如何在启动时从 Azure Docker 容器发出 CLI 命令（或使用 Azure SDK）

Question

I need to issue the following command or accomplish the equivalent from the Azure SDK and C#.

az network private-dns record-set a update --name <name> -g <resource-group> -z <zone-name> --set aRecords[0].ipv4Address=$(hostname -i)

This I need to do every time the ACI starts up (for whatever reason) so that the Private DNS Zone has the current IP address for the ACI (since private IP can change), which will be running in the same VNet.

I see several possible solutions, none of which I'm familiar enough to implement.

1. YAML file settings.
2. Azure SDK c# method call from within the container.
3. Shell out from the container to run the command.

Appreciate any details on how to accomplish one of these solutions.

Answer 1

Here is the solution to my question, including a link to what Microsoft suggested.

https://learn.microsoft.com/en-us/learn/modules/secure-apps-azure-container-instances-sidecar/6-deploy-with-init-container

This YAML file uses an init container to run some Azure commands, including logging in with a Service Principal, and creating and updating Private DNS Zone entries so that containers can make HTTP calls to each other using DNS rather than IP address (which can change).

YAML file:

location: centralus
name: dns-zone-test-a
properties:
  initContainers:
  - name: inita
    properties:
      image: mcr.microsoft.com/azure-cli:latest
      # redirection of output to a file for these commands is optional...a nice to have to confirm what's working
      command: ['/bin/sh', '-c', 'az login --service-principal -u $SP_APPID -p $SP_PASSWORD --tenant $SP_TENANT > /scripts/outsp_a.txt; 
      az container show -n $ACI_NAME -g $RG --query ''ipAddress.ip'' -o tsv > /scripts/swac_a.txt;
      my_private_ip=$(az container show -n $ACI_NAME -g $RG --query ''ipAddress.ip'' -o tsv);
      az network private-dns record-set a create -n $HOSTNAME -z $DNS_ZONE_NAME -g $RG  > /scripts/crzone_a.txt;
      az network private-dns record-set a add-record --record-set-name $HOSTNAME -z $DNS_ZONE_NAME -g $RG -a $my_private_ip > /scripts/addzone_a.txt;']      
      environmentVariables:
      - name: RG
        value: myResourceGroup
      - name: SP_APPID  # service principal with the permissions to update private DNS zone
        value: 5xxxxxxxxxxxxxx
      - name: SP_PASSWORD   # service principal password
        secureValue: byyyyyyyyyyyyyyy
      - name: SP_TENANT
        value: bzzzzzzzzzzzzzzzzzz
      - name: DNS_ZONE_NAME
        value: dns-zone-mine.com
      - name: HOSTNAME
        value: dns-zone-test-a      
      - name: ACI_NAME
        value: dns-zone-test-a      
      volumeMounts: # needed only if redirecting the output from the commands above to a file
      - name: initscript
        mountPath: /scripts/
  containers:   # any docker container you want
    - name: cab-a
      properties:
        image: MyRegistry.azurecr.io/contest1:latest
        ports:
          - port: 80
            protocol: TCP
        resources:
          requests:
            cpu: 1.0
            memoryInGB: 1.5
  imageRegistryCredentials: # Credentials to pull a private image
    - server: MyRegistry.azurecr.io
      username: MyUserRegistry
      password: 5xxxxxxxxxxxxx
  volumes:  # only needed if redirecting the output from the commands above to a file
  - name: initscript
    azureFile:
      readOnly: false
      shareName: initscript
      storageAccountName: myStorage
      storageAccountKey: zzzzzzzzzzzzzzzzzzzzzzzzzzz
  ipAddress:
    ports:
      - port: 80
        protocol: TCP
    type: private
  osType: Linux
  subnetIds:
    - id: /subscriptions/xxxxyyyyyzzzzz/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVNet/subnets/MyTestSubnet
      name: default
  # dnsConfig: # DNS configuration for container group: not needed likely for this test, and may interfere with private DNS zone usage
  #  nameServers:
  # - 192.168.1.44
tags: null
type: Microsoft.ContainerInstance/containerGroups