1
00:00:01,040 --> 00:00:02,170
In this demonstration,

2
00:00:02,170 --> 00:00:07,040
we'll combine our new skills with Windows Server containers with Azure,

3
00:00:07,040 --> 00:00:10,310
and I'm going to use the Azure command line interface or the

4
00:00:10,310 --> 00:00:13,240
Azure cross‑platform CLI as it's called.

5
00:00:13,240 --> 00:00:16,630
This is just one of several toolsets available in Azure.

6
00:00:16,630 --> 00:00:21,120
We've got Azure PowerShell, we've got the underlying ARM REST API.

7
00:00:21,120 --> 00:00:21,660
However,

8
00:00:21,660 --> 00:00:25,480
I think you'll find that when you're working with Docker containers in Azure,

9
00:00:25,480 --> 00:00:28,210
the Microsoft engineering teams appear to have a

10
00:00:28,210 --> 00:00:30,650
strong preference for Azure CLI.

11
00:00:30,650 --> 00:00:34,160
I also mentioned that you may very well see some Azure CLI

12
00:00:34,160 --> 00:00:39,460
code on your AZ‑800 and/or AZ‑801 exam, so this is relevant.

13
00:00:39,460 --> 00:00:43,010
You want to make sure that you install the Azure CLI on your Windows,

14
00:00:43,010 --> 00:00:44,820
macOS, or Linux computer.

15
00:00:44,820 --> 00:00:47,560
You can even install the Azure CLI on your Windows

16
00:00:47,560 --> 00:00:51,390
subsystem for Linux or WSL2 on your Windows 10,

17
00:00:51,390 --> 00:00:52,490
Windows 11 box.

18
00:00:52,490 --> 00:00:55,260
I give you a link to this page in the exercise files.

19
00:00:55,260 --> 00:00:57,870
And I mentioned in the previous demo and VS Code,

20
00:00:57,870 --> 00:01:01,940
you'll want to make sure that you have the Azure CLI tools extension installed,

21
00:01:01,940 --> 00:01:06,350
and when you do that, you then can create files with the AZCLI extension,

22
00:01:06,350 --> 00:01:08,510
and we'll see down in the lower right the language

23
00:01:08,510 --> 00:01:11,190
mode is set to Azure CLI scrapbook.

24
00:01:11,190 --> 00:01:14,950
So again, you get code complete, IntelliSense, all of that good stuff.

25
00:01:14,950 --> 00:01:18,190
Now what I've done behind the scenes is I've used the docker tag

26
00:01:18,190 --> 00:01:25,220
command to rename my mcr.microsoft.com/windows/nanoserver ltsc2022

27
00:01:25,220 --> 00:01:27,530
image to something a bit more reasonable.

28
00:01:27,530 --> 00:01:29,760
It's now called tim/nano:v1,

29
00:01:29,760 --> 00:01:33,970
and I'm going to push that image to a new Azure Container

30
00:01:33,970 --> 00:01:35,470
Registry that we're going to build.

31
00:01:35,470 --> 00:01:36,010
Now, of course,

32
00:01:36,010 --> 00:01:39,880
we can deploy the registry in the Azure portal as I previously mentioned,

33
00:01:39,880 --> 00:01:43,720
but I want to just spend some time with Azure CLI to make sure that

34
00:01:43,720 --> 00:01:46,000
you're confident when you see it on your exams.

35
00:01:46,000 --> 00:01:48,720
So we need to interactively log into Azure,

36
00:01:48,720 --> 00:01:51,370
so I'm going to do a az login,

37
00:01:51,370 --> 00:01:56,230
and that will spawn a browser tab where we can sign in with our Azure account,

38
00:01:56,230 --> 00:02:01,280
and then we can come back and verify our context in the Azure CLI momentarily.

39
00:02:01,280 --> 00:02:02,890
I have multiple subscriptions,

40
00:02:02,890 --> 00:02:05,870
and I want to make sure that we're connected to the correct one.

41
00:02:05,870 --> 00:02:09,840
I'm going to be looking in the JSON output for isDefault true.

