# AZ-204: Implement containerized solutions

In [1]:
import sys
sys.path.append('./../utils')
import ai

# Introduction to containers, images, docker, etc.

In [2]:
%%question
Why do we need containerized solutions for modern software development? 

Containerized solutions offer several benefits for modern software development, including:

1. **Portability**: Containers can run consistently across different environments, from a developer's laptop to testing and production servers.

2. **Scalability**: Containers can be easily scaled up or down to handle varying loads.

3. **Isolation**: They provide isolated environments for applications, ensuring that dependencies and configurations do not conflict.

4. **Efficiency**: Containers share the host OS kernel, making them more lightweight and efficient compared to traditional virtual machines.

5. **Rapid Deployment**: Containers enable faster deployment times and easier updates, as they package applications and their dependencies together.

6. **Consistency**: They ensure that applications run the same way regardless of the underlying infrastructure, reducing "it works on my machine" issues.

- Scale easily
- Virtualization of the application (instead of machine) -> smaller
- Easier to maintain (versioning)
- Containers isolated from eachother
- Easier deployment (everything is contained in the container)
- Freedom, Scalability
- Microservices
- Lowering COST

In [3]:
%%question
How does it compare to traditional software development?

Containerized solutions differ from traditional software development in several key ways:

1. **Environment Consistency**: Traditional development often faces "it works on my machine" issues due to environment differences, whereas containers encapsulate the environment, ensuring consistency across all stages.

2. **Resource Utilization**: Containers are more lightweight than virtual machines used in traditional development, allowing for better resource utilization and faster startup times.

3. **Deployment Speed**: Containers enable faster deployment and updates because they include all application dependencies, reducing the need for complex setup processes.

4. **Scalability and Flexibility**: Scaling applications with containers is more straightforward and often automated, whereas traditional setups may require manual configuration and provisioning.

5. **Isolation**: Containers provide better application isolation than traditional methods, reducing the risk of dependency conflicts.

6. **Microservices Architecture**: Containers are well-suited for microservices, allowing individual components to be developed, deployed, and scaled independently, unlike monolithic traditional applications.

In [4]:
%%question
What are some of challenges with Microservices architecture?

Some challenges with microservices architecture include:

1. **Complexity**: Managing numerous services increases overall system complexity, requiring sophisticated orchestration and management tools.

2. **Inter-Service Communication**: Ensuring reliable communication between services can be challenging, especially over unreliable networks.

3. **Data Management**: Maintaining data consistency across distributed services often requires complex strategies.

4. **Deployment and Monitoring**: Coordinating deployments and monitoring the health of multiple services demands robust tools and practices.

5. **Security**: Securing numerous endpoints and managing authentication and authorization across services can be complex.

6. **Latency**: Network calls between services can introduce latency, impacting performance.

7. **Testing**: End-to-end testing becomes more complex due to the interactions between numerous services.

- Dependencies are difficult to maintain and (upgrade, backward compatible)
- Complex architecture
- Communication between microservices - network (HTTP, gRPC): service discovery, latency, exception handling
- Monitoring (correlation)

In [5]:
%%question
How are containers supposed to improve resource utilization? How does this compare to classic virtualization technologies?

Containers improve resource utilization by sharing the host operating system's kernel, which makes them more lightweight and efficient than classic virtualization technologies. Here's how they compare:

1. **Overhead**: Containers have less overhead than virtual machines (VMs) because they don't require a separate OS for each instance. VMs include the entire OS, consuming more CPU and memory resources.

2. **Startup Time**: Containers start much faster than VMs because they don't need to boot a full OS.

3. **Density**: More containers can be run on a single host compared to VMs because of their lightweight nature, allowing better utilization of available hardware resources.

4. **Resource Sharing**: Containers can share binaries and libraries, reducing duplication and saving space, unlike VMs which require separate instances of everything.

Overall, containers provide a more efficient use of system resources, enabling higher application density and faster operations compared to classic virtual machines.

In [7]:
%%question
What are the main components of a container (e.g., Docker container)?

The main components of a Docker container include:

1. **Image**: A lightweight, stand-alone, executable package that includes everything needed to run a piece of software, including the code, runtime, libraries, and system tools.

2. **Container**: A running instance of an image. Containers are isolated environments where applications run.

3. **Dockerfile**: A text file with instructions on how to create a Docker image. It specifies the base image, dependencies, and commands to set up the application.

4. **Registry**: A repository like Docker Hub where Docker images are stored and can be pulled from.

5. **Volumes**: Mechanisms for persisting data outside of the container's filesystem, allowing data to be shared between containers or retained after a container is removed.

6. **Networks**: Configurations that allow containers to communicate with each other and external systems securely and efficiently.

In [None]:
%%question
Can you provide an example of a real-world application that benefits from containerization?

In [9]:
%%question
What is the docker hub?

Docker Hub is a cloud-based repository service where Docker users can store, share, and manage Docker images. It acts as a centralized registry that provides the following functionalities:

1. **Image Hosting**: Users can push and pull Docker images, making it easy to share and distribute software.

2. **Public and Private Repositories**: It supports both public repositories, which are accessible to everyone, and private repositories, which are accessible only to authorized users.

3. **Automated Builds**: Docker Hub can automatically build images from a source code repository, such as GitHub, whenever changes are detected.

4. **Official Images**: It hosts a wide range of official images maintained by Docker or trusted partners, offering reliable and secure base images for applications.

5. **Community Contributions**: Users can share their images with the community, facilitating collaboration and reuse of software components. 

Docker Hub simplifies the management and distribution of containerized applications across different environments.

In [11]:
%%question
How do I pull and run a wordpress image from the docker hub?

To pull and run a WordPress image from Docker Hub, follow these steps:

1. **Install Docker**: Ensure Docker is installed and running on your system.

2. **Pull the WordPress Image**: Open a terminal and run the following command to pull the official WordPress image:
   ```bash
   docker pull wordpress
   ```

3. **Run the WordPress Container**: Use the following command to run the WordPress container. This example assumes you also need a MySQL database container:
   ```bash
   docker run --name some-wordpress --link some-mysql:mysql -p 8080:80 -d wordpress
   ```
   - Replace `some-wordpress` with your desired container name.
   - `--link some-mysql:mysql` links the WordPress container to a MySQL container (you need to set up MySQL separately).
   - `-p 8080:80` maps port 8080 on your host to port 80 on the container, making WordPress accessible at `http://localhost:8080`.

