0

I tried to automate my deployment of a Docker container to an Azure resource group following the docs on https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter#deploy-a-key-vault-and-secret and https://gallery.azure.com/artifact/20161101/microsoft.containerinstances.1.0.8/Artifacts/mainTemplate.json.

I was able to deploy my application successfully, including the retrieval of encrypted secrets from Vault. I'm now struggling to set ENVs for my container, both secrets and normal ENVs. Even though there is a way to set ENVs in the az container API, I cannot find anything in the docs of the resource group deployment API. How can I pass ENVs to my Azure container?

flp
  • 1,010
  • 2
  • 13
  • 18

3 Answers3

1

The snippet of the json template you need is as follows (the full template is here) 

"name": "[toLower(parameters('DeploymentName'))]",
"type": "Microsoft.ContainerInstance/containerGroups",
"properties": {
    "containers": [
        {

            "environmentVariables": [
                {
                    "name": "CertificateName",
                    "value": "[parameters('CertificateName')]"
                },
            ],
Michael B
  • 11,887
  • 6
  • 38
  • 74
  • Once I add my variables, my deployment keeps crashing. After I removed them, everything works again. – flp Apr 03 '18 at 09:56
  • Acutally, everything is crashed. I don't know what happened to my account since I haven't changed anything, but my container groups do not work anymore at all ... – flp Apr 03 '18 at 10:02
  • 2
    @flp that sounds like something you need to get in touch with Azure Support for – Michael B Apr 03 '18 at 12:13
0

You may look the sample mentioned here: https://github.com/Azure/azure-quickstart-templates/blob/master/101-aci-storage-file-share/azuredeploy.json

 "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",

    "contentVersion": "1.0.0.0",

    "parameters": {

        "storageAccountType": {

            "type": "string",

            "defaultValue": "Standard_LRS",

            "allowedValues": [

                "Standard_LRS",

                "Standard_GRS",

                "Standard_ZRS"

            ],

            "metadata": {

                "description": "Storage Account type"

            }

        },

        "storageAccountName": {

            "type": "string",

            "defaultValue": "[uniquestring(resourceGroup().id)]",

            "metadata": {

                "description": "Storage Account Name"

            }

        },

        "fileShareName": {

            "type": "string",

            "metadata": {

                "description": "File Share Name"

            }

        },

        "containerInstanceLocation": {

            "type": "string",

            "defaultValue": "[resourceGroup().location]",

            "allowedValues": [

                "westus",

                "eastus",

                "westeurope",

                "southeastaisa",

                "westus2"

            ],

            "metadata": {

                "description": "Container Instance Location"

            }

        }

    },

    "variables": {

        "image": "microsoft/azure-cli",

        "cpuCores": "1.0",

        "memoryInGb": "1.5",

        "containerGroupName":"createshare-containerinstance",

        "containerName": "createshare"

    },

    "resources": [

        {

            "type": "Microsoft.Storage/storageAccounts",

            "name": "[parameters('storageAccountName')]",

            "apiVersion": "2017-10-01",

            "location": "[resourceGroup().location]",

            "sku": {

                "name": "[parameters('storageAccountType')]"

            },

            "kind": "Storage",

            "properties": {}

        },

        {

            "name": "[variables('containerGroupName')]",

            "type": "Microsoft.ContainerInstance/containerGroups",

            "apiVersion": "2018-02-01-preview",

            "location": "[parameters('containerInstanceLocation')]",

            "dependsOn": [

                "[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"

              ],

            "properties": {

                "containers": [

                    {

                        "name": "[variables('containerName')]",

                        "properties": {

                            "image": "[variables('image')]",

                            "command": [

                                "az",

                                "storage",

                                "share",

                                "create",

                                "--name",

                                "[parameters('fileShareName')]"

                            ],

                            "environmentVariables": [

                                {

                                    "name": "AZURE_STORAGE_KEY",

                                    "value": "[listKeys(parameters('storageAccountName'),'2017-10-01').keys[0].value]"

                                },

                                {

                                    "name": "AZURE_STORAGE_ACCOUNT",

                                    "value": "[parameters('storageAccountName')]"

                                }

                            ],

                            "resources": {

                                "requests": {

                                    "cpu": "[variables('cpuCores')]",

                                    "memoryInGb": "[variables('memoryInGb')]"

                                }

                            }

                        }

                    }

                ],

                "restartPolicy": "OnFailure",

                "osType": "Linux"

            }

        }

    ]

}
AjayKumar
  • 2,812
  • 1
  • 9
  • 28
0

The recommended way for secrets is to Mount secret volume to your container, because it is using tmpfs and your secrets exist only in volatile memory! NOTE: at the time of this post only Linux based containers support it...

Emil
  • 2,196
  • 2
  • 25
  • 24