42
00:02:09,840 --> 00:02:12,880
Yeah, and it looks like it's set me on the wrong subscription.

43
00:02:12,880 --> 00:02:15,610
So what I'm going to do is az account set,

44
00:02:15,610 --> 00:02:19,490
and again, this is the Azure CLI extension coming to the rescue.

45
00:02:19,490 --> 00:02:22,290
I'm going to do a subscription Microsoft Azure

46
00:02:22,290 --> 00:02:25,170
Sponsorship is the name of my subscription,

47
00:02:25,170 --> 00:02:27,440
and I'm going to right‑click and run that in the terminal.

48
00:02:27,440 --> 00:02:30,140
And now what I can do just as a quick check,

49
00:02:30,140 --> 00:02:33,960
az account list output table and make sure that my

50
00:02:33,960 --> 00:02:36,410
sponsorship subscription is set up correctly.

51
00:02:36,410 --> 00:02:36,680
It is.

52
00:02:36,680 --> 00:02:39,940
Another thing I'm going to do is actually run az configure.

53
00:02:39,940 --> 00:02:41,570
This is something I recommend you do.

54
00:02:41,570 --> 00:02:42,930
Do you wish to change your settings?

55
00:02:42,930 --> 00:02:44,120
Y for yes.

56
00:02:44,120 --> 00:02:47,110
I don't like the JSON output so I'm going to change the

57
00:02:47,110 --> 00:02:51,500
default output format to three here, which is table human‑readable.

58
00:02:51,500 --> 00:02:52,780
I don't want to do logging.

59
00:02:52,780 --> 00:02:53,190
No.

60
00:02:53,190 --> 00:02:54,970
I'm not going to do data collection.

61
00:02:54,970 --> 00:02:58,010
I'll use the default time to live, and do a clear screen.

62
00:02:58,010 --> 00:02:59,130
Okay, let's continue.

63
00:02:59,130 --> 00:03:01,770
So the code has us doing this from soup to nuts.

64
00:03:01,770 --> 00:03:04,940
I borrowed a lot of this code from the Microsoft docs here.

65
00:03:04,940 --> 00:03:08,740
You'll see that the way the syntax works for Azure CLI is

66
00:03:08,740 --> 00:03:12,420
very similar to how the Docker CLI works,

67
00:03:12,420 --> 00:03:15,120
az and then our context and then our command.

68
00:03:15,120 --> 00:03:18,690
So az group is working with resource groups in our subscription.

69
00:03:18,690 --> 00:03:22,030
Then we have az acr for Azure Container Registry.

70
00:03:22,030 --> 00:03:25,990
I'm going to create a new container registry with the basic sku.

71
00:03:25,990 --> 00:03:28,510
Now the thing to keep in mind is that you can pass in

72
00:03:28,510 --> 00:03:32,780
a whole bunch of other parameters, this is just very generic and basic.

73
00:03:32,780 --> 00:03:35,290
There are a lot of configuration options as you

74
00:03:35,290 --> 00:03:37,480
would expect for any Azure service.

75
00:03:37,480 --> 00:03:37,890
Next,

76
00:03:37,890 --> 00:03:40,520
we'll want to sign into the registry using our

77
00:03:40,520 --> 00:03:42,800
appropriate Active Directory credential.

78
00:03:42,800 --> 00:03:45,860
I'm going to do an az acr login here.

79
00:03:45,860 --> 00:03:47,030
Login succeeded.

80
00:03:47,030 --> 00:03:47,640
Okay.

81
00:03:47,640 --> 00:03:50,800
And now we can, again, switch over into Docker mode,

82
00:03:50,800 --> 00:03:53,810
and this example has us pulling down the hello‑world

83
00:03:53,810 --> 00:03:55,410
image from the Docker gallery.

84
00:03:55,410 --> 00:03:56,770
I can do that for grins.

85
00:03:56,770 --> 00:04:01,870
Hello‑world image is just a console application that says hello world.

86
00:04:01,870 --> 00:04:02,410
Whoops!