4. **Set Up MySQL**: If you haven't already set up a MySQL container, you can do so with:
   ```bash
   docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql:5.7
   ```
   - Replace `my-secret-pw` with a strong password.

5. **Access WordPress**: Open a web browser and go to `http://localhost:8080` to complete the WordPress installation process.

These steps will get you a running WordPress instance using Docker. Adjust the configurations as needed for your specific setup.

```sh
docker pull wordpress
docker images
docker run -d -p 8080:80 wordpress
docker ps
docker kill 8b3
docker ps
```

In [12]:
%%question
How do I pull and run a Microsoft SQL Server database as a container?

To pull and run a Microsoft SQL Server (SQL Server) database as a container, follow these steps:

1. **Install Docker**: Ensure Docker is installed and running on your system.

2. **Pull the SQL Server Image**: Open a terminal and run the following command to pull the official SQL Server image:
   ```bash
   docker pull mcr.microsoft.com/mssql/server
   ```

3. **Run the SQL Server Container**: Use the following command to run the SQL Server container:
   ```bash
   docker run -e 'ACCEPT_EULA=Y' -e 'SA_PASSWORD=YourStrong@Passw0rd' \
   -p 1433:1433 --name sqlserver -d mcr.microsoft.com/mssql/server
   ```
   - `-e 'ACCEPT_EULA=Y'` accepts the end-user license agreement.
   - `-e 'SA_PASSWORD=YourStrong@Passw0rd'` sets the system administrator password; replace with a strong password.
   - `-p 1433:1433` maps port 1433 on your host to port 1433 on the container, the default SQL Server port.
   - `--name sqlserver` names the container `sqlserver`.

4. **Verify the Container**: Check if the container is running with:
   ```bash
   docker ps
   ```

5. **Connect to SQL Server**: Use a SQL Server client (like SQL Server Management Studio or Azure Data Studio) to connect to `localhost,1433` using the `sa` username and the password you set earlier.

These steps will set up a running SQL Server instance in a Docker container. Adjust environment variables and configurations as needed for your specific requirements.

In [13]:
%%question
How can I store the mdf and ldf files on a volume for SQL Server container?

To store the MDF and LDF files on a Docker volume for a SQL Server container, follow these steps:

1. **Create a Docker Volume**: You need to create a Docker volume to persist the database files:
   ```bash
   docker volume create sqlserverdata
   ```

2. **Run the SQL Server Container with the Volume**: Start the SQL Server container and mount the volume to the appropriate directory inside the container where SQL Server stores its data files. Typically, this is `/var/opt/mssql`:
   ```bash
   docker run -e 'ACCEPT_EULA=Y' -e 'SA_PASSWORD=YourStrong@Passw0rd' \
   -p 1433:1433 --name sqlserver \
   -v sqlserverdata:/var/opt/mssql \
   -d mcr.microsoft.com/mssql/server
   ```
   - `-v sqlserverdata:/var/opt/mssql` mounts the `sqlserverdata` volume to `/var/opt/mssql` in the container.

3. **Verify the Setup**: You can verify that the volume is being used by inspecting the volume:
   ```bash
   docker volume inspect sqlserverdata
   ```

With this setup, the database files (MDF and LDF) will be stored on the Docker volume, ensuring that data persists even if the container is removed or restarted. Adjust the configurations as needed for your specific use case.

In [14]:
%%question
How do you create and run a Docker container that contains a dotnet core app (version 9)?

To create and run a Docker container that contains a .NET Core 9 app (assuming .NET 9, as .NET Core has merged into .NET), follow these steps:

1. **Create a .NET Application**: If you haven’t already, create a new .NET application. In your terminal, run:
   ```bash
   dotnet new webapp -n MyDotNetApp
   cd MyDotNetApp
   ```

2. **Create a Dockerfile**: In the root directory of your .NET application, create a file named `Dockerfile` with the following content:
   ```dockerfile
   # Use the official .NET image for building the app
   FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
   WORKDIR /app

   # Copy csproj and restore as distinct layers
   COPY *.csproj ./
   RUN dotnet restore

   # Copy everything else and build
   COPY . ./
   RUN dotnet publish -c Release -o out

   # Use the official .NET image for running the app
   FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS runtime
   WORKDIR /app
   COPY --from=build /app/out ./
   ENTRYPOINT ["dotnet", "MyDotNetApp.dll"]
   ```

3. **Build the Docker Image**: Build the Docker image with the following command:
   ```bash
   docker build -t my-dotnet-app .
   ```

4. **Run the Docker Container**: Use the following command to run the Docker container:
   ```bash
   docker run -d -p 8080:80 --name my-dotnet-running-app my-dotnet-app
   ```

5. **Access the Application**: Open a web browser and go to `http://localhost:8080` to see your .NET application running.

These steps will get your .NET 9 application running in a Docker container. Adjust the configurations in the `Dockerfile` and Docker commands as needed for your specific application.

In [16]:
%%question
What does the following dockerfile do?

FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
WORKDIR /app
EXPOSE 80

ENV ASPNETCORE_URLS=http://+:80

FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0 AS build
ARG configuration=Release
WORKDIR /src
COPY ["az204docker.csproj", "./"]
RUN dotnet restore "az204docker.csproj"
COPY . .
WORKDIR "/src/."
RUN dotnet build "az204docker.csproj" -c $configuration -o /app/build

FROM build AS publish
ARG configuration=Release
RUN dotnet publish "az204docker.csproj" -c $configuration -o /app/publish /p:UseAppHost=false

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "az204docker.dll"]


This Dockerfile is used to build and deploy a .NET 9 application using a multi-stage build process. Here's what each part does:

1. **Stage 1: Base Image**
   - `FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base`: Sets up a base image using the .NET 9 ASP.NET runtime.
   - `WORKDIR /app`: Sets the working directory to `/app`.
   - `EXPOSE 80`: Exposes port 80 for the application.
   - `ENV ASPNETCORE_URLS=http://+:80`: Configures ASP.NET Core to listen on port 80.

