“No root” Containers with Azure Container Instances

Earlier this week, my colleague Sebastien Goasguen demonstrated using the new Bitnami non-root containers on RedHat Openshift. Inspired by his post, I wanted to follow-up and show you how to get your code running on the Azure cloud with just a few keystrokes.

To do this I’m going to combine the Bitnami nginx container image with the new Azure Container Instances service, just announced for public preview. The Azure Container Instances service is ideal for just run my code use-cases where the complexity and overhead of creating and managing an orchestration platform such as Docker Swarm or Kubernetes is not needed. I like to think of it as ‘docker run’ for the public cloud.

The first step is to package the code into a Docker container image and push it to the Docker hub (you can skip this step and use the public image if you prefer)

Create the Dockerfile

FROM bitnami/nginx:1.12.1-r2
RUN curl -L \
http://api.github.com/repos/arodic/jellyfish/tarball/master \
| tar zx — strip=1

Then build and push the image

docker build . -t nomisbeme/nginx-jelly
docker push nomisbeme/nginx-jelly

Next I ask the Azure Container Instances service to launch an instance of image, exposing it via a public IP address. This is a two step process where I create a group, then create the instance within the group using the Azure CLI:

az group create -n testgroup -l westus
az container create -g testgroup --name jelly \
--image nomisbeme/nginx-jelly \
--port 8080 --ip-address public

Note: This requires the Azure CLI and an Azure Cloud account. Azure Container Instances is currently free and will offer per-second billing at launch.

Finally, I ask Azure for the public IP address our code has been exposed on in the West US region:

az container show -n jelly -g testgroup | jq -r \
‘.properties.ipAddress.ip’
<ip address>

And open a web browser to the IP address returned:

http://<ipaddress>:8080/

Specifying port 8080 is important here — this is root-less nginx so it doesn’t have permission to bind to a low port.

A Smack of Jellyfish on Azure Cloud

Note: I have found that it can take up to one minute for the public port to be opened after the container is launched. If your browser can’t connect, try refreshing.