containers hosted on our Azure registry. This web app has been configured to pull the latest changes from the registry which in turns has lead to the creation of the following env variables:
DOCKER_REGISTRY_SERVER_URL
DOCKER_REGISTRY_SERVER_USERNAME
DOCKER_REGISTRY_SERVER_PASSWORD
DOCKER_ENABLE_CI
All values are correct and in the first place the Docker based setup worked well for us. Since monday, however, Kudu is longer able to pull docker images from our registry (neither from any registry that requires auth at all). The Kudu log is:
docker pull returned STDERR>> Error response from daemon: Get OUR_REGISTRY: unauthorized: authentication required
which suggests that Kudu is omitting the required Docker login call. Has anyone observed the same behaviour or is aware of Azure changes that require any adoption form our site. Thanks!
What we have tried so far:
creating a new registry
creating a new web app
creating a new service plan
restarting/stopping the web apps
Related
I have a pipeline that publishes to my private Azure container registry but if I push a new image tagged with latest, my Azure app service does not pull the newly tagged latest image. I have Continuous deployment turned on via the DOCKER_ENABLE_CI app setting.
Additionally, I'm using a managed identity to authenticate with the ACR. I feel like the CD portion was working when I was using credentials to pull the image but after switching to managed identity it appears to have stopped. In order to get the new image I have to restart the app service which is not idea and makes this CD option useless...
When you enable Continuous deployment, App Service adds a webhook to your ACR to notify the web apps. The webhook causes your App Service app to restart and run the docker pull to get the updated image.
So, please go to your ACR, and under webhook, please check if there are running webhooks or not, if not you can create a webhook manually and see if the WebApp get the latest image in the following deployment.
source
I created Azure App Service. I choosed "single container" and used "Private Registry".
I filled my private docker hub, credentials, username & password and my site is running my docker image website well.
Now I want to use NEW image with newer tag. I noticed, there is a "webhook" functionality but I dont know how to use this webhook. I thing, that this webhook can be used to pull newer image from my registry but I dont know how to use it.
If this is not the meaning of this web hook, what is the best practise to PULL new container to web app service.
Note: I am not using Azure Container registry. I have my own private hub. And I want to use Jenkins to deploy new container.
I'm having an issue with Azure Container Registry CI with my Azure Web App for Containers. It seems that the web hook between them has broken.
I've tried turning the CI within the Docker settings on the Web App however this fails and also tried creating a web hook from the Azure Container Registry however it says my container registry isn't managed but doesn't give me the option to upgrade it to one.
Webhooks are not available in the classic SKU and you need to migrate for this. For CI you need to enable a webhook with the publishing creds which can call into the App service scm endpoint which can restart and repull.
Through VSTS we have created CI/CD pipeline for a project, in which the end product is a docker image, which will be placed in a azure container registry.
In the azure app service, we have a linux container based service plan, which hosts the above placed latest image.
However, in the docker container, although we have enabled continuous deployment, the latest version is not taken, it is hosting the same older version of image.
How to deploy the latest docker image in app service container ?
Azure Container Registry webhooks can be used to automatically update your application running on Azure App Services that run your container applications.
Setup your image to deploy to your Azure Web App on Linux as per the instruction at https://learn.microsoft.com/en-us/azure/app-service-web/app-service-linux-using-custom-docker-image#how-to-use-a-docker-image-from-a-private-image-registry
In the App Settings section of your Web Application, add an app setting called DOCKER_ENABLE_CI with the value true.
Create a web hook in your registry and provide the docker callback uri which is of the form https://:#.scm.azurewebsites.net/docker/hook
https://:#.scm.azurewebsites.net/docker/hook
E.g. https://github.com/sajayantony/appservicedemo
I have followed the tutorials for building a .net core web application into a docker image, publishing to an azure container registry, and then I have setup my VSTS Release template to deploy the container to the app service.
This all appears to work, I can view my image in the container registry, and the deployment appears to succeed - but when navigating to the app service site, all I get is an HTTP 503 - Service unavailable.
The app service is started, I can see deployments in my file system via bash - so I wondered if I am missing something?
I do not have a 'startup' command in any of my templates, I wondered if it could be this?
The site works perfectly from VS2017, including debugging via docker, so it really is just a case of... how do I get the App Service to actually load and execute the image?
Thank you!
EDIT
Further to this, I have got access to the docker diagnostics logs which claim "image operating system "windows" cannot be used on this platform".
My base image is the microsoft/aspnetcore:2.0 image, which runs perfectly fine on my linux container in my development environment... but appears to not work in the Linux App Service?
Is the aspnetcore:2.0 base image not suitable for a linux app service?
I ended up resolving this week, hopefully the answer will help others.
When using VSTS Hosted build agents to produce images running off the docker base microsoft/aspnetcore:latest - unless you use the (Linux Preview) hosted build agent, you will get produced a windows container, which will not run on the linux app services.
Once I switched to using the hosted linux build agent, the container successfully loads, and my issue is resolved.
Another solution for the same error message:
Try microsoft/aspnetcore (without the tag/version :2.0) as image. If that doesn't work, check the docker logs as mentioned above and look for a solution based on the exact error (usually a missing dependency).