2. **Stage 2: Build Image**
   - `FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:9.0 AS build`: Uses a .NET 9 SDK image for building the application, allowing cross-platform builds if needed.
   - `ARG configuration=Release`: Defines a build argument for the configuration, defaulting to Release.
   - `WORKDIR /src`: Sets the working directory to `/src`.
   - `COPY ["az204docker.csproj", "./"]`: Copies the project file into the container.
   - `RUN dotnet restore "az204docker.csproj"`: Restores the project dependencies.
   - `COPY . .`: Copies the entire project into the container.
   - `WORKDIR "/src/."`: Sets the working directory to the project root.
   - `RUN dotnet build "az204docker.csproj" -c $configuration -o /app/build`: Builds the application.

3. **Stage 3: Publish Image**
   - `FROM build AS publish`: Starts a new stage from the build stage.
   - `ARG configuration=Release`: Reuses the configuration argument.
   - `RUN dotnet publish "az204docker.csproj" -c $configuration -o /app/publish /p:UseAppHost=false`: Publishes the application to the `/app/publish` directory, with `UseAppHost=false` to avoid generating a platform-specific executable.

4. **Stage 4: Final Image**
   - `FROM base AS final`: Begins a new stage based on the base image.
   - `WORKDIR /app`: Sets the working directory to `/app`.
   - `COPY --from=publish /app/publish .`: Copies the published application from the publish stage.
   - `ENTRYPOINT ["dotnet", "az204docker.dll"]`: Sets the entry point to run the application.

This Dockerfile efficiently builds, publishes, and packages the .NET application, creating a lightweight runtime image for deployment.

In [17]:
%%question
How do I build this image?

To build the Docker image using the provided Dockerfile, follow these steps:

1. **Navigate to the Directory**: Open a terminal and navigate to the directory containing your Dockerfile and the .NET project (`az204docker.csproj`).

2. **Build the Docker Image**: Run the following command to build the image:
   ```bash
   docker build -t my-dotnet-app .
   ```
   - `-t my-dotnet-app`: Tags the image with the name `my-dotnet-app`. You can replace `my-dotnet-app` with any name you prefer.
   - `.` specifies the current directory as the build context.

This command will execute the instructions in the Dockerfile to create a Docker image of your .NET application. Once the build completes, you can verify the image is created by running:
```bash
docker images
```

This will list all Docker images on your system, and you should see `my-dotnet-app` among them.

In [10]:
%%question
What are image layers and why are they beneficial?

Image layers are individual read-only layers that make up a Docker image. Each layer represents a set of file system changes, such as adding, modifying, or deleting files. When you build a Docker image using a Dockerfile, each instruction in the Dockerfile creates a new layer.

**Benefits of Image Layers:**

1. **Efficiency**: Layers allow for efficient storage and transfer of images. Only the layers that have changed need to be updated or downloaded, reducing bandwidth and speeding up deployment.

2. **Reusability**: Since layers are cached, they can be reused across different images. This speeds up the build process, as unchanged layers do not need to be rebuilt.

3. **Modularity**: Layers enable a modular approach to image creation. Changes can be made to individual layers without affecting others, providing flexibility in updating and maintaining images.

4. **Versioning**: Each layer acts like a version of the file system, allowing you to roll back to previous states if necessary.

Overall, image layers contribute to the efficiency, speed, and flexibility of working with Docker images.

In [15]:
%%question
What is a multi-container application and how do you deploy it using Docker Compose?

A multi-container application is an application that consists of multiple interconnected services, each running in its own container. These services can include web servers, databases, cache systems, etc. Docker Compose is a tool that helps define and run multi-container Docker applications using a simple YAML file.

**Deploying a Multi-Container Application with Docker Compose:**

1. **Create a `docker-compose.yml` File**: This file describes the services, networks, and volumes your application requires. Here's an example for a web application with a database:

   ```yaml
   version: '3.8'

   services:
     web:
       image: my-web-app
       build: .
       ports:
         - "8080:80"
       depends_on:
         - db

     db:
       image: postgres:latest
       environment:
         POSTGRES_USER: user
         POSTGRES_PASSWORD: password
         POSTGRES_DB: mydatabase
       volumes:
         - dbdata:/var/lib/postgresql/data

   volumes:
     dbdata:
   ```

   - `services`: Defines the containers to be run.
   - `web`: A service using a custom image built from the local Dockerfile.
   - `db`: A PostgreSQL database service.
   - `depends_on`: Specifies the order of service startup.
   - `volumes`: Persists data for the database.

2. **Build and Start the Application**: Run the following command in the directory containing your `docker-compose.yml` file:
   ```bash
   docker-compose up --build
   ```

   - `--build`: Rebuilds images before starting containers.

3. **Access the Application**: Access your application at `http://localhost:8080`.

4. **Stop the Application**: Use the following command to stop and remove containers:
   ```bash
   docker-compose down
   ```

Docker Compose simplifies managing multi-container applications by centralizing the configuration and lifecycle management into a single file. Adjust the `docker-compose.yml` configurations as needed for your specific application's requirements.

# Manage container images in Azure Container Registry

In [18]:
%%learn
https://learn.microsoft.com/en-us/training/modules/publish-container-image-to-azure-container-registry/

https://learn.microsoft.com/en-us/training/modules/publish-container-image-to-azure-container-registry/1-introduction
https://learn.microsoft.com/en-us/training/modules/publish-container-image-to-azure-container-registry/2-azure-container-registry-overview
https://learn.microsoft.com/en-us/training/modules/publish-container-image-to-azure-container-registry/3-azure-container-registry-storage
https://learn.microsoft.com/en-us/training/modules/publish-container-image-to-azure-container-registry/4-azure-container-registry-tasks
https://learn.microsoft.com/en-us/training/modules/publish-container-image-to-azure-container-registry/5-dockerfile-components
https://learn.microsoft.com/en-us/training/modules/publish-container-image-to-azure-container-registry/6-build-run-image-azure-container-registry


('',
 'https://learn.microsoft.com/en-us/training/modules/publish-container-image-to-azure-container-registry/\n')

In [19]:
%%question
What is Azure Container Registry used for?