87
00:04:02,410 --> 00:04:06,010
It bombed out because hello‑world is actually a Linux image,

88
00:04:06,010 --> 00:04:09,920
and we've got this Hyper‑V system setup for Windows containers.

89
00:04:09,920 --> 00:04:14,740
No big deal because I already have my server Nano image that I showed you.

90
00:04:14,740 --> 00:04:21,660
Here, on Line 15, I'm going to retag my tim/nano:v1 image to twaz800acr.

91
00:04:21,660 --> 00:04:24,900
Now this is just to let me know that it's going to be housed

92
00:04:24,900 --> 00:04:29,590
up in Azure in the container registry, and the tag is going to be nano:v1.

93
00:04:29,590 --> 00:04:31,590
So let me right‑click, tag that image,

94
00:04:31,590 --> 00:04:34,440
and we can verify that doing a docker images.

95
00:04:34,440 --> 00:04:38,470
We now can see down at the bottom, we still have our tim/nano:v1.

96
00:04:38,470 --> 00:04:41,000
So notice that tag doesn't destroy anything.

97
00:04:41,000 --> 00:04:43,160
It just creates another image reference here,

98
00:04:43,160 --> 00:04:44,110
another image,

99
00:04:44,110 --> 00:04:47,810
and we can see our size difference between the Nano Server that's about

100
00:04:47,810 --> 00:04:52,720
300 MB and the server core IIS image that's almost 6 GB.

101
00:04:52,720 --> 00:04:56,770
Again, 6 GB is a lot slimmer than any virtual machine out there,

102
00:04:56,770 --> 00:04:57,450
that's for sure.

103
00:04:57,450 --> 00:04:59,400
These are some of the value propositions,

104
00:04:59,400 --> 00:05:01,650
as I've mentioned several times, of Docker.

105
00:05:01,650 --> 00:05:01,940
And now,

106
00:05:01,940 --> 00:05:07,620
we can use docker push to upload that image to the Azure Container Registry.

107
00:05:07,620 --> 00:05:11,500
Now this is going to be an authenticated operation because,

108
00:05:11,500 --> 00:05:15,600
by definition, the Azure Container Registry is not a public repo.

109
00:05:15,600 --> 00:05:18,100
Okay, well that was really, really fast,

110
00:05:18,100 --> 00:05:20,360
faster than I thought the upload would take.

111
00:05:20,360 --> 00:05:22,830
So let me switch on over to my browser,

112
00:05:22,830 --> 00:05:25,110
and let's sign into the Azure portal here.

113
00:05:25,110 --> 00:05:29,130
We'll open the global search, and we'll go to Container registries where,

114
00:05:29,130 --> 00:05:33,870
no surprise, we see our twaz800acr container registry,

115
00:05:33,870 --> 00:05:37,590
and if I come down under Services, Repositories,

116
00:05:37,590 --> 00:05:40,500
we can see our nano image nano v1.

117
00:05:40,500 --> 00:05:42,640
Now if I come back to VS Code,

118
00:05:42,640 --> 00:05:46,530
we can very easily start a new instance of that image by

119
00:05:46,530 --> 00:05:49,000
using docker run as you can see right here,

120
00:05:49,000 --> 00:05:50,980
and notice that when we docker run,

121
00:05:50,980 --> 00:05:54,620
we're pulling that image from the cloud down to our

122
00:05:54,620 --> 00:05:56,620
local system and then starting it.

123
00:05:56,620 --> 00:05:57,190
However,

124
00:05:57,190 --> 00:06:00,880
I want to end this demo by staying in Azure and showing you how we can

125
00:06:00,880 --> 00:06:04,930
integrate our Docker registry with the Azure Container Instance,

126
00:06:04,930 --> 00:06:06,540
or ACI service.

127
00:06:06,540 --> 00:06:09,180
Let's go to Create container instances.

128
00:06:09,180 --> 00:06:14,060
I'm going to create this instance in my az800‑rg resource group,

129
00:06:14,060 --> 00:06:15,900
and I'm going to call this nano.

130
00:06:15,900 --> 00:06:17,170
It'll run in the East US.

