Running your containerized workload on Azure

Posted by: Vladimir Stefanovic October 16, 2020

Over the years, the hosting platform for the applications has undergone many changes. A long time ago, we had started with the mainframes and physical server and then move to the virtualized environments during the late 1990s and early 2000s. Nowadays, public cloud platforms such as Azure and AWS tends to transform application hosting platforms by developing many of Platform-as-a-Service and Software-as-a-Service solutions. At the same time, modernization of the traditional computing services, such as Virtual Machine Scale Sets, bring the cloud-native capabilities to the virtual machines. That gives you the possibility to have a scalable application, ready to respond to the unpredictable workload.

One of the hosting platforms for application, that is in expansion over the last few years are containers. Containers allow you to package up code and all its dependencies and offer an isolated environment for running applications. The container layer is abstracted from the host environment, which they run. Very often, containers are compared to virtual machines, and like virtual machines, containers allow you to package your application with all needed libraries and dependencies. Although virtual machines and containers are similar, there is a lot of essential differences. Unlike the virtual machines which for virtualization occurs on the hardware level, containers virtualization is at the operating system level, which gives the possibility to run multiple containers atop on the OS kernel. Because of that, containers have benefits, and some of them are:

How to run containers on Azure? 

Like other public cloud providers, Microsoft Azure offers various sets of options to run your containerized application in Azure. 

One of the options is to run Docker on Azure Virtual Machines. Docker is a set of services that uses OS-level virtualization to deliver containers. Docker is fully supported by Microsoft from late 2015 when Windows Server integrate Docker. Of course, Microsoft Azure is part of that integration list, and there are a few options to run Docker on Azure Virtual Machines

The second option to run your containers on Azure is Azure Container Instances (ACI). Azure Container 

Instances are part of the Azure PaaS family that gives you the possibility to run containers in Azure without managing the infrastructure that hosts containers. This approach brings full cloud-native benefits due to the integration of ACI with most of the other Azure services. 

Azure Kubernetes Service (AKS), as a third option, is a fully managed Kubernetes cluster, that makes the process of deploying and maintaining containerized applications simplified. With AKS, your Azure Container Instances are utilized and ready for deployment at scale. Elastic provisioning, end-to-end deployment, advanced identity, and security, supported CI/CD pipelines, and more features are some of the Azure Kubernetes Service benefits. 

First „containerized“ steps in Azure 

The very first step of deploying your containerized application in Azure is deploying Azure Virtual Machine with Docker, for preparing images and running your containers. Your containers could be hosted on Azure Virtual Machine with Docker, as well as you can use that virtual machines for making custom containers and pushing them to the container registry. 

Installing Docker on Azure Virtual Machine is a pretty simple task. The recommended way is to install Docker Extension for Azure VM, instead of manually installing all needed Docker components on the virtual machine. For the installation of the Docker Extension, you can use Azure CLI, Azure PowerShell, as well as the ARM templates. By following commands, you can install Docker Extension to the existing virtual machine.

Azure CLI 

az vm extension set --vm-name docker-vm --resource-group docker-rg --name DockerExtension --publisher Microsoft.Azure.Extensions --version 1.1 

Azure PowerShell 

Set-AzVMExtension -ResourceGroupName docker-rg -VMName docker-vm -Location westus2 -Publisher Microsoft.Azure.Extensions -ExtensionType DockerExtension - 
Name DockerExtension -TypeHandlerVersion 1.1 

ARM Templates  

{
            "type": "Microsoft.Compute/virtualMachines/extensions",
            "name": "[concat(parameters('virtualMachineName'), '/DockerExtension')]",
            "apiVersion": "2019-07-01",
            "location": "[resourceGroup().location]",
            "dependsOn": [
                "[concat('Microsoft.Compute/virtualMachines/', parameters('virtualMachineName'))]"
            ],
            "properties": {
                "publisher": "Microsoft.Azure.Extensions",
                "type": "DockerExtension",
                "typeHandlerVersion": "1.1",
                "autoUpgradeMinorVersion": true,
                "settings": {}
            }
        }


Once you install Docker Extension on the Azure Virtual Machine, you can see that Docker and Docker-Compose are installed. At the moment, only CoreOS 899 and higher, Ubuntu 13 and higher, CentOS 7.1 and higher and Red Hat Enterprise Linux (RHEL) 7.1 and higher, are supported for this Docker Extension. 

Prepare the „hub“ for your container images – Azure Container Registry 

If all steps for configuring Docker on Azure VM are finished, you are ready to making container images or run your containers in Azure. Hosting of your containers on Azure Virtual Machine with Docker is not in the spirit of the cloud-native design. Still, a virtual machine with Docker can be „station“ to develop and maintain your container images. Once prepared, container images can be pushed to the Azure Container Registry, to store images in Azure close to the Azure Container Instances or Azure Kubernetes Service.  

Azure Container Registry (ACR) is the fully managed, private hub for your container images, that allows you to build, store, and manage container images and artefacts for all types of container deployments, based on the open-source Docker Registry 2.0. The key features of the ACR are: 

Installing of Azure Container Registry is easy and quicky and can be completed by using any of Azure administration tools. Defining the unique registry name is an essential part of creating the Azure Container Registry because the name is publicly available. The suffix azurecr.io is adding to your container registry name. Also, if you want to use docker login commands to authenticate to the ACR, the admin user needs to be enabled. 

How to run containers on Azure

Once created, ACR is ready to store your container images. Access credentials, as well as other configurations, can be found in the pane of Azure Container Registry. 

How to run containers on Azure

When you collect all needed access parameters (login server name, username, password), you can connect your virtual machine with Docker to Azure Container Registry, and push container images to the registry. 

How to run containers on Azure 4

Store your images in Azure 

Azure Virtual Machine with Docker is ready, as well as the Azure container registry. What you wait now? Prepare your customized container image and push them to the Azure Container Registry and make the container deployment process more comfortable. Images that you want to push to Azure Container Registry needs to be tagged in format <login server name>/<repository>/<image name>. 

How to run containers on Azure 5

When this task is completed, you can see your images in Azure Container Registry and use them for deployment in the Azure Container Instances. 

How to run containers on Azure 6

What are the next steps? 

 Good job. A customized container image is now ready to be served to the Azure Container Instances directly from Azure Container Registry. Those tasks are a just start of the container journey, but the real benefits of using containers in Azure you will be able to see in the following posts when we will talk about Azure Container Instances. 

Get in touch today

Consultation with our experts is free of charge. Book a call today.

Start

Keep reading

A developer’s handbook for security best practices

20.11.2020

One thing that you notice once you embark on the arcane ways of offensive InfoSec (a.k.a penetration testing/red team engagement) is that your success is the direct consequence of someone else’s error.

read more

The Benefits & Implementation of the DevSecOps (SecDevOps) Approach to SDLC

10.11.2020

The DevSecOps (SecDevOps) approach to software development is based on incorporating security in each and every stage of the cycle.

read more

SaaS: Cloud-native versus On-prem

05.11.2020

Over the last decade, we witness that so many start-up businesses are SaaS-based solutions, mainly because the payment model moves from license-based to the subscription-based.

read more