Create Azure app service(webapp) for windows container using azure container registry image

Nivethitha Dhamodhara Kannan 0 Reputation points Microsoft Employee
2023-08-25T20:47:03.18+00:00

I'm trying to create a windows container based web app using App service for containers . I'm using an image from Azure container registry to create the app. I tried to do this with azure CLI command and API .

CLI:

az webapp create --resource-group buildout_resource_manager_test --plan myAppServicePlan --name mytestapp25 --deployment-container-image-name buildoutrmtesttools.azurecr.io/azureconfig:latest

error - The parameter LinuxFxVersion has an invalid value.

The app service is created but it's not connected to the registry and no image gets deployed.

Can you show the proper way to create windows container ?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,636 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Grmacjon-MSFT 17,886 Reputation points
    2023-08-26T01:46:13.4266667+00:00

    Hi @Nivethitha Dhamodhara Kannan thanks for the question.

    adding to Lex's response- the error message you are seeing indicates that you are trying to create a Linux-based web app, but you are specifying a Windows container image. To create a Windows container-based web app using Azure CLI, try to specify the --os-type parameter with a value of Windows. Here is an example command:

    az webapp create --resource-group myResourceGroup --plan myAppServicePlan --name myWebApp --deployment-container-image-name myacr.azurecr.io/mycontainerimage:latest --os-type Windows
    

    By specifying --os-type Windows, you are telling Azure CLI to create a Windows container-based web app.

    Best,

    Grace


  2. AndrewW-MSFT 81 Reputation points Microsoft Employee
    2023-09-22T14:08:52.9933333+00:00

    Hi,

    to deploy an app using a Windows Container with CLI. Follow these steps:

    1. Create a new resource group (optional)

    az group create -n <groupName> -l <location>

    1. Create a new App Service plan to host the App. Windows Container Apps cannot be hosted in the same App Service Plan as Windows Code Apps or Linux Apps. They require an App Service Plan of their own and must use the Premium v3 SKU family. The --hyper-v flag enables this plan to host Windows Containers in this App Service Plan

    az appservice plan create -g <groupName> -n <planName> --sku p1v3 --hyper-v

    3a. To create a webapp with an image from an Azure Container Registry or other Container Registry with username and password execute the following command

    az webapp create -g <groupName> -p <planName> -n <appName> --deployment-container-image-name myacr.azurecr.io/myimage:mytag --docker-registry-server-user <registryUserName> --docker-registry-server-password <registryPassword>

    3b. To create a webapp which pulls an image from an Azure Container Registry using System assigned Managed Identity. User assigned identities can also be used (https://learn.microsoft.com/azure/app-service/configure-custom-container?tabs=debian&pivots=container-windows#use-managed-identity-to-pull-image-from-azure-container-registry) az webapp create -g <groupName> -p <planName> -n <appName> --deployment-container-image-name mcr.microsoft.com/azure-app-service/windows/parkingpage:latest --assign-identity az webapp identity show -g <groupName> -p <planName> -n <appName> --query principalId --output tsv az acr show -g <groupName> -n <registryName> --query id --output tsv az role assignment create --assignee <principalId> --scope <registry-resource-id> --role "AcrPull" az webapp config set -g <groupName> -n <appName> --generic-configurations '{\"acrUseManagedIdentityCreds\": true}' az webapp config container set -g <groupName> -n <appName> --docker-custom-image-name myacr.azurecr.io/myimage:mytag

    This set of steps creates a web app using a quickstart image, assigns the identity to the webapp, creates the ACR Pull Role assignment for that identity and then updates the webapp to pull the image using managed identity and updates the image details to pull the image from the protected registry. At the time of app creation the app does not have an identity to validate that the image being pulled is a) a Windows image and as the permissions haven't been granted to pull the image. We will work on making this experience simpler and more consistent with the App Service Linux behaviour when the image is behind an Managed Identity secured Azure Container Registry, and also add more samples to our CLI documentation.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.