Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

4.1.6.2. Deploy Containerized Applications to ACI

šŸ’” First Principle: Deploying a container to ACI is a declarative act of specifying the container image and required resources, allowing Azure to handle the underlying provisioning and execution with minimal administrative overhead.

Scenario: You have a new stateless web API packaged in a Docker image, hosted in Azure Container Registry. You need to deploy this API to Azure Container Instances, ensuring it's accessible via a public IP on port 80 and can access a database using connection strings provided as environment variables.

What It Is: Deploying containerized applications to ACI means launching your Docker container images directly into an ACI container group.

Deployment Steps (Azure CLI):
  1. Prepare your image: Build your Docker image and push it to a container registry.
  2. Deploy with az container create: 
    az container create \
  --resource-group MyResourceGroup \
  --name my-api-container \
  --image myregistry.azurecr.io/myapi:v1 \
  --cpu 1 --memory 1.5 \
  --ports 80 \
  --environment-variables 'DB_CONNECTION_STRING=...' \
  --dns-name-label my-unique-api-name \
  --registry-username <username> --registry-password <password>
    • --image: Reference public/private images.
    • --cpu <cores> and --memory <GB>: Define the CPU and memory resources.
    • --ports: Expose required ports.
    • --environment-variables: Pass configuration or secrets at runtime.
    • --dns-name-label: Creates a public FQDN for the container.
Networking:
  • For private deployments, use --vnet <vnet-name> and --subnet <subnet-name> to integrate with a VNet.

āš ļø Common Pitfall: Storing sensitive information like connection strings directly in scripts. Use Azure Key Vault and reference secrets securely in ACI deployments for production environments.

Key Trade-Offs:
  • Public FQDN vs. VNet Integration: A public FQDN makes the container accessible from the internet. VNet integration keeps it private and secure within your network.

Reflection Question: How does the az container create command, by allowing you to specify image source, resources, exposed ports, and environment variables, fundamentally enable rapid deployment of containerized applications to ACI with minimal infrastructure management?