Azure Container Registry (ACR) is used for storing and managing private Docker container images and related artifacts. It integrates with container development and deployment pipelines, allowing for automated builds and deployments using ACR Tasks. It supports scalable orchestration systems like Kubernetes and Azure services such as Azure Kubernetes Service (AKS) and Azure App Service.

In [20]:
%%question
How does this differ from Docker Hub? Compare this in a table

Certainly! Here's a comparison between Azure Container Registry (ACR) and Docker Hub:

| Feature/Aspect         | Azure Container Registry (ACR)                                | Docker Hub                                      |
|------------------------|---------------------------------------------------------------|-------------------------------------------------|
| **Type**               | Managed private registry                                      | Public registry with private options            |
| **Integration**        | Integrates with Azure services (AKS, App Service, etc.)       | Integrates with Docker CLI and third-party tools|
| **Authentication**     | Supports Azure Active Directory (Microsoft Entra) integration | Uses Docker ID for authentication                |
| **Geo-replication**    | Available in Premium tier for multi-region replication        | Not directly supported                           |
| **Service Tiers**      | Basic, Standard, Premium                                      | Free, Pro, Team, Business plans                  |
| **Automated Builds**   | Supports ACR Tasks for automated builds and deployments       | Supports automated builds with GitHub/Bitbucket |
| **Security Features**  | Supports content trust and encryption-at-rest                 | Basic security features, private repositories    |
| **Storage**            | Managed storage within Azure                                  | Hosted storage with limitations on free tier     |
| **Pricing**            | Based on tier and usage                                       | Free tier with limitations, paid plans available |

These differences highlight how ACR is tailored for integration within the Azure ecosystem, offering advanced features like geo-replication and Azure-specific authentication, while Docker Hub provides a more general-purpose platform with a focus on public and private repositories.

In [21]:
%%question
What are the different Azure Container Registry service tiers? Compare this in a table

Certainly! Here’s a comparison of the different Azure Container Registry (ACR) service tiers:

| Feature/Aspect          | Basic                                | Standard                            | Premium                              |
|-------------------------|--------------------------------------|-------------------------------------|---------------------------------------|
| **Purpose**             | Entry-level, cost-optimized          | Suitable for most production needs  | High-volume and enterprise scenarios  |
| **Storage Capacity**    | Lower storage capacity               | Moderate storage capacity           | Highest storage capacity available    |
| **Image Throughput**    | Lower throughput                     | Higher throughput than Basic        | Highest throughput and concurrency    |
| **Geo-replication**     | Not available                        | Not available                       | Available                             |
| **Content Trust**       | Not available                        | Not available                       | Available                             |
| **Private Link**        | Not available                        | Not available                       | Available                             |
| **Webhooks**            | Supported                            | Supported                           | Supported                             |
| **Microsoft Entra (Azure AD) Integration** | Supported      | Supported                           | Supported                             |

These tiers allow users to choose the appropriate level of performance and features based on their needs and budget, with Premium offering additional enterprise-level features such as geo-replication and private link support.

In [22]:
%%question
What image formats are supported by Azure Container Registry?  What are the differences between them?

Azure Container Registry (ACR) supports several image formats, including:

1. **Docker Images**: 
   - **Description**: Standard container images used to package applications and their dependencies.
   - **Usage**: Commonly used across different container orchestration platforms, such as Kubernetes and Docker Swarm.

2. **Open Container Initiative (OCI) Images**:
   - **Description**: A specification for container images aimed at fostering an open container ecosystem.
   - **Usage**: Similar to Docker images but follows the OCI standard, ensuring compatibility across different platforms.

3. **Helm Charts**:
   - **Description**: Packages that define Kubernetes applications, including all necessary resources and dependencies.
   - **Usage**: Used to deploy and manage applications on Kubernetes clusters efficiently.

**Differences**:
- **Docker vs. OCI Images**: OCI images adhere to an open standard, promoting compatibility and interoperability, while Docker images are built around the Docker-specific format. However, both are functionally similar and often interchangeable.
- **Helm Charts**: Unlike Docker and OCI images, Helm charts are not images themselves but packages that facilitate the deployment of containerized applications in Kubernetes environments, including configuration and dependencies.

Azure Container Registry's support for these formats allows flexible and efficient management and deployment of containerized applications across different environments.

In [23]:
%%question
What steps would I need to take in order to push my locally developed docker image into the container registry?

To push your locally developed Docker image to Azure Container Registry (ACR), follow these steps:

1. **Create an Azure Container Registry**:
   - Use the Azure Portal, Azure CLI, or Azure PowerShell to create a new container registry.
   - Example using Azure CLI:
     ```bash
     az acr create --resource-group <resource-group-name> --name <registry-name> --sku Basic
     ```

2. **Log in to Azure Container Registry**:
   - Authenticate with your ACR instance using Azure CLI:
     ```bash
     az acr login --name <registry-name>
     ```

3. **Tag your Docker Image**:
   - Tag the local Docker image with the ACR login server name:
     ```bash
     docker tag <local-image>:<tag> <registry-name>.azurecr.io/<image>:<tag>
     ```

4. **Push the Image to ACR**:
   - Push your tagged image to the container registry:
     ```bash
     docker push <registry-name>.azurecr.io/<image>:<tag>
     ```

5. **Verify the Image in ACR**:
   - Use the Azure CLI to list the repositories in your registry to confirm the image was pushed:
     ```bash
     az acr repository list --name <registry-name> --output table
     ```
   - You can also list the tags of the specific repository:
     ```bash
     az acr repository show-tags --name <registry-name> --repository <image> --output table
     ```

These steps will help you push your Docker image from your local environment to your Azure Container Registry for use in deployments.

In [24]:
%%question
What is an Azure Container Registry Task. What's the purpose of this?

An Azure Container Registry Task (ACR Task) is a feature of Azure Container Registry that automates the building, testing, and deployment of container images in the cloud. 

**Purpose of ACR Tasks**:
- **Automated Builds**: Automatically build container images when changes are made to the source code or when a base image is updated.
- **Continuous Integration/Continuous Deployment (CI/CD)**: Integrate with CI/CD pipelines to streamline the development and deployment processes.
- **Multi-Architecture Builds**: Build images for different architectures (e.g., Linux, Windows) using ACR Tasks.
- **Build on Demand**: Trigger builds manually as needed for development or testing purposes.
- **Multi-Step Workflows**: Define complex workflows involving multiple build, test, and deployment steps using YAML files.

