Understand the Container Images in Azure

Written by

Under the topic

Dated:

May 1, 2022

Table Of Content

Container images are the portable, standalone packages that include everything needed to run a containerized application: the application code, runtime, libraries, environment variables, and configuration files.

When you deploy containers in Azure, you typically work with container images to run your application on Azure Kubernetes Service (AKS), Azure Container Instances (ACI), Azure App Service, or Azure Container Registry (ACR).

Below is a detailed breakdown of container images in the context of Azure, including their creation, storage, deployment, and best practices.

What is a Container Image?

A container image is a read-only template used to create containers.

It defines the environment and dependencies required to run a containerized application.

The image contains everything needed to run the application, including:

Application Code: The executable files or scripts that make up the app.
Runtime: The necessary runtime or framework (e.g., Node.js, .NET Core, Python).
Libraries and Dependencies: Any libraries or software dependencies that the app needs to function.
Configuration Files: Files like environment variables, configuration files, and secrets.
System Tools: Tools like bash, curl, or any other system utilities required by the app.

A container image is created from a Dockerfile or another image-building tool.

Once created, it can be pushed to a container registry where it is stored and made available for deployment.

Container Images in Azure

Azure provides several services to work with container images, including Azure Container Registry (ACR), Azure Kubernetes Service (AKS), Azure Container Instances (ACI), and Azure App Service for Containers.

Azure Container Registry (ACR)

ACR is a fully managed container registry service in Azure that stores and manages private container images.

It's Azure's equivalent of Docker Hub, but with enhanced security, integration with Azure services, and full control over your private repositories.

Private Repositories: Store your private container images that can be securely accessed by your Azure resources.
Security: ACR integrates with Azure Active Directory (AAD) to authenticate access and supports role-based access control (RBAC) for managing permissions.
CI/CD Integration: ACR can integrate with Azure DevOps, GitHub Actions, or other CI/CD pipelines to automate the building and pushing of container images.

Azure Kubernetes Service (AKS)

AKS is Azure's managed Kubernetes service that allows you to orchestrate and run containerized applications at scale.

You deploy container images to Kubernetes pods using kubectl or the Azure CLI.

Image Pull: AKS pulls container images from ACR, Docker Hub, or any other container registry, allowing your containers to be deployed within a Kubernetes cluster.
Helm: You can use Helm charts to manage Kubernetes resources, including deploying container images.

Azure Container Instances (ACI)

ACI is a serverless container service in Azure, allowing you to deploy containers without managing infrastructure.

ACI can run single-container instances or multi-container groups.

Image Deployment: You can directly deploy container images from ACR, Docker Hub, or a public registry to ACI.
Quick Deployment: ACI is designed for quick, ephemeral container deployments. It's ideal for scenarios where you need a fast, isolated environment for testing or running short-lived jobs.

Azure App Service for Containers

Azure App Service allows you to deploy web applications and APIs directly from a container image. App Service supports both Windows and Linux-based containers and integrates with ACR for deploying containerized apps.

Multi-platform Support: Deploy containers using a Docker image from ACR or other public registries to run web applications at scale with minimal configuration.
Scaling: App Service automatically handles scaling of containers based on incoming web traffic.

Working with Container Images in Azure

To effectively work with container images in Azure, you need to understand the steps involved in creating, storing, and deploying images.

Step 1: Create a Container Image

Container images are created using a Dockerfile or similar tools (e.g., Buildah, Podman, or Google Cloud Build).

Here's an example Dockerfile for a simple Python application:


x
1
# Step 1: Define the base image
2
FROM python:3.9-slim
3

4
# Step 2: Set the working directory in the container
5
WORKDIR /app
6

7
# Step 3: Copy the application code into the container
8
COPY . /app
9

10
# Step 4: Install any dependencies
11
RUN pip install -r requirements.txt
12

13
# Step 5: Expose port
14
EXPOSE 5000
15

16
# Step 6: Define the command to run the app
17
CMD ["python", "app.py"]

Step 2: Build the Container Image

Once you have the Dockerfile, use Docker CLI to build the image.


xxxxxxxxxx
1
1
docker build -t <your-image-name>:<tag> .

Step 3: Store the Container Image

Once the image is built, you can push it to a container registry like Azure Container Registry (ACR) or Docker Hub.

