Azure Containers — CLI & Docker Cheat Sheet

Azure Container Registry (ACR)#

Create and Manage#

# Create a registry (Basic SKU)
az acr create \
  --resource-group myRG \
  --name myregistry \
  --sku Basic \
  --location eastus

# List registries
az acr list --resource-group myRG --output table

# Show login server URL (myregistry.azurecr.io)
az acr show --name myregistry --query loginServer -o tsv

# Enable admin user (for simple auth)
az acr update --name myregistry --admin-enabled true

# Get admin credentials
az acr credential show --name myregistry

Build & Push Images#

# Build image in ACR (no Docker needed locally)
az acr build \
  --registry myregistry \
  --image myapp:v1 \
  .

# Log in to ACR locally
az acr login --name myregistry

# Tag and push a local image
docker tag myapp:latest myregistry.azurecr.io/myapp:v1
docker push myregistry.azurecr.io/myapp:v1

# List repositories
az acr repository list --name myregistry --output table

# List tags for a repo
az acr repository show-tags --name myregistry --repository myapp --output table

# Delete an image
az acr repository delete --name myregistry --image myapp:v1

# Import an image from Docker Hub
az acr import \
  --name myregistry \
  --source docker.io/library/nginx:latest \
  --image nginx:latest

ACR Tasks (CI automation)#

# Run a quick task
az acr run \
  --registry myregistry \
  --cmd "docker pull $Registry/myapp:latest" \
  /dev/null

# Create a build task triggered on git commit
az acr task create \
  --registry myregistry \
  --name buildtask \
  --image myapp:{{.Run.ID}} \
  --context https://github.com/user/repo \
  --branch main \
  --file Dockerfile \
  --git-access-token <token>

---

Azure Container Instances (ACI)#

Run Containers#

# Run a public image
az container create \
  --resource-group myRG \
  --name mycontainer \
  --image nginx:latest \
  --ports 80 \
  --ip-address Public \
  --dns-name-label myapp-demo \
  --location eastus

# Run a private ACR image
az container create \
  --resource-group myRG \
  --name mycontainer \
  --image myregistry.azurecr.io/myapp:v1 \
  --registry-login-server myregistry.azurecr.io \
  --registry-username myregistry \
  --registry-password <password> \
  --ports 8080 \
  --ip-address Public \
  --cpu 1 \
  --memory 1.5

# Run with environment variables
az container create \
  --resource-group myRG \
  --name mycontainer \
  --image myapp:v1 \
  --environment-variables ENV=production PORT=3000 \
  --secure-environment-variables DB_PASSWORD=secret

# Run in a VNet
az container create \
  --resource-group myRG \
  --name mycontainer \
  --image myapp:v1 \
  --vnet myVNet \
  --subnet mySubnet \
  --ip-address Private

Manage Containers#

# Show container status
az container show \
  --resource-group myRG \
  --name mycontainer \
  --output table

# View container logs
az container logs \
  --resource-group myRG \
  --name mycontainer

# Stream logs
az container attach \
  --resource-group myRG \
  --name mycontainer

# Execute a command in container
az container exec \
  --resource-group myRG \
  --name mycontainer \
  --exec-command "/bin/sh"

# Stop / start
az container stop --resource-group myRG --name mycontainer
az container start --resource-group myRG --name mycontainer

# Delete
az container delete --resource-group myRG --name mycontainer --yes

Container Groups#

# containergroup.yaml — multi-container group
apiVersion: 2021-09-01
location: eastus
name: myContainerGroup
properties:
  containers:
    - name: app
      properties:
        image: myregistry.azurecr.io/myapp:v1
        ports:
          - port: 80
        resources:
          requests:
            cpu: 1
            memoryInGb: 1.5
    - name: sidecar
      properties:
        image: myregistry.azurecr.io/logger:v1
        resources:
          requests:
            cpu: 0.5
            memoryInGb: 0.5
  ipAddress:
    type: Public
    ports:
      - protocol: tcp
        port: 80
  osType: Linux
  restartPolicy: Always
type: Microsoft.ContainerInstance/containerGroups

# Deploy from YAML
az container create --resource-group myRG --file containergroup.yaml

---

Azure Container Apps (ACA)#

Create Environment & App#

# Create a Container Apps environment
az containerapp env create \
  --name myEnv \
  --resource-group myRG \
  --location eastus

# Deploy a container app
az containerapp create \
  --name myapp \
  --resource-group myRG \
  --environment myEnv \
  --image myregistry.azurecr.io/myapp:v1 \
  --registry-server myregistry.azurecr.io \
  --registry-username myregistry \
  --registry-password <password> \
  --target-port 8080 \
  --ingress external \
  --min-replicas 1 \
  --max-replicas 10 \
  --cpu 0.5 \
  --memory 1.0Gi

# Deploy with env vars
az containerapp create \
  --name myapp \
  --resource-group myRG \
  --environment myEnv \
  --image myapp:v1 \
  --env-vars "KEY=value" "SECRET=secretref:mysecret"

# Get the app URL
az containerapp show \
  --name myapp \
  --resource-group myRG \
  --query properties.configuration.ingress.fqdn -o tsv

Update & Scale#

# Update image
az containerapp update \
  --name myapp \
  --resource-group myRG \
  --image myregistry.azurecr.io/myapp:v2

# Set scaling rules (HTTP-based)
az containerapp update \
  --name myapp \
  --resource-group myRG \
  --min-replicas 2 \
  --max-replicas 20 \
  --scale-rule-name http-rule \
  --scale-rule-type http \
  --scale-rule-http-concurrency 100

# View logs
az containerapp logs show \
  --name myapp \
  --resource-group myRG \
  --follow

# List revisions
az containerapp revision list \
  --name myapp \
  --resource-group myRG \
  --output table

---

ACR + Managed Identity (recommended for production)#

# Assign AcrPull role to Container App's managed identity
APP_IDENTITY=$(az containerapp show \
  --name myapp --resource-group myRG \
  --query identity.principalId -o tsv)

ACR_ID=$(az acr show --name myregistry --query id -o tsv)

az role assignment create \
  --assignee $APP_IDENTITY \
  --role AcrPull \
  --scope $ACR_ID

---

Key Facts for AZ-104#