docker-compose multi-container service with multiple inbound ports and Azure VNET?

Antonios Inglezakis 6 Reputation points
2022-01-26T11:42:42.85+00:00

I am trying to deploy a group of services with dependencies between them using a docker-compose and Azure Container Instances OR Azure Web App for Containers. It works fine locally, but after running it on Azure, it remains on Waiting state for 900s and stops. All the errors are related with DNS issues in docker network.

I want to expose 4 inbound ports on the services. one for each container, but under the same FQDN with SSL/TLS, ideally. Deploying as App Service, failed and I wasn't able to see the logs, so I quit the idea. The option I am trying now is with Azure Container Instances. Are there any restrictions or practices to make the docker network work fine and expose more than one ports to the public?
If there is no way to make it work with docker-compose, is there another way except that deploying each container standalone?

I appreciate your help.
Regards,
Antonios

Azure Container Instances
Azure Container Instances
An Azure service that provides customers with a serverless container experience.
757 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. srbhatta-MSFT 8,586 Reputation points Microsoft Employee
    2022-02-02T07:07:20.377+00:00

    Hi @Antonios Inglezakis ,
    Apologies for the delay in response. I was trying out hands-on lab to implement the above scenario.
    So as per your requirement, I understand you want to make the two containers within a container group talk to each other but internal dns resolution cannot happen with container name in Azure container instances(ACI), neither can it happen with hostname because the hostname of the container instances within container group is same. This is by design, and the workaround is to use localhost:port on which the corresponding application is serving to communicate between the two containers.

    For example, lets' say you have a container group called myContainerGroup in which there are two container instances: aci-tutorial-app and aci-tutorial-sidecar. Below is the deployment (ARM) template for the myContainerGroup.

    {  
      "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",  
      "contentVersion": "1.0.0.0",  
      "parameters": {  
        "containerGroupName": {  
          "type": "string",  
          "defaultValue": "myContainerGroup",  
          "metadata": {  
            "description": "Container Group name."  
          }  
        }  
      },  
      "variables": {  
        "container1name": "aci-tutorial-app",  
        "container1image": "mcr.microsoft.com/azuredocs/aci-helloworld:latest",  
        "container2name": "aci-tutorial-sidecar",  
        "container2image": "mcr.microsoft.com/azuredocs/aci-tutorial-sidecar"  
      },  
      "resources": [  
        {  
          "name": "[parameters('containerGroupName')]",  
          "type": "Microsoft.ContainerInstance/containerGroups",  
          "apiVersion": "2019-12-01",  
          "location": "[resourceGroup().location]",  
          "properties": {  
            "containers": [  
              {  
                "name": "[variables('container1name')]",  
                "properties": {  
                  "image": "[variables('container1image')]",  
                  "resources": {  
                    "requests": {  
                      "cpu": 1,  
                      "memoryInGb": 1.5  
                    }  
                  },  
                  "ports": [  
                    {  
                      "port": 80  
                    },  
                    {  
                      "port": 8080  
                    }  
                  ]  
                }  
              },  
              {  
                "name": "[variables('container2name')]",  
                "properties": {  
                  "image": "[variables('container2image')]",  
                  "resources": {  
                    "requests": {  
                      "cpu": 1,  
                      "memoryInGb": 1.5  
                    }  
                  }  
                }  
              }  
            ],  
            "osType": "Linux",  
            "ipAddress": {  
              "type": "Public",  
              "ports": [  
                {  
                  "protocol": "tcp",  
                  "port": 80  
                },  
                {  
                    "protocol": "tcp",  
                    "port": 8080  
                }  
                  
              ],  
              "dnsNameLabel": "container-test2"  
            }  
          }  
        }  
      ],  
      "outputs": {  
        "containerIPv4Address": {  
          "type": "string",  
          "value": "[reference(resourceId('Microsoft.ContainerInstance/containerGroups/', parameters('containerGroupName'))).ipAddress.ip]"  
        }  
      }  
    }  
    

    Now, the container aci-tutorial-app has two ports exposed, port 80 and port 8080, whereas container aci-tutorial-sidecar has no ports exposed. There is a FQDN/dnsNameLabel set for the container group in the template. The FQDN is container-test2.eastus.azurecontainer.io.

    When I exec into both the containers with the bellow commands:

    az container exec -g myResourceGroup -n myContainerGroup --container-name aci-tutorial-app --exec-command sh  
    az container exec -g myResourceGroup -n myContainerGroup --container-name aci-tutorial-sidecar --exec-command sh  
    

    Once you exec into both these container instances via Azure cli/cloud shell, you can do a ifconfig and see that the private ip is same for both container instances. Also, the hostname will be same as well. So, in this scenario you can make both the container instances reach each other via localhost on any port even if those ports aren't exposed externally on the group's IP address.

    170358-2022-02-02-12-19-16-clipboard.png

    Reference link: https://learn.microsoft.com/en-us/azure/container-instances/container-instances-multi-container-group

    I hope this helps. Please don't forget to upvote and accept as answer if you think my response was helpful, so that it can help others in the community looking for help on similar issues.

    2 people found this answer helpful.

  2. srbhatta-MSFT 8,586 Reputation points Microsoft Employee
    2022-01-31T09:27:02.983+00:00

    Hi @Antonios Inglezakis ,

    Thank you for reaching out to Microsoft QnA Platform. Firstly, apologies for the delay in response.
    Yes, as per your requirement, you can expose 1 port per container to the container group.
    Please find the below documents for reference :
    https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-groups
    https://learn.microsoft.com/en-us/azure/container-instances/tutorial-docker-compose

    However, as you mentioned that your container instances on Azure remains on waiting state for 900s and then stops is something that I will not be able to answer. It can happen possibly due to Infrastructure issues. Is this behavior still happening? If yes, and if you are still seeing the Azure container instances going into stopped state after being in waiting state for over 900 seconds, then I would request you to get in touch with the support team as it will require deeper investigation, and support team will be able to check and help on this. I would recommend you to open a azure support case.
    If you don't have the ability to open a technical support ticket, please let me know so that I can help you further on this.

    I hope this helps.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.