Implement IaaS solutions, Containers

Question 1

What is ACR Tasks

Answer 1

Eliminates the need for local docker engine installation.

ACR tasks runs docker build operations in the cloud. Supports 3 step types:
build
push
cmd (used to run other docker commands)

The az acr build command in the Azure CLI takes a context (the set of files to build), sends it to ACR Tasks and, by default, pushes the built image to its registry upon completion.

All start with az acr

Group tasks in a yaml file for multi-step tasks, such as multiple registries involved.

Question 2

What is meant by Fabric Clusters

Answer 2

A Service Fabric cluster is a network-connected set of virtual or physical machines into which your microservices are deployed and managed.

Question 3

How to make a container from an app and then push to Azure

Answer 3

1) Start with a docker file (sequence of commands to build an image)
2) docker build to create a new image from dockerfile, use -t (tag, put name and version)
3) Create ACR if doesn’t exist (az acr create)
4) Get the loginServer name of the ACR: az acr show –name –query loginServer –output table
5) Sign into ACR with az acr login
6) Tag the image with the fully qualified name of your registry login server: docker tag azure-vote-front .azurecr.io/azure-vote-front:v1
7) Push image: docker push .azurecr.io/azure-vote-front:v1

Question 4

CLI Command to Create Azure Container Registry

Answer 4

az acr create –resource-group –name –sku Basic –admin-enabled true

Question 5

What is meant by container registry replication?

Answer 5

If you’ve configured your registry for geo-replication, when you push your image, your image is automatically replicated to each region with this single docker push command.

Can be done in the Portal or in Azure CLI:
az acr replication create –registry –location

Question 6

True or false? Container Replication View can be looked up in Azure Portal

Answer 6

True.
Azure portal –> Replications for an Azure Container Registry displays a map that details current replications. Container images can be replicated to additional regions by selecting the regions on the map.

Question 7

True of False? Container replication is possible by using the Portal and CLI?

Answer 7

True. Btw, geo-replication requires Premium tier registry.

Question 8

Which of the following is not a benefit of using Azure Container Registry?

• Replicate container images to multiple Azure datacenters.
• Pull container images using any Docker container-related technology.
• Allow public access to container images for pull operations.
• Build container images without the need for locally installed Docker tools.

Answer 8

Allow public access to container images for pull operations.

Azure Container Registry is a private registry. Images cannot be accessed without authentication

Question 9

Suppose you use container images to run compute workloads in multiple regions throughout the world. You plan to enable the geo-replication feature of Azure Container Registry to decrease the time required to provision an instance. In which regions should you configure the Azure Container Registry geo-replication feature?

• Place a container registry in the region closest to your development team.
• Place a container registry in each region where images are run.
• Place a container registry in every Azure region.

Answer 9

Place a container registry in each region where images are run.

Placing a registry in each region that runs the images will ensure network-close registry access everywhere it is needed.

Question 10

In general, what is Azure Container Registry

Answer 10

Hosts container images, similar to Docker Hub. But only private images.

From Docs:
An Azure container registry stores and manages private Docker container images, similar to the way Docker Hub stores public Docker images.

You can use the Docker command-line interface (Docker CLI) for login, push, pull, and other operations on your container registry.

Question 11

How does a basic Dockerfile looks like?

Answer 11

Every Dockerfile must start with the FROM instruction. The idea behind is that you need a starting point to build your image. You can start FROM scratch, scratch is an explicitly empty image on the Docker store that is used to build base images like Alpine, Debian and so on. Everything else is addon, modifiny the image

FROM node:8.9.3-alpine
RUN mkdir -p /usr/src/app
COPY ./app/ /usr/src/app/
WORKDIR /usr/src/app
RUN npm install
CMD node /usr/src/app/index.js

Question 12

What is the Syntax for creating a Docker Tag

Answer 12

docker tag

Question 13

What is required for a container instance to be exposed to the internet?

Answer 13

A DNS Name. The DNS name must be unique.

Azure Container Instances enables exposing your container groups directly to the internet with an IP address and a fully qualified domain name (FQDN).

When you create a container instance, you can specify a custom DNS name label so your application is reachable at customlabel.azureregion.azurecontainer.io.

az container create –resource-group myResourceGroup –name mycontainer –image mcr.microsoft.com/azuredocs/aci-helloworld –dns-name-label aci-demo –ports 80

Question 14

How to specify the DNS name for a Container using CLI

Answer 14

–dns-name-label parameter

Question 15

What are container restart policies?

Answer 15

Restart policies define how Containers should be restarted.

• Always (Default), good for long running tasks like web servers
• Never, containers run one time only
• OnFailure, for short tasks. Run at least once and restarted when exit code != 0

Question 16

When Azure Container Instances stops a container whose restart policy is Never or OnFailure, what is the status of the container set to?

