To create your container app, start at the Azure portal home page.
Search for Container Apps in the top search bar.
Select Container Apps in the search results.
Select the Create button.
Basics tab
In the Basics tab, do the following actions.
Enter the following values in the Project details section.
Setting
Action
Subscription
Select your Azure subscription.
Resource group
Select Create new and enter my-container-apps.
Container app name
Enter my-container-app.
Deployment source
Select Container image.
Create an environment
Next, create an environment for your container app.
Select the appropriate region.
Setting
Value
Region
Select Central US.
In the Create Container Apps environment field, select the Create new link.
In the Create Container Apps environment page on the Basics tab, enter the following values:
Setting
Value
Environment name
Enter my-environment.
Environment type
Select Workload profiles.
Zone redundancy
Select Disabled
Select the Monitoring tab to create a Log Analytics workspace.
Select Azure Log Analytics as the Logs Destination.
Select the Create new link in the Log Analytics workspace field and enter the following values.
Setting
Value
Name
Enter my-container-apps-logs.
The Location field is prefilled with Central US for you.
Select OK.
Note
You can use an existing virtual network, but a dedicated subnet with a CIDR range of /23 or larger is required for use with Container Apps when using the Consumption only Architecture. When using a workload profiles environment, a /27 or larger is required. To learn more about subnet sizing, see the networking architecture overview.
Select the Networking tab to create a VNET.
Select Yes next to Use your own virtual network.
Next to the Virtual network box, select the Create new link and enter the following value.
Setting
Value
Name
Enter my-custom-vnet.
Select the OK button.
Next to the Infrastructure subnet box, select the Create new link and enter the following values:
Setting
Value
Subnet Name
Enter infrastructure-subnet.
Virtual Network Address Block
Keep the default values.
Subnet Address Block
Keep the default values.
Select the OK button.
Under Virtual IP, select External.
Select Create.
Deploy the container app
Select Review and create at the bottom of the page.
If no errors are found, the Create button is enabled.
If there are errors, any tab containing errors is marked with a red dot. Navigate to the appropriate tab. Fields containing an error are highlighted in red. Once all errors are fixed, select Review and create again.
Select Create.
A page with the message Deployment is in progress is displayed. Once the deployment is successfully completed, you see the message: Your deployment is complete.
Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
Ignore any warnings about modules currently in use.
Next, install or update the Azure Container Apps extension for the CLI.
If you receive errors about missing parameters when you run az containerapp commands in Azure CLI or cmdlets from the Az.App module in Azure PowerShell, be sure you have the latest version of the Azure Container Apps extension installed.
Starting in May 2024, Azure CLI extensions no longer enable preview features by default. To access Container Apps preview features, install the Container Apps extension with --allow-preview true.
az extension add --name containerapp --upgrade --allow-preview true
Install-Module -Name Az.App
Make sure to update the Az.App module to the latest version.
Update-Module -Name Az.App
Now that the current extension or module is installed, register the Microsoft.App and Microsoft.OperationalInsights namespaces.
An environment in Azure Container Apps creates a secure boundary around a group of container apps. Container Apps deployed to the same environment are deployed in the same virtual network and write logs to the same Log Analytics workspace.
Now create an Azure virtual network to associate with the Container Apps environment. The virtual network must have a subnet available for the environment deployment.
Note
Network subnet address prefix requires a minimum CIDR range of /23 for use with Container Apps when using the Consumption only Architecture. When using the Workload Profiles Architecture, a /27 or larger is required. To learn more about subnet sizing, see the networking architecture overview.
When using the Workload profiles environment, update the VNET to delegate the subnet to Microsoft.App/environments. This delegation is not applicable to the Consumption-only environment.
The following table describes the parameters used in containerapp env create.
Parameter
Description
name
Name of the Container Apps environment.
resource-group
Name of the resource group.
location
The Azure location where the environment is to deploy.
infrastructure-subnet-resource-id
Resource ID of a subnet for infrastructure components and user application containers.
A Log Analytics workspace is required for the Container Apps environment. The following commands create a Log Analytics workspace and save the workspace ID and primary shared key to environment variables.
There are three optional networking parameters you can choose to define when calling containerapp env create. Use these options when you have a peered VNET with separate address ranges. Explicitly configuring these ranges ensures the addresses used by the Container Apps environment don't conflict with other ranges in the network infrastructure.
You must either provide values for all three of these properties, or none of them. If they aren’t provided, the values are generated for you.
The address range used internally for environment infrastructure services. Must have a size between /23 and /12 when using the Consumption only architecture
platform-reserved-dns-ip
An IP address from the platform-reserved-cidr range that is used for the internal DNS server. The address can't be the first address in the range, or the network address. For example, if platform-reserved-cidr is set to 10.2.0.0/16, then platform-reserved-dns-ip can't be 10.2.0.0 (the network address), or 10.2.0.1 (infrastructure reserves use of this IP). In this case, the first usable IP for the DNS would be 10.2.0.2.
docker-bridge-cidr
The address range assigned to the Docker bridge network. This range must have a size between /28 and /12.
The platform-reserved-cidr and docker-bridge-cidr address ranges can't conflict with each other, or with the ranges of either provided subnet. Further, make sure these ranges don't conflict with any other address range in the VNET.
If these properties aren’t provided, the CLI autogenerates the range values based on the address range of the VNET to avoid range conflicts.
Parameter
Description
VnetConfigurationPlatformReservedCidr
The address range used internally for environment infrastructure services. Must have a size between /23 and /12 when using the Consumption only architecture
VnetConfigurationPlatformReservedDnsIP
An IP address from the VnetConfigurationPlatformReservedCidr range that is used for the internal DNS server. The address can't be the first address in the range, or the network address. For example, if VnetConfigurationPlatformReservedCidr is set to 10.2.0.0/16, then VnetConfigurationPlatformReservedDnsIP can't be 10.2.0.0 (the network address), or 10.2.0.1 (infrastructure reserves use of this IP). In this case, the first usable IP for the DNS would be 10.2.0.2.
VnetConfigurationDockerBridgeCidr
The address range assigned to the Docker bridge network. This range must have a size between /28 and /12.
The VnetConfigurationPlatformReservedCidr and VnetConfigurationDockerBridgeCidr address ranges can't conflict with each other, or with the ranges of either provided subnet. Further, make sure these ranges don't conflict with any other address range in the VNET.
If these properties aren’t provided, the range values are autogenerated based on the address range of the VNET to avoid range conflicts.
Clean up resources
If you're not going to continue to use this application, you can remove the my-container-apps resource group. This deletes the Azure Container Apps instance and all associated services. It also deletes the resource group that the Container Apps service automatically created and which contains the custom network components.
Caution
The following command deletes the specified resource group and all resources contained within it. If resources outside the scope of this guide exist in the specified resource group, they will also be deleted.
This module guides users through creating, configuring, and managing Container Apps and their environments. It also explores ingress options, scaling, instance management, and security considerations with best practices for configuring Azure Container Apps.