ACR Tasks help to simplify and automate the management of container images, improving efficiency and consistency in the deployment of containerized applications.

In [25]:
%%question
Can you share a small example in C# and how I would build the image using AZ CLI?

Certainly! Here's a simple example of a C# application and how you can build its Docker image using Azure CLI.

### Example C# Application

Create a simple C# console application:

1. **Create the Project:**
   ```bash
   mkdir HelloWorldApp
   cd HelloWorldApp
   dotnet new console
   ```

2. **Edit the Program:**
   - Open `Program.cs` and modify it if necessary (default will print "Hello, World!").

3. **Create a Dockerfile:**
   - Create a file named `Dockerfile` in your project directory with the following content:
     ```dockerfile
     FROM mcr.microsoft.com/dotnet/runtime:6.0 AS base
     WORKDIR /app

     FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
     WORKDIR /src
     COPY . .
     RUN dotnet build -c Release -o /app/build

     FROM build AS publish
     RUN dotnet publish -c Release -o /app/publish

     FROM base AS final
     WORKDIR /app
     COPY --from=publish /app/publish .
     ENTRYPOINT ["dotnet", "HelloWorldApp.dll"]
     ```

### Building the Image with Azure CLI

4. **Login to Azure and ACR:**
   - Ensure you are logged into Azure and your ACR:
     ```bash
     az login
     az acr login --name <your-registry-name>
     ```

5. **Build the Image using ACR Tasks:**
   - Use the Azure CLI to build the image directly in ACR:
     ```bash
     az acr build --registry <your-registry-name> --image hello-world-app:latest .
     ```

6. **Verify the Image:**
   - Check that the image was built and is available in your ACR:
     ```bash
     az acr repository list --name <your-registry-name> --output table
     ```

This process uses an ACR Task to build the Docker image in the cloud, which can be more efficient and does not require local Docker installations.

# Run container images in Azure Container Instances

In [26]:
%%learn
https://learn.microsoft.com/en-us/training/modules/create-run-container-images-azure-container-instances/

https://learn.microsoft.com/en-us/training/modules/create-run-container-images-azure-container-instances/1-introduction
https://learn.microsoft.com/en-us/training/modules/create-run-container-images-azure-container-instances/2-azure-container-instances-overview
https://learn.microsoft.com/en-us/training/modules/create-run-container-images-azure-container-instances/3-run-azure-container-instances-cloud-shell
https://learn.microsoft.com/en-us/training/modules/create-run-container-images-azure-container-instances/4-run-containerized-tasks-restart-policies
https://learn.microsoft.com/en-us/training/modules/create-run-container-images-azure-container-instances/5-set-environment-variables-azure-container-instances
https://learn.microsoft.com/en-us/training/modules/create-run-container-images-azure-container-instances/6-mount-azure-file-share-azure-container-instances


('',
 'https://learn.microsoft.com/en-us/training/modules/create-run-container-images-azure-container-instances/\n')

In [27]:
%%question
What are Azure Container Instances?

Azure Container Instances (ACI) provide a simple and fast way to run containers in Azure without managing virtual machines. ACI allows you to deploy containers with ease, offering fast startup times, isolation with hypervisor-level security, and support for both Linux and Windows containers. It supports features like custom resource allocation, persistent storage with Azure file shares, and direct internet exposure with an IP address and FQDN. ACI is ideal for scenarios requiring isolated containers, such as simple applications, task automation, and build jobs.

In [28]:
%%question
Do I need to provision virtual machines for this?

No, with Azure Container Instances (ACI), you do not need to provision or manage virtual machines. ACI handles the infrastructure management, allowing you to focus on running your containers.

In [29]:
%%question
What would be usefull scenarios to use Azure Container Instances?

Azure Container Instances are useful in various scenarios, including:

1. **Development and Testing**: Quickly spin up containers to test applications or perform development tasks without managing infrastructure.

2. **Task Automation**: Run batch jobs, data processing tasks, or automation scripts that require temporary compute capacity.

3. **Microservices**: Deploy simple microservices that do not require full orchestration or complex infrastructure.

4. **Event-Driven Applications**: Execute containers in response to events, such as processing messages from a queue.

5. **CI/CD Pipelines**: Use ACI to build, test, or deploy applications as part of a continuous integration/continuous deployment workflow.

6. **Temporary Workloads**: Run short-lived tasks or applications that do not need long-term hosting, reducing costs by paying only for the resources used.

7. **Prototyping and Demos**: Quickly deploy application prototypes or demos without the overhead of setting up a full environment.

In [30]:
%%question
What are Virtual Kubelets?

Virtual Kubelets are a Kubernetes feature that allows you to extend the Kubernetes API by connecting to other compute backends, such as serverless container platforms. They act as a node within a Kubernetes cluster but do not have the overhead of a full Kubernetes node. Instead, they communicate with other services to manage the lifecycle of pods.

In the context of Azure, the Azure Virtual Kubelet integrates Azure Container Instances (ACI) with Kubernetes, allowing you to run pods on ACI as if they were part of your Kubernetes cluster. This provides the flexibility to scale workloads without managing additional infrastructure.

In [None]:
%%question
Would this also be usefull to run fullsize enterprise line of business applications that require scalability?

In [31]:
%%question
Has ACI support for scaling up/down/out/in?

Azure Container Instances (ACI) does not natively provide automatic scaling features like Kubernetes. However, you can manually scale your container instances by adjusting the number of containers you deploy. For automatic scaling, it's recommended to use Azure Kubernetes Service (AKS) with Azure Virtual Kubelet, which can leverage ACI to scale out workloads seamlessly based on demand.

In [32]:
%%question
Does it support running a container group (docker compose)? How would I implement this?

Azure Container Instances (ACI) supports running a container group, which is similar to using Docker Compose. A container group in ACI allows you to deploy multiple containers on the same host with shared resources, networking, and storage.

To implement this:

1. **YAML File**: Define your container group in a YAML file. Specify the containers, their images, ports, environment variables, and volumes.