Push to Azure Container Registry: To push the image to ACR, first, log in to your registry.


xxxxxxxxxx
1
1
az acr login --name <your-acr-name>

Tag the Image: Tag the image with the ACR login server address.


xxxxxxxxxx
1
1
docker tag <your-image-name>:<tag> <your-acr-name>.azurecr.io/<your-image-name>:<tag>

Push the Image: Push the image to ACR.


xxxxxxxxxx
1
1
docker push <your-acr-name>.azurecr.io/<your-image-name>:<tag>

Step 4: Deploy the Container Image

Once the image is stored in ACR or another registry, you can deploy it to Azure resources like AKS, ACI, or App Service.

Deploy to AKS

You can deploy a container image to Azure Kubernetes Service (AKS) by defining a Kubernetes deployment that references the container image in your registry.

Use the following YAML file to define the deployment:


xxxxxxxxxx
19
1
apiVersion: apps/v1
2
kind: Deployment
3
metadata:
4
   name: python-app
5
spec:
6
   replicas: 1
7
   selector:
8
      matchLabels:
9
         app: python-app
10
   template:
11
      metadata:
12
         labels:
13
         app: python-app
14
      spec:
15
         containers:
16
         - name: python-app
17
         image: <your-acr-name>.azurecr.io/<your-image-name>:<tag>
18
         ports:
19
         - containerPort: 5000

Then, deploy it using kubectl:


xxxxxxxxxx
1
1
kubectl apply -f deployment.yaml

Deploy to Azure App Service

If deploying to Azure App Service, configure your app service to pull the container image from ACR (or any other container registry) directly through the Azure Portal, Azure CLI, or an ARM template.


xxxxxxxxxx
5
1
az webapp create \
2
--name <app-name> \
3
--resource-group <resource-group> \
4
--plan <app-service-plan> \
5
--deployment-container-image-name <your-acr-name>.azurecr.io/<your-image-name>:<tag>

Deploy to ACI

For quick and simple deployments, use Azure Container Instances (ACI) to run the container directly without needing to manage virtual machines.


xxxxxxxxxx
6
1
az container create \
2
--resource-group <resource-group> \
3
--name <container-name> \
4
--image <your-acr-name>.azurecr.io/<your-image-name>:<tag> \
5
--cpu 1 \
6
--memory 1.5

Best Practices for Working with Container Images in Azure

Image Versioning: Use clear versioning for container images by tagging them (e.g., v1.0, latest, staging). This helps in tracking changes and managing deployments.
Minimize Image Size: Keep container images small by using lightweight base images (e.g., alpine or slim versions of popular OS images) and only including the necessary dependencies for the app.
Use Multi-Stage Builds: Multi-stage builds allow you to create optimized images by separating the build environment from the runtime environment. This results in smaller and more efficient container images.
Image Security: Regularly scan your container images for vulnerabilities using tools like Azure Security Center or Trivy. Store images securely in ACR and use Azure Active Directory (AAD) authentication for better access control.
Automate Builds: Integrate container image builds into your CI/CD pipeline using Azure DevOps or GitHub Actions. This ensures that the container image is built, tested, and pushed to ACR automatically with each change.
Tagging Strategy: Implement a robust tagging strategy for your images, using both semantic versioning and commit hashes to make it easier to trace specific versions of your app in production.
Keep Images Updated: Periodically rebuild and push updated images with the latest security patches, updates, and performance improvements.

Summary

Container images are fundamental in modern cloud-native application development.

In Azure, you use Azure Container Registry (ACR) to store images, which are then deployed on services like Azure Kubernetes Service (AKS), Azure App Service, or Azure Container Instances (ACI).

Understanding how to manage container images, automate their builds, and securely store and deploy them will help streamline your development and operational processes.

Things to consider when creating backups and re…

When creating and restoring backups of your Azure App S…

Learn how to configure Virtual Machine Scale Se…

Azure Virtual Machine Scale Sets (VMSS) allow you to de…

Learn the things to consider when using Azure A…

When using deployment slots in Azure App Service, there…

Things to know about Azure App Service Deployme…

Azure App Service Deployment Slots provide a powerful w…

Tags attached to this Post

About the Author

Rajnish Kumar Jha

MCT, MCSA, MCSE, MCAD, MCPD, MCTS, MCSD

My name is Rajnish Kumar Jha. I am Technical architect on Azure Cloud and .NET since 21+ years. I’ve worked for pioneer companies and as freelance trainer/consultant helping my clients to achieve their IT goals.

I find blogging, a great way to share back what I’ve learned all through my professional journey. You are welcome to connect or share feedback/suggestion here or through an email.