Deploying Docker containers on Azure
Estimated reading time: 12 minutes
The Docker Azure Integration enables developers to use native Docker commands to run applications in Azure Container Instances (ACI) when building cloud-native applications. The new experience provides a tight integration between Docker Desktop and Microsoft Azure allowing developers to quickly run applications using the Docker CLI or VS Code extension, to switch seamlessly from local development to cloud deployment.
In addition, the integration between Docker and Microsoft developer technologies allow developers to use the Docker CLI to:
- Easily log into Azure
- Set up an ACI context in one Docker command allowing you to switch from a local context to a cloud context and run applications quickly and easily
- Simplify single container and multi-container application development using the Compose specification, allowing a developer to invoke fully Docker-compatible commands seamlessly for the first time natively within a cloud container service
Docker Azure Integration is currently a beta release. The commands and flags are subject to change in subsequent releases.
To deploy Docker containers on Azure, you must meet the following requirements:
Download and install Docker Desktop Stable version 18.104.22.168 or later, or Edge version 22.214.171.124 or later.
Alternatively, install the Docker Compose CLI for Linux.
Ensure you have an Azure subscription. You can get started with an Azure free account.
Run Docker containers on ACI
Docker not only runs containers locally, but also enables developers to seamlessly deploy Docker containers on ACI using
docker run or deploy multi-container applications defined in a Compose file using the
docker compose up command.
The following sections contain instructions on how to deploy your Docker containers on ACI.
Log into Azure
Run the following commands to log into Azure:
docker login azure
This opens your web browser and prompts you to enter your Azure login credentials.
Alternatively, you can log in without interaction (typically in
scripts or continuous integration scenarios), using an Azure Service
docker login azure --client-id xx --client-secret yy --tenant-id zz
Logging in through the Azure Service Provider obtains an access token valid for a short period (typically 1h), but it does not allow you to automatically and transparently refresh this token. You must manually re-login when the access token has expired when logging in with a Service Provider.
You can also use the
--tenant-id option alone to specify a tenant, if
you have several ones available in Azure.
Create an ACI context
After you have logged in, you need to create a Docker context associated with ACI to deploy containers in ACI. For example, let us create a new context called
docker context create aci myacicontext
This command automatically uses your Azure login credentials to identify your subscription IDs and resource groups. You can then interactively select the subscription and group that you would like to use. If you prefer, you can specify these options in the CLI using the following flags:
If you don’t have any existing resource groups in your Azure account, the
docker context create aci myacicontext command creates one for you. You don’t have to specify any additional options to do this.
After you have created an ACI context, you can list your Docker contexts by running the
docker context ls command:
NAME TYPE DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR myacicontext aci myResourceGroupGTA@eastus default * moby Current DOCKER_HOST based configuration unix:///var/run/docker.sock swarm
If you need to change the subscription and create a new context, you must execute the
docker login azurecommand again.
Run a container
Now that you’ve logged in and created an ACI context, you can start using Docker commands to deploy containers on ACI.
There are two ways to use your new ACI context. You can use the
--context flag with the Docker command to specify that you would like to run the command using your newly created ACI context.
docker --context myacicontext run -p 80:80 nginx
Or, you can change context using
docker context use to select the ACI context to be your focus for running Docker commands. For example, we can use the
docker context use command to deploy an ngnix container:
docker context use myacicontext docker run -p 80:80 nginx
After you’ve switched to the
myacicontext context, you can use docker ps to list your containers running on ACI.
To view logs from your container, run:
docker logs <CONTAINER_ID>
To execute a command in a running container, run:
docker exec -t <CONTAINER_ID> COMMAND
To stop and remove a container from ACI, run:
docker stop <CONTAINER_ID> docker rm <CONTAINER_ID>
The stop command in ACI differs from the Moby stop command as a stopped container will not retain its state when it is started again on ACI.
Running Compose applications
You can also deploy and manage multi-container applications defined in Compose files to ACI using the
docker compose command. To do this:
Ensure you are using your ACI context. You can do this either by specifying the
--context myacicontextflag or by setting the default context using the command
docker context use myacicontext.
docker compose upand
docker compose downto start and then stop a full Compose application.
docker compose up uses the
docker-compose.yaml file in the current folder. You can specify the working directory using the --workdir flag or specify the Compose file directly using the
You can also specify a name for the Compose application using the
--project-name flag during deployment. If no name is specified, a name will be derived from the working directory.
You can view logs from containers that are part of the Compose application using the command
docker logs <CONTAINER_ID>. To know the container ID, run
The current Docker Azure integration does not allow fetching a combined log stream from all the containers that make up the Compose application.
Using Azure file share as volumes in ACI containers
You can deploy containers or Compose applications that use persistent data stored in volumes. Azure File Share can be used to support volumes for ACI containers.
