Skip to main content
Microsoft Azure
CHAPTER 11

Docker and Azure Container Services

Updated: May 15, 2026
20 min read

# CHAPTER 11

Docker and Azure Container Services

1. Introduction

In the previous chapter, we orchestrated containers using AKS, but we relied on pre-built, public images (like Nginx). To run your own custom software in the cloud, you must first master the art of Containerization. You must package your code into an immutable Docker image, and then securely upload that image to a private Microsoft storage vault. In this chapter, we will demystify Dockerfiles, learn how to store our proprietary software securely using Azure Container Registry (ACR), and run lightweight tasks using Azure Container Instances (ACI).

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Define Docker and the concept of Containerization.
  • Understand the anatomy of a Dockerfile.
  • Define the role of Azure Container Registry (ACR).
  • Build, tag, and push a custom Docker image to Azure.
  • Deploy a serverless container using Azure Container Instances (ACI).

3. Beginner-Friendly Explanation

Imagine moving to a new house.
  • The Old Way (Without Docker): You carry your loose clothes, plates, and books in your hands. You drop things. When you get to the new house, nothing fits in the new cupboards correctly. (This is deploying raw code to a server and fighting dependency errors).
  • The Docker Way: You buy a standard, heavy-duty cardboard box (The Container). You put everything inside. You seal it shut (The Image). The movers don't care if it's books or plates; they just move the box. When it arrives at the new house (Azure), you open it, and everything is exactly where you left it. "It works on my machine" becomes "It works everywhere."

4. Azure Container Registry (ACR)

Once you build an Image on your laptop, how does AKS get it? You cannot use public Docker Hub for proprietary, top-secret company code. You use Azure Container Registry (ACR). ACR is a highly secure, private vault inside your Azure subscription designed exclusively to store your Docker images. AKS and Azure App Service are natively integrated to pull images directly from this vault.

5. Azure Container Instances (ACI)

Kubernetes (AKS) is powerful, but it takes 10 minutes to build a cluster. What if you just want to run one single Docker container for 5 minutes to process a video file, and then delete it? Azure Container Instances (ACI) is "Serverless Containers". You don't build VMs or Clusters. You just hand Azure your Docker image, Azure runs it instantly, and bills you purely by the second.

6. Anatomy of a Dockerfile

Let's look at a simple blueprint for a Node.js web application.
dockerfile
1234567891011121314151617 
# 1. Start with a tiny Linux environment pre-installed with Node.js
FROM node:18-alpine

# 2. Create a working directory inside the container
WORKDIR /app

# 3. Copy our application code from our laptop into the container
COPY . .

# 4. Install the required dependencies
RUN npm install

# 5. Open port 8080
EXPOSE 8080

# 6. Define the command to start the application
CMD ["npm", "start"]

7. Mini Project: Build, Push, and Run an Image

Let's package a custom app, push it to ACR, and run it serverlessly!

Step-by-Step Tutorial:

  1. 1. In the Azure Portal, open the Cloud Shell >.
  1. 2. Create a simple Python web server file:
echo 'import http.server; import socketserver; socketserver.TCPServer(("", 8080), http.server.SimpleHTTPRequestHandler).serveforever()' > server.py
  1. 3. Create the Dockerfile:
echo -e 'FROM python:3.9-slim\nCOPY server.py .\nEXPOSE 8080\nCMD ["python", "server.py"]' > Dockerfile
  1. 4. Create the Vault (ACR): Run this Azure CLI command to create your private registry (Name must be globally unique!):
az acr create --resource-group rg-containers --name mycompanyregistry123 --sku Basic --admin-enabled true
  1. 5. Build & Push: We will use "ACR Tasks" to build the image directly in the cloud!
az acr build --registry mycompanyregistry123 --image my-python-app:v1 . *(Azure will read the Dockerfile, build the image, and securely store it).*
  1. 6. Run Serverlessly (ACI): Now, let's run that image instantly using Container Instances:
az container create --resource-group rg-containers --name my-running-app --image mycompanyregistry123.azurecr.io/my-python-app:v1 --dns-name-label myuniquedns123 --ports 8080
  1. 7. Once finished, Azure will output a JSON block. Look for the fqdn (Fully Qualified Domain Name).
  1. 8. Paste that FQDN (plus :8080) into your browser. Your custom Python container is running serverlessly on Azure!

8. Real-World Scenarios

A media company allows users to upload raw 4K video files. Converting a 4K video to a mobile-friendly 720p format requires massive CPU power for exactly 10 minutes. Instead of leaving a massive VM running 24/7, they use Azure Container Instances. When a user uploads a video, Azure spins up an ACI container with 4 CPUs, runs the conversion script, saves the new video, and instantly deletes the container. They pay exactly $0.05 for the compute time.

9. Best Practices

  • Vulnerability Scanning: In enterprise environments, you should upgrade your ACR from the Basic SKU to the Premium SKU and enable Microsoft Defender. Every time a developer pushes an image, Defender scans it. If it detects a critical vulnerability (like the Log4j exploit) inside the container, it alerts the security team immediately.

10. Security Tips

  • ACR Authentication: In the tutorial, we enabled the "Admin user" on ACR for simplicity. In production, NEVER use the Admin user. Always use Azure Active Directory (Managed Identities) so your AKS cluster can securely authenticate to your ACR without passwords.

11. CLI Examples

To list all the images (repositories) currently stored inside your private ACR:
bash
1 
az acr repository list --name mycompanyregistry123 --output table

12. Exercises

  1. 1. Explain the architectural difference between running a container in Azure Kubernetes Service (AKS) versus running it in Azure Container Instances (ACI).
  1. 2. Why is Azure Container Registry (ACR) preferred over public Docker Hub for enterprise deployments?

13. FAQs

Q: What is Azure Container Apps? Is it different from ACI? A: Yes. ACI is for running a single, isolated container. Azure Container Apps is a newer, incredibly powerful serverless service built *on top* of Kubernetes. It allows you to run complex microservices that automatically scale to zero, without having to manage the underlying AKS cluster yourself.

14. Interview Questions

  • Q: Explain the mechanics of Docker Layer Caching. How does organizing the instruction sequence within a Dockerfile optimize image build times?
  • Q: Detail the architectural workflow required to deploy a proprietary, containerized application from a developer's local machine to an Azure Container Instance, specifically highlighting the role and authentication mechanisms of Azure Container Registry (ACR).

15. Summary

In Chapter 11, we mastered the art of packaging software. We embraced Docker containerization to ensure our application runs identically across all environments. We dissected the anatomy of a Dockerfile, identifying how to layer dependencies. Finally, we provisioned Azure Container Registry (ACR), securely built and pushed our proprietary image into a private cloud vault, and instantly executed it using the serverless power of Azure Container Instances (ACI).

16. Next Chapter Recommendation

We have highly available Web Servers running in containers. But web servers are stateless. Where do they save the users' passwords and shopping carts permanently? Proceed to Chapter 12: Azure SQL Database and Cosmos DB.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter Azure Kubernetes Service (AKS)
Next Chapter Azure SQL Database and Cosmos DB

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 5

Related Quizzes 6