2. **Azure CLI**: Use the Azure CLI to deploy the container group using the YAML file. The command looks like this:
   ```bash
   az container create --resource-group <resource-group> --file <your-yaml-file>.yaml
   ```

3. **Azure Resource Manager Template**: Alternatively, use an Azure Resource Manager template if you need to deploy additional Azure resources along with your container group.

This approach allows you to define and deploy multi-container applications in ACI, similar to how you would with Docker Compose.

In [33]:
%%question
Can I mount a fileshare to a container? How would I do this?

Yes, you can mount an Azure file share to a container in Azure Container Instances (ACI). Here's how you can do it:

1. **Create an Azure File Share**: 
   - Use the Azure Portal or Azure CLI to create a file share in an Azure Storage Account.

2. **Mount the File Share in ACI**:
   - You need to specify the file share details when creating the container instance. This can be done using the Azure CLI or a YAML file.

   **Using Azure CLI**:
   ```bash
   az container create \
     --resource-group <resource-group> \
     --name <container-name> \
     --image <image> \
     --azure-file-volume-account-name <storage-account-name> \
     --azure-file-volume-account-key <storage-account-key> \
     --azure-file-volume-share-name <file-share-name> \
     --azure-file-volume-mount-path /mnt/azfiles
   ```

   **Using YAML**:
   ```yaml
   apiVersion: '2018-10-01'
   location: <location>
   name: <container-group-name>
   properties:
     containers:
     - name: <container-name>
       properties:
         image: <image>
         volumeMounts:
         - mountPath: /mnt/azfiles
           name: myazfileshare
     osType: Linux
     volumes:
     - name: myazfileshare
       azureFile:
         shareName: <file-share-name>
         storageAccountName: <storage-account-name>
         storageAccountKey: <storage-account-key>
   ```

3. **Deploy the Container**:
   - Use the Azure CLI to deploy the container group with the YAML file:
   ```bash
   az container create --resource-group <resource-group> --file <your-yaml-file>.yaml
   ```

This setup allows your container to access the Azure file share at the specified mount path, enabling persistent storage of data beyond the container's lifecycle.

In [34]:
%%question 
What are the different restart policies supported by ACI? Compare them in table format. Also include instructions how to set the policy

Azure Container Instances (ACI) supports three different restart policies. Here's a comparison in table format:

| Restart Policy | Description                                                                                       | Usage Scenario                                          |
|----------------|---------------------------------------------------------------------------------------------------|---------------------------------------------------------|
| Always         | Containers are always restarted regardless of the exit status. This is the default policy.        | Use for persistent services that need to run continuously. |
| Never          | Containers are never restarted. They run once and do not restart automatically.                   | Suitable for one-time tasks or batch jobs.              |
| OnFailure      | Containers are restarted only when they fail (exit with a nonzero status).                        | Ideal for retrying failed tasks or jobs automatically.  |

### How to Set the Restart Policy

To set the restart policy for a container group using the Azure CLI, you can specify the `--restart-policy` parameter:

```bash
az container create \
  --resource-group <resource-group> \
  --name <container-name> \
  --image <image> \
  --restart-policy <policy> \
  --other-parameters 
```

Replace `<policy>` with `Always`, `Never`, or `OnFailure` depending on your requirement. Adjust other parameters as necessary for your specific deployment.

In [35]:
%%question
How can I set environment variables?

To set environment variables for a container in Azure Container Instances (ACI), you can specify them during the creation of the container using the Azure CLI or in a YAML file.

### Using Azure CLI

```bash
az container create \
  --resource-group <resource-group> \
  --name <container-name> \
  --image <image> \
  --environment-variables VAR1=value1 VAR2=value2 \
  --other-parameters
```

### Using YAML

Define the environment variables in the `environmentVariables` section of your YAML file:

```yaml
apiVersion: '2018-10-01'
location: <location>
name: <container-group-name>
properties:
  containers:
  - name: <container-name>
    properties:
      image: <image>
      environmentVariables:
      - name: VAR1
        value: value1
      - name: VAR2
        value: value2
  osType: Linux
```

Then deploy the container using the YAML file:

```bash
az container create --resource-group <resource-group> --file <your-yaml-file>.yaml
```

This will set and pass the specified environment variables to the container when it starts.

# Implement Azure Container Apps

In [36]:
%%learn
https://learn.microsoft.com/en-us/training/modules/implement-azure-container-apps/

https://learn.microsoft.com/en-us/training/modules/implement-azure-container-apps/1-introduction
https://learn.microsoft.com/en-us/training/modules/implement-azure-container-apps/2-explore-azure-container-apps
https://learn.microsoft.com/en-us/training/modules/implement-azure-container-apps/4-container-apps-containers
https://learn.microsoft.com/en-us/training/modules/implement-azure-container-apps/5-container-apps-authentication
https://learn.microsoft.com/en-us/training/modules/implement-azure-container-apps/6-container-apps-revisions-secrets
https://learn.microsoft.com/en-us/training/modules/implement-azure-container-apps/7-explore-distributed-application-runtime


('',
 'https://learn.microsoft.com/en-us/training/modules/implement-azure-container-apps/\n')

In [37]:
%%question
What is Azure Container Apps?

Azure Container Apps is a serverless container service that allows you to run microservices and containerized applications on a serverless platform without managing infrastructure. It supports features like dynamic scaling, HTTPS ingress, and integration with Dapr for building microservices. Azure Container Apps is ideal for deploying API endpoints, background processing applications, event-driven processing, and more.

