can't create app service with publish model "container" over Powershell

Question

Hey guys,

the last couple days I tried to write a powershell script which creates a azure app service and some deployment slots for it.

First - it seems to work fine but later I realized that the publish model is "always" on "Code" and not "Container".

Is there something wrong with the commands or is it me making a mistake?

I tried the following commands in two differnt ways:

New-AzWebApp -ResourceGroupName "" -Name "" -AppServicePlan "" -Location "" -ContainerImageName ""

az webapp create ``-g "" -p "" -n "" --container-image-name ""

Both methods created the Service but not with publish model "Container".

Second Question:

Is there no way to use powershell commands for configuration like "Disable public access", "Activate network integration", "Disable FTP" and so on?

It looks like there are just limited ways to configure App Services fully over powershell commands, isnt it?

Thanks a lot.

Answer 1

@Florian Bartsch Thanks for reaching out to Microsoft Q&A, apologize for any inconvenience caused on this.

Based on your requirement, I have written the below PowerShell script to create the App service with container as publish mode & disabling the required settings.

Connect-AzAccount
Set-AzContext -subscription "<subscriptionId>"

$subscriptionId= '' #SubscriptionId
$rg='' #ResourceGroupName
$location= '' #location
$Name= '' #commonName for App Service & plan

$AppServicePlan = $Name+"-"+'plan' #AppServicePlanName
$WebAppName= $Name+"-"+'app' #WebAppName
$vNetName='' #VirtualNetworkName
$integrationSubnetName='' #SubnetName

$registryName= '' #Azure Container registry Name
$containeregistryUrl ='**.azurecr.io' # Azure Container registry URL
$registryuserName ='' #ACR userName
$ImageName ='hello-world:latest' #ACR Image Name that App Service has to run


$subnetResourceId = "/subscriptions/$subscriptionId/resourceGroups/$rg/providers/Microsoft.Network/virtualNetworks/$vNetName/subnets/$integrationSubnetName"


#pulling container registry Password & converting to secure String

$registryPassword = Get-AzContainerRegistryCredential -RegistryName $
registryName -ResourceGroupName $rg
$rgPasswordAsSecureString= ConvertTo-SecureString -String $registryPassword.Password -AsPlainText -Force


#creating App service & plan

$appPlan= New-AzAppServicePlan -Name $AppServicePlan -Location $location -ResourceGroupName $rg -Tier Basic -NumberofWorkers 1
$webapp= New-AzWebApp -Name $WebAppName -AppServicePlan $AppServicePlan -Location $location -ResourceGroupName $rg -ContainerImageName $ImageName -ContainerRegistryUrl $containeregistryUrl -ContainerRegistryUser $registryuserName -ContainerRegistryPassword $rgPasswordAsSecureString

#To Set Ftp state to disabled 

Set-AzWebApp -ResourceGroupName $rg -Name $WebAppName -FtpsState "Disabled" 

#Fetch & update publicNetwork Access & VnetIntegration

$getWebapp = Get-AzResource -Name $WebAppName -ResourceGroupName $rg -ResourceType Microsoft.Web/sites
$getWebapp.Properties.publicNetworkAccess = "Disabled"
$getWebapp.Properties.virtualNetworkSubnetId = $subnetResourceId
$getWebapp.Properties.vnetRouteAllEnabled = 'true'
$getWebapp|Set-AzResource -Force   

If your subnet isn't delegated to "Microsoft.Web/serverFarms", add delegation. Refer to this documentation on how to delegate and attach Vnet to App service using PowerShell cmdlets.

Note: I have tested the above script which is working fine in our local environment, and I would suggest you validate from your end as well and also make the changes based on your requirement.

Hope this helps let me know if you have any further questions on this.

Please accept as "Yes" if the answer is helpful so that it can help others in the community.