Using an existing Azure File Share with storage account name
and file share name
myfileshare, you can specify a volume in your deployment
command as follows:
docker run -v mystorageaccount/myfileshare:/target/path myimage
The runtime container will see the file share content in
In a Compose application, the volume specification must use the following syntax in the Compose file:
myservice: image: nginx volumes: - mydata:/mount/testvolumes volumes: mydata: driver: azure_file driver_opts: share_name: myfileshare storage_account_name: mystorageaccount
When you deploy a single container or a Compose application, your Azure login automatically fetches the key to the Azure storage account.
Managing Azure volumes
To create a volume that you can use in containers or Compose applications when
using your ACI Docker context, you can use the
docker volume create command,
and specify an Azure storage account name and the file share name:
$ docker --context aci volume create test-volume --storage-account mystorageaccount [+] Running 2/2 ⠿ mystorageaccount Created 26.2s ⠿ test-volume Created 0.9s mystorageaccount/test-volume
By default, if the storage account does not already exist, this command creates a new storage account using the Standard LRS as a default SKU, and the resource group and location associated with you Docker ACI context.
If you specify an existing storage account, the command creates a new file share in the exsting account:
$ docker --context aci volume create test-volume2 --storage-account mystorageaccount [+] Running 2/2 ⠿ mystorageaccount Use existing 0.7s ⠿ test-volume2 Created 0.7s mystorageaccount/test-volume2
Alternatively, you can create an Azure storage account or a file share using the Azure
portal, or the
az command line.
You can also list volumes that are available for use in containers or Compose applications:
$ docker --context aci volume ls ID DESCRIPTION mystorageaccount/test-volume Fileshare test-volume in mystorageaccount storage account mystorageaccount/test-volume2 Fileshare test-volume2 in mystorageaccount storage account
To delete a volume and the corresponding Azure file share, use the
volume rm command:
$ docker --context aci volume rm mystorageaccount/test-volume mystorageaccount/test-volume
This permanently deletes the Azure file share and all its data.
When deleting a volume in Azure, the command checks whether the specified file share
is the only file share available in the storage account. If the storage account is
created with the
docker volume create command,
docker volume rm also
deletes the storage account when it does not have any file shares.
If you are using a storage account created without the
docker volume create command
(through Azure portal or with the
az command line for example),
docker volume rm
does not delete the storage account, even when it has zero remaining file shares.
Using ACI resource groups as namespaces
You can create several Docker contexts associated with ACI. Each context must be associated with a unique Azure resource group. This allows you to use Docker contexts as namespaces. You can switch between namespaces using
docker context use <CONTEXT>.
When you run the
docker ps command, it only lists containers in your current Docker context. There won’t be any contention in container names or Compose application names between two Docker contexts.
Install the Docker Compose CLI on Linux
The Docker Compose CLI adds support for running and managing containers on Azure Container Instances (ACI).
Docker Azure Integration is a beta release. The installation process, commands, and flags will change in future releases.
You can install the new CLI using the install script:
curl -L https://raw.githubusercontent.com/docker/compose-cli/main/scripts/install/install_linux.sh | sh
You can download the Docker ACI Integration CLI from the latest release page.
You will then need to make it executable:
chmod +x docker-aci
To enable using the local Docker Engine and to use existing Docker contexts, you
must have the existing Docker CLI as
com.docker.cli somewhere in your
PATH. You can do this by creating a symbolic link from the existing Docker
ln -s /path/to/existing/docker /directory/in/PATH/com.docker.cli
PATHenvironment variable is a colon-separated list of directories with priority from left to right. You can view it using
echo $PATH. You can find the path to the existing Docker CLI using
which docker. You may need root permissions to make this link.
On a fresh install of Ubuntu 20.04 with Docker Engine already installed:
$ echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin $ which docker /usr/bin/docker $ sudo ln -s /usr/bin/docker /usr/local/bin/com.docker.cli
You can verify that this is working by checking that the new CLI works with the default context:
$ ./docker-aci --context default ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES $ echo $? 0
To make this CLI with ACI integration your default Docker CLI, you must move it
to a directory in your
PATH with higher priority than the existing Docker CLI.
Again, on a fresh Ubuntu 20.04:
$ which docker /usr/bin/docker $ echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin $ sudo mv docker-aci /usr/local/bin/docker $ which docker /usr/local/bin/docker $ docker version ... Azure integration 0.1.4 ...
After you have installed the Docker ACI Integration CLI, run
--help to see the current list of commands.
Docker Azure Integration is a beta release. The commands and flags will change in future releases.
To remove the Docker Azure Integration CLI, you need to remove the binary you downloaded and
com.docker.cli from your
PATH. If you installed using the script, this can be done as follows:
sudo rm /usr/local/bin/docker /usr/local/bin/com.docker.cli
Thank you for trying out the Docker Azure Integration beta release. Your feedback is very important to us. Let us know your feedback by creating an issue in the compose-cli GitHub repository.Docker, Azure, Integration, ACI, context, Compose, cli, deploy, containers, cloud