In [38]:
%%question
Provide me with a detailed comparison between ACI, ACA and AKS in table format

Certainly! Here's a comparison between Azure Container Instances (ACI), Azure Container Apps (ACA), and Azure Kubernetes Service (AKS):

| Feature/Aspect         | Azure Container Instances (ACI)                                            | Azure Container Apps (ACA)                                         | Azure Kubernetes Service (AKS)                              |
|------------------------|----------------------------------------------------------------------------|---------------------------------------------------------------------|-------------------------------------------------------------|
| **Purpose**            | Run single containers quickly without managing infrastructure              | Serverless platform for running containerized apps and microservices | Full-fledged Kubernetes service for container orchestration |
| **Use Case**           | Simple tasks, short-lived workloads, and isolated containers                | Microservices, event-driven apps, scale-to-zero applications        | Complex applications requiring orchestration, scaling, and management |
| **Infrastructure**     | No infrastructure management                                                | No infrastructure management                                        | Requires managing Kubernetes nodes                          |
| **Scaling**            | Manual scaling of container instances                                       | Autoscaling based on HTTP traffic, events, CPU, memory via KEDA     | Autoscaling with Kubernetes tools like HPA and Cluster Autoscaler |
| **Service Discovery**  | Limited, typically for single-container scenarios                           | Built-in service discovery and internal ingress                     | Full Kubernetes service discovery and networking            |
| **Deployment Complexity** | Extremely simple, deploy individual containers                           | Moderate complexity for deploying apps with revisions               | High complexity, requires Kubernetes knowledge              |
| **Integration with Dapr** | No direct integration                                                    | Native Dapr integration for building microservices                  | Dapr can be integrated manually                             |
| **Persistent Storage** | Azure File Share is supported                                               | Secrets management, but no direct persistent storage feature        | Supports various persistent storage options with Kubernetes |
| **Ingress**            | Public IP assigned to container, limited control                            | Built-in HTTPS ingress support                                      | Full ingress support with custom controllers                |
| **Security**           | Basic isolation per container                                               | Built-in authentication and authorization                           | Comprehensive security options with Kubernetes RBAC and policies |
| **Pricing Model**      | Pay-per-second billing for running containers                               | Serverless pricing model, pay for resources used                    | Pay for node VMs and additional Azure services used         |
| **Ideal For**          | Quick, simple deployments                                                   | Serverless microservices and event-driven applications              | Large-scale, complex applications requiring orchestration   |

This table highlights the key differences and use cases for each of these Azure container services, helping you choose the right one based on your specific needs.

In [39]:
%%question
How would I deploy a Azure Container App using AZ CLI, using an image that already has been pushed into the Azure Container Registry

To deploy an Azure Container App using the Azure CLI with an image from Azure Container Registry (ACR), follow these steps:

1. **Log in to Azure:**
   ```bash
   az login
   ```

2. **Set your subscription (if necessary):**
   ```bash
   az account set --subscription <your-subscription-id>
   ```

3. **Create a Resource Group:**
   ```bash
   az group create --name <resource-group-name> --location <location>
   ```

4. **Create an Azure Container Apps Environment:**
   ```bash
   az containerapp env create --name <env-name> --resource-group <resource-group-name> --location <location>
   ```

5. **Deploy the Container App:**
   ```bash
   az containerapp create \
     --name <app-name> \
     --resource-group <resource-group-name> \
     --environment <env-name> \
     --image <your-acr-name>.azurecr.io/<image-name>:<tag> \
     --registry-server <your-acr-name>.azurecr.io \
     --registry-username <acr-username> \
     --registry-password <acr-password> \
     --ingress external \
     --target-port <container-port>
   ```

Replace placeholders like `<resource-group-name>`, `<location>`, `<app-name>`, `<env-name>`, `<your-acr-name>`, `<image-name>`, `<tag>`, `<acr-username>`, `<acr-password>`, and `<container-port>` with your actual values.

Note: Ensure that your ACR credentials are correct and you have the necessary permissions to pull images from the ACR. You may also consider using a managed identity for more secure access to the registry.

In [40]:
%%question
What is KEDA and DAPR? How do they relate to Azure Container Apps?

**KEDA (Kubernetes Event-Driven Autoscaling)** is a component that allows event-driven scaling for Kubernetes workloads. It enables applications to scale based on the number of events or messages in a queue, among other metrics, without needing custom code for scaling logic.

**Dapr (Distributed Application Runtime)** is a runtime that simplifies the development of microservices by providing building blocks for service-to-service invocation, state management, pub/sub messaging, and more. It helps developers build resilient, distributed applications without needing to handle these concerns manually.

**Relation to Azure Container Apps:**

- **KEDA**: Azure Container Apps uses KEDA to provide autoscaling capabilities based on various metrics like HTTP traffic, event-driven processing, CPU, and memory load. This allows Container Apps to scale dynamically and efficiently.

- **Dapr**: Azure Container Apps has native integration with Dapr, which enables developers to build microservices with rich features such as service invocation, state management, and pub/sub. This integration simplifies the process of building and deploying microservices on Azure Container Apps by leveraging Dapr's capabilities.

In summary, both KEDA and Dapr enhance Azure Container Apps by providing advanced scaling and microservice development features.

In [41]:
%%question
What kind of features are provided by DAPR? Illustrate with a small example scenario.

**Dapr (Distributed Application Runtime)** provides several features that simplify building distributed, microservice-based applications. Here are some key features:

1. **Service-to-Service Invocation**: Allows direct communication between services with automatic retries and mutual TLS encryption.

2. **State Management**: Provides a consistent API for managing state, supporting various state stores like Redis, Azure Cosmos DB, and more.

3. **Pub/Sub Messaging**: Enables services to communicate asynchronously using a publish-subscribe model with different brokers.

4. **Bindings**: Connects microservices to external systems and SaaS platforms for input/output operations.

5. **Actors**: Provides a virtual actor pattern for building stateful, distributed applications.

6. **Observability**: Integrates with monitoring systems to provide insights into service interactions and performance.

7. **Secrets Management**: Access and manage secrets securely within applications.

### Example Scenario

**Scenario**: Building a Retail Order Processing System

- **Service-to-Service Invocation**: The "Order" service calls the "Inventory" service to check stock levels before confirming an order.

- **State Management**: The "Order" service uses Dapr to store order details in a state store, such as Redis, ensuring data persistence.

- **Pub/Sub Messaging**: When an order is placed, the "Order" service publishes an event to a pub/sub broker. The "Shipping" service subscribes to this event to initiate the shipping process.

- **Bindings**: The "Payment" service uses Dapr bindings to process payments via an external payment gateway.

- **Actors**: The "Customer" service uses Dapr actors to manage customer sessions and preferences.

- **Observability**: Dapr provides tracing and metrics for all interactions, allowing the team to monitor the system's health and performance.

- **Secrets Management**: The "Payment" service accesses sensitive payment API keys securely using Dapr's secrets management.

By leveraging Dapr, the retail system can be developed with minimal boilerplate code, focusing on business logic while Dapr handles distributed system complexities.