131
00:06:17,170 --> 00:06:20,900
The image source can either be one of these starter images

132
00:06:20,900 --> 00:06:23,380
that Azure has natively in the dropdown,

133
00:06:23,380 --> 00:06:26,670
Azure Container Registry, Docker Hub, or another registry.

134
00:06:26,670 --> 00:06:29,060
I'm going to choose Azure Container Registry,

135
00:06:29,060 --> 00:06:32,360
and notice it says the admin user must first be enabled.

136
00:06:32,360 --> 00:06:33,690
Well, I've actually done that.

137
00:06:33,690 --> 00:06:35,940
I'm surprised it hasn't picked up the change.

138
00:06:35,940 --> 00:06:39,510
We don't have the time or the scope to go into ACR security,

139
00:06:39,510 --> 00:06:42,010
but the bottom line is if you come down here in your

140
00:06:42,010 --> 00:06:44,240
container registry to Access Keys,

141
00:06:44,240 --> 00:06:48,220
the admin user is generally not a great idea because it's a shared

142
00:06:48,220 --> 00:06:52,940
credential where we have a username and one or two of these passwords

143
00:06:52,940 --> 00:06:56,820
that your developers or your scripts or your processes can reference as

144
00:06:56,820 --> 00:06:58,680
a way to sign into your registry.

145
00:06:58,680 --> 00:07:03,830
It's recommended that you use Azure AD authentication and authorization in here,

146
00:07:03,830 --> 00:07:09,120
but unfortunately the ACI looks like it has a hard dependency on the admin user.

147
00:07:09,120 --> 00:07:12,790
But let's try this again, and hopefully, the second time is the charm.

148
00:07:12,790 --> 00:07:16,870
Let's choose the resource group, we'll choose the container name,

149
00:07:16,870 --> 00:07:17,530
yeah, there we go.

150
00:07:17,530 --> 00:07:19,090
Azure Container Registry,

151
00:07:19,090 --> 00:07:22,770
it already populates because the container instance dialog

152
00:07:22,770 --> 00:07:25,320
sees that there is only one image available.

153
00:07:25,320 --> 00:07:29,140
We can change the size of the underlying host by giving

154
00:07:29,140 --> 00:07:32,730
the host more or less CPU and memory.

155
00:07:32,730 --> 00:07:35,590
For networking, this is an important point right here,

156
00:07:35,590 --> 00:07:38,420
especially for something like a Nano container where we

157
00:07:38,420 --> 00:07:41,400
might want to establish a command line session to it or

158
00:07:41,400 --> 00:07:43,670
interact with it with sensitive data.

159
00:07:43,670 --> 00:07:47,910
Public is going to do a public IP address for the container instance,

160
00:07:47,910 --> 00:07:51,640
but there is a private option to where you can embed your container

161
00:07:51,640 --> 00:07:54,860
into the privacy of a virtual network in Azure,

162
00:07:54,860 --> 00:07:57,740
you see what I mean, and then we can have port mappings.

163
00:07:57,740 --> 00:08:01,040
Now, I kind of realize in retrospect I made a mistake,

164
00:08:01,040 --> 00:08:04,730
I should have grabbed the IIS image and pushed that up into Azure

165
00:08:04,730 --> 00:08:07,120
so it'll actually run and show us something.

166
00:08:07,120 --> 00:08:11,010
This nano doesn't have any web components on it so it's going to be

167
00:08:11,010 --> 00:08:13,880
more difficult to interact with over the internet.

168
00:08:13,880 --> 00:08:16,130
But you see that, you set up your networking,

169
00:08:16,130 --> 00:08:20,030
and then under Advanced, we can set or pass environment variables,

170
00:08:20,030 --> 00:08:22,730
we can set a non‑default entry point.

171
00:08:22,730 --> 00:08:27,810
In Azure, we've got our taxonomic tags for logical resource organization,

172
00:08:27,810 --> 00:08:32,390
and then we can spin up our instance, and then depending upon how it's set up,

173
00:08:32,390 --> 00:08:39,000
we can connect to it, interact with it, destroy it, all using Azure Resource Manager tools.