Close this search box.

App Service Docker continuous deployment

Share This Post

Before Microsoft announced Container Apps (Kubernetes as a Service), App services were considered an alternative if companies did not want to set up and maintain an entire Kubernetes stack. Here, a developer can push docker images to an Azure Container Registry, where the App Service pull and run the image.

High level design – Architecture


A new container image will be created and pushed to the container registry through DevOps. Next, the App Service should pull it to run the latest application changes. This can be done by providing the following parameters in the configuration of the App Service.

DOCKER_REGISTRY_SERVER_URL = <URL of the Container Registry>

There are two possibilities for this:

  1. A fixed tag, e.g. “latest“, which is provided in the App Service configuration ( See screenshot below) (Recommended)
  2. The pipeline release number determines the docker version. Then the configuration needs to be changed again in the App Service.

Furthermore, the possibility exists to enable continuous deployment through the App Service. For example, a webhook sends a signal to the App Service when a new version is added to the container registry.

Caution! This solution does not work when private endpoints are enabled, which is recommended from a security perspective.


The webhook is a public service and can only be accessed if we operate without private endpoints.
Unfortunately, this is a best practice, and many companies will follow this and enable private endpoints to their Azure Container Registries.


To get around this problem, we need a second pipeline to restart the App Service (or build this step into the pipeline and give the Service Principal used for the Pipeline connection the correct permission in Azure). After a restart, the container image is reloaded, and the user can utilise the latest functionality.

az webapp restart --name xxxx --resource-group xxxx


  1. Work with fixed tags on the container image, such as “latest.”
  2. Ensure the App Service is configured to load the image with the tag “latest.”
  3. Configure a pipeline to restart the App Service after pushing a new container image to the Azure Container Registry.

More To Explore

Azure Kubernetes security common misconceptions

Azure Kubernetes Service (AKS) has emerged as a leading platform for container orchestration, offering scalability (with Keda), flexibility, and an easy management panel. However, like