In [42]:
%%question
How do I implement authentication and authorization with Azure Container Apps?

To implement authentication and authorization with Azure Container Apps, you can use its built-in authentication features, which integrate with various identity providers. Here's how you can set it up:

1. **Enable Authentication**:
   - Ensure that your container app is configured to use HTTPS ingress. This is required for secure authentication.

2. **Choose an Identity Provider**:
   - Azure Container Apps supports several identity providers out-of-the-box, including:
     - Microsoft Identity Platform (Azure Active Directory)
     - Facebook
     - GitHub
     - Google
     - Twitter (X)
     - Any OpenID Connect provider

3. **Configure Authentication**:
   - Use the Azure Portal, Azure CLI, or ARM templates to enable and configure authentication for your container app.
   - For example, using the Azure CLI, you can set up authentication with a command like:
     ```bash
     az containerapp auth set --name <app-name> --resource-group <resource-group> --identity-provider <provider> --client-id <client-id> --client-secret <client-secret> --issuer-url <issuer-url>
     ```
   - Replace placeholders with appropriate values for your chosen identity provider.

4. **Set Access Restrictions**:
   - Decide whether to restrict access to authenticated users only or to allow unauthenticated access.
   - You can configure this in the Azure Portal or through the CLI by setting the "Restrict access" setting to either "Require authentication" or "Allow unauthenticated access".

5. **Implement Authorization Logic** (if needed):
   - While Azure Container Apps handles authentication, you might need to implement additional authorization logic in your application to handle roles and permissions based on user identity.

6. **Test the Authentication Flow**:
   - Verify the setup by attempting to access your application. You should be redirected to the identity provider's sign-in page if authentication is required.

Azure Container Apps handles the authentication flow and session management, injecting identity information into HTTP request headers for your application to use. This setup allows you to secure your container apps with minimal code and configuration.

In [43]:
%%question
How does ACA handle version upgrades? It is the same as with Kubernetes?

Azure Container Apps (ACA) handles version upgrades differently from Kubernetes due to its serverless nature and built-in version management features.

**Azure Container Apps:**
- **Revisions:** ACA uses a concept called "revisions" to manage different versions of your application. Each time you update your app's configuration or deploy a new image, a new revision is created. This allows you to easily roll back to a previous version if needed.
- **Traffic Splitting:** ACA allows you to split traffic between different revisions, facilitating canary deployments, A/B testing, or blue-green deployments. You can control the percentage of traffic directed to each revision.
- **Automatic Updates:** ACA abstracts much of the underlying infrastructure management, so you don't manually manage rolling updates. The platform handles the deployment process for you.

**Kubernetes:**
- **Manual Control:** Kubernetes provides more granular control over deployments using objects like Deployments, StatefulSets, and DaemonSets. You can define update strategies (e.g., rolling updates, canary releases) and manage them manually.
- **Custom Strategies:** Kubernetes allows you to implement custom deployment strategies, including complex scenarios like blue-green deployments or A/B testing, using tools like Helm or operators.
- **Infrastructure Management:** With Kubernetes, you need to manage the cluster infrastructure and ensure nodes are updated and maintained.

In summary, ACA simplifies version management with automatic revision handling and traffic splitting, while Kubernetes offers more control and customization for deployment strategies but requires more hands-on management.

In [44]:
%%question
Imagine I need to get a secret value. How would I approach this from a developers perspective in Azure Container Apps?

To retrieve a secret value as a developer in Azure Container Apps, follow these steps:

1. **Define the Secret in Azure Container Apps:**
   - First, store your secret in Azure Container Apps using the Azure CLI or Azure Portal. Secrets can be defined at the application level and are accessible to all revisions of the app.
   - Example using Azure CLI:
     ```bash
     az containerapp secret set --name <app-name> --resource-group <resource-group> --secrets key1=value1 key2=value2
     ```

2. **Reference the Secret in Your Application:**
   - Configure your container app's environment variables to reference the secret.
   - Example using Azure CLI:
     ```bash
     az containerapp update --name <app-name> --resource-group <resource-group> --env-vars MY_SECRET=secretref:key1
     ```

3. **Access the Secret in Your Code:**
   - Once the secret is set as an environment variable, access it from your application code just like any other environment variable.
   - Example in Python:
     ```python
     import os

     my_secret_value = os.getenv('MY_SECRET')
     print("The secret value is:", my_secret_value)
     ```

4. **Deploy or Update Your Application:**
   - If you haven't already, deploy or update your application to use the new configuration that includes the secret reference.

By following these steps, you can securely access secret values in Azure Container Apps without hardcoding them in your application code.

In [45]:
%%question
What if I want to use Azure Key Vault? Would this work similarly?

If you want to use Azure Key Vault with Azure Container Apps, the process is a bit different as direct integration isn't natively supported. However, you can still access secrets from Azure Key Vault by following these steps:

1. **Set Up Azure Key Vault**:
   - Store your secrets in Azure Key Vault.

2. **Enable Managed Identity on Azure Container App**:
   - Use a managed identity to allow Azure Container Apps to access Azure Key Vault securely without hardcoding credentials.
   - Enable a managed identity for your container app:
     ```bash
     az containerapp identity assign --name <app-name> --resource-group <resource-group>
     ```

3. **Grant Key Vault Access**:
   - Assign the managed identity the necessary permissions to access the secrets in Azure Key Vault.
   - Use Azure CLI to set an access policy:
     ```bash
     az keyvault set-policy --name <keyvault-name> --object-id <identity-object-id> --secret-permissions get
     ```

4. **Access Secrets in Your Application Code**:
   - Use the Azure SDK for your programming language to interact with Azure Key Vault from your application.
   - Example in Python:
     ```python
     from azure.identity import ManagedIdentityCredential
     from azure.keyvault.secrets import SecretClient

     credential = ManagedIdentityCredential()
     client = SecretClient(vault_url="https://<keyvault-name>.vault.azure.net/", credential=credential)

     secret = client.get_secret("<secret-name>")
     print("The secret value is:", secret.value)
     ```

By using Azure Key Vault with managed identities, you can securely retrieve secrets in Azure Container Apps without exposing sensitive information, leveraging Azure's identity and access management capabilities.