Before Microsoft announced Container Apps (Kubernetes as a Service), App services were considered an alternative if companies did not want to set up and maintain an entire Kubernetes stack. Here, a developer can push docker images to an Azure Container Registry, where the App Service pull and run the image.
High level design – Architecture
Solution
A new container image will be created and pushed to the container registry through DevOps. Next, the App Service should pull it to run the latest application changes. This can be done by providing the following parameters in the configuration of the App Service.
WEBSITES_PORT = 8081
DOCKER_REGISTRY_SERVER_URL = <URL of the Container Registry>There are two possibilities for this:
- A fixed tag, e.g. “latest“, which is provided in the App Service configuration ( See screenshot below) (Recommended)
- The pipeline release number determines the docker version. Then the configuration needs to be changed again in the App Service.
Furthermore, the possibility exists to enable continuous deployment through the App Service. For example, a webhook sends a signal to the App Service when a new version is added to the container registry.
Caution! This solution does not work when private endpoints are enabled, which is recommended from a security perspective.
Problem?
The webhook is a public service and can only be accessed if we operate without private endpoints.
Unfortunately, this is a best practice, and many companies will follow this and enable private endpoints to their Azure Container Registries.
Alternative
To get around this problem, we need a second pipeline to restart the App Service (or build this step into the pipeline and give the Service Principal used for the Pipeline connection the correct permission in Azure). After a restart, the container image is reloaded, and the user can utilise the latest functionality.
az webapp restart --name xxxx --resource-group xxxxConclusion
- Work with fixed tags on the container image, such as “latest.”
- Ensure the App Service is configured to load the image with the tag “latest.”
- Configure a pipeline to restart the App Service after pushing a new container image to the Azure Container Registry.