Answer 16

Terminated

Question 17

What should you do when you need to troubleshoot a container or the application it runs?

Answer 17

Start by viewing the container instance logs:
az container logs –resource-group myResourceGroup –name mycontainer

You can also attach your local console to the container’s output string:
az container attach –resource-group myResourceGroup –name mycontainer

Question 18

How to pass arguments to a container during start

Answer 18

Use –environment-variables arg of command az container create

Question 19

How to pass secure arguments during container start

Answer 19

Use –secure-environment-variables instead of –environment-variables

Question 20

What are container data volumes

Answer 20

By default, Azure Container Instances are stateless. If the container crashes or stops, all of its state is lost. To persist state beyond the lifetime of the container, you must mount a volume from an external store.

Question 21

Common Steps to create a azure storage for containers?

Answer 21

1) Create a storage account
2) Copy the connection string of storage account to AZURE_STORAGE_CONNECTION_STRING, using export command
3) Get Storage Key
4) Deploy Container and mount the file share using various –azure-file-volume- parameters for az container create command

Question 22

What is AZURE_STORAGE_CONNECTION_STRING

Answer 22

A special azure environment variable to store connection strings, understood by Azure CLI

Question 23

How to troubleshoot container instances

Answer 23

1) Get logs with az container logs
2) Get diagnostics with az container attach
3) Run az container exec to run programs directly in the container, for example start /bin/sh to use ls to list folder content

Question 24

What does ‘az monitor metrics list’ do?

Answer 24

List CPU and memory usage on your container, its required to get a CONTAINER_ID

Question 25

Which restart policy is typically the best choice for long-running tasks that service requests?

Answer 25

Always

The restart policy Always will ensure needed processes continue to be available even if a restart is required.

Question 26

True or false: by default, the values of an environment variable can be seen in the Azure portal and the Azure CLI output.

Answer 26

True

Question 27

Which troubleshooting command can be used to view container startup events?

• az container logs
• az container attach
• az container exec

Answer 27

az container attach

The az container attach command shows container events and logs. By contrast, the az container logs only shows the logs and not the startup events.

Question 28

What is Azure Container Instances?

Answer 28

Containers are becoming the preferred way to package, deploy, and manage cloud applications. Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to manage any virtual machines and without having to adopt a higher-level service.

Question 29

How are container image names constructed?

Answer 29

The repository (or repository and namespace) plus a tag defines an image’s name. (Tag = version)

• marketing/campaign10-18/email-sender:v2
• product-returns/web-submission:20180604

Question 30

How is the ACR loginServer formatted?

Answer 30

myregistry.azurecr.io

Question 31

True of False. ACR does not require authentication for all operations if the registry is private.

Answer 31

False. ACR requires authentication for all operations
Recommended methods:

1) Authenticate directly via individual login
2) Service Principle: Applications and container orchestrators can perform unattended, or “headless,” authentication by using an AAD service principal
3) Each ACR contains an admin account that has full permissions to the registry. It’s disabled by default, but required for some scenarios for deploying an image from ACR to certain Azure services. Don’t use ACR Admin account for headless authentication

(get login server) az acr show –name –query loginserver

Question 32

What ACR roles exist?

Answer 32

Pre-defined roles are:

1. Owner
2. Contributor
3. Reader
4. Acrpush
5. Acrpull
6. Acrdelete
7. Acrimagesigner

Roles can be grouped into 2 use cases:

• roles assigned to people (Roles 1-3)
• roles assigned to tools, pipelines or orchestration using headless auth using service principles. (roles 4-7)

Question 33

What CLI command would you use to watch the startup process of a container?

Answer 33

az container attach
–resource-group $RES_GROUP –name acr-tasks

The az container attach output first displays the container’s status as it pulls the image and starts

Question 34

What are some good use cases for Azure Container Instances?

Answer 34

Simple applications, task automation, build jobs.

For scenarios where you need full container orchestration, including service discovery across multiple containers, automatic scaling, and coordinated application upgrades, we recommend Azure Kubernetes Service (AKS).

Question 35

What CLI command is used to deploy a container?

Answer 35

az container create

• -resource-group myResourceGroup
• -name aci-tutorial-app
• -image /aci-tutorial-app:v1
• -cpu 1
• -memory 1
• -registry-login-server
• -registry-username
• -registry-password
• -dns-name-label
• -ports 80

Question 36

What is a container group?

Answer 36

A container group is a collection of containers that get scheduled on the same host machine.

The containers in a container group share a lifecycle, resources, local network, and storage volumes.

Question 37

What is a manifest and what is the purpose?

Answer 37

• Generated by the registry when the content is pushed
• Uniquely identifies the artifacts and specifies the layers.
• Identified by a unique SHA-256 hash, or manifest digest. This mechanism is what allows you to repeatedly push identically tagged images to a registry.