Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Learn to write to permanent storage in a container app using an Azure Files storage mount. For more information about storage mounts, see Use storage mounts in Azure Container Apps.
In this tutorial, you learn how to:
- Create a Container Apps environment
- Create an Azure Storage account
- Define a file share in the storage account
- Link the environment to the storage file share
- Mount the storage share in an individual container
- Verify the storage mount by viewing the website access log
Note
Azure Container Apps supports mounting file shares using SMB and NFS protocols. This tutorial demonstrates mounting an Azure Files share using the SMB protocol. To learn more about mounting NFS shares, see Use storage mounts in Azure Container Apps.
Prerequisites
- Install the latest version of the Azure CLI.
Set up the environment
The following commands define environment variables and ensure your Container Apps extension is up to date.
Sign in to the Azure CLI.
az loginSet up environment variables used in various commands to follow.
RESOURCE_GROUP="my-container-apps-group" ENVIRONMENT_NAME="my-storage-environment" LOCATION="canadacentral"Ensure you have the latest version of the Container Apps Azure CLI extension.
az extension add -n containerapp --upgradeRegister the
Microsoft.Appnamespace.az provider register --namespace Microsoft.AppRegister the
Microsoft.OperationalInsightsprovider for the Azure Monitor Log Analytics workspace if you haven't used it before.az provider register --namespace Microsoft.OperationalInsights
Create an environment
The following steps create a resource group and a Container Apps environment.
Create a resource group.
az group create \ --name $RESOURCE_GROUP \ --location $LOCATION \ --query "properties.provisioningState"Once created, the command returns a "Succeeded" message.
At the end of this tutorial, you can delete the resource group to remove all the services created during this article.
Create a Container Apps environment.
az containerapp env create \ --name $ENVIRONMENT_NAME \ --resource-group $RESOURCE_GROUP \ --location "$LOCATION" \ --query "properties.provisioningState"Once created, the command returns a "Succeeded" message.
Storage mounts are associated with a Container Apps environment and configured within individual container apps.
Set up a storage account
Next, create a storage account and establish a file share to mount to the container app.
Define a storage account name.
This command generates a random suffix to the storage account name to ensure uniqueness.
STORAGE_ACCOUNT_NAME="myacastorageaccount$RANDOM"Create an Azure Storage account.
az storage account create \ --resource-group $RESOURCE_GROUP \ --name $STORAGE_ACCOUNT_NAME \ --location "$LOCATION" \ --kind StorageV2 \ --sku Standard_LRS \ --enable-large-file-share \ --query provisioningStateOnce created, the command returns a "Succeeded" message.
Define a file share name.
STORAGE_SHARE_NAME="myfileshare"Create the Azure Storage file share.
az storage share-rm create \ --resource-group $RESOURCE_GROUP \ --storage-account $STORAGE_ACCOUNT_NAME \ --name $STORAGE_SHARE_NAME \ --quota 1024 \ --enabled-protocols SMB \ --output tableGet the storage account key.
STORAGE_ACCOUNT_KEY=`az storage account keys list -n $STORAGE_ACCOUNT_NAME --query "[0].value" -o tsv`The storage account key is required to create the storage link in your Container Apps environment. Container Apps does not support identity-based access to Azure file shares.
Define the storage mount name.
STORAGE_MOUNT_NAME="mystoragemount"This value is the name used to define the storage mount link from your Container Apps environment to your Azure Storage account.
Create the storage mount
Now you can update the container app configuration to support the storage mount.
Create the storage link in the environment.
az containerapp env storage set \ --access-mode ReadWrite \ --azure-file-account-name $STORAGE_ACCOUNT_NAME \ --azure-file-account-key $STORAGE_ACCOUNT_KEY \ --azure-file-share-name $STORAGE_SHARE_NAME \ --storage-name $STORAGE_MOUNT_NAME \ --name $ENVIRONMENT_NAME \ --resource-group $RESOURCE_GROUP \ --output tableThis command creates a link between container app environment and the file share created with the
az storage share-rmcommand.Now that the storage account and environment are linked, you can create a container app that uses the storage mount.
Define the container app name.
CONTAINER_APP_NAME="my-container-app"Create the container app.
az containerapp create \ --name $CONTAINER_APP_NAME \ --resource-group $RESOURCE_GROUP \ --environment $ENVIRONMENT_NAME \ --image nginx \ --min-replicas 1 \ --max-replicas 1 \ --target-port 80 \ --ingress external \ --query properties.configuration.ingress.fqdnThis command displays the URL of your new container app.
Copy the URL and paste into your web browser to navigate to the website.
Once the page loads, you'll see the "Welcome to nginx!" message. Keep this browser tab open. You'll return to the website during the storage mount verification steps.
Now that you've confirmed the container app is configured, you can update the app to with a storage mount definition.
Export the container app's configuration.
az containerapp show \ --name $CONTAINER_APP_NAME \ --resource-group $RESOURCE_GROUP \ --output yaml > app.yamlNote
While this application doesn't have secrets, many apps do feature secrets. By default, when you export an app's configuration, the values for secrets aren't included in the generated YAML.
If you don't need to change secret values, then you can remove the
secretssection and your secrets remain unaltered. Alternatively, if you need to change a secret's value, make sure to provide both thenameandvaluefor all secrets in the file before attempting to update the app. Omitting a secret from thesecretssection deletes the secret.Open app.yaml in a code editor.
Replace the
volumes: nulldefinition in thetemplatesection with avolumes:definition referencing the storage volume. The template section should look like the following:template: containers: - image: nginx imageType: ContainerImage name: my-container-app resources: cpu: 0.5 ephemeralStorage: 2Gi memory: 1Gi volumeMounts: - volumeName: my-azure-file-volume mountPath: /var/log/nginx initContainers: null revisionSuffix: '' scale: cooldownPeriod: 300 maxReplicas: 1 minReplicas: 1 pollingInterval: 30 rules: null serviceBinds: null terminationGracePeriodSeconds: null volumes: - name: my-azure-file-volume storageName: mystoragemount storageType: AzureFileThe new
template.volumessection includes the following properties.Property Description nameThis value matches the volume created by calling the az containerapp env storage setcommand.storageNameThis value defines the name used by containers in the environment to access the storage volume. storageTypeThis value determines the type of storage volume defined for the environment. In this case, an Azure Files mount is declared. The
volumessection defines volumes at the app level that your application container or sidecar containers can reference via avolumeMountssection associated with a container.Add a
volumeMountssection to thenginxcontainer in thecontainerssection.containers: - image: nginx name: my-container-app volumeMounts: - volumeName: my-azure-file-volume mountPath: /var/log/nginxThe new
volumeMountssection includes the following properties:Property Description volumeNameThis value must match the name defined in the volumesdefinition.mountPathThis value defines the path in your container where the storage is mounted. Update the container app with the new storage mount configuration.
az containerapp update \ --name $CONTAINER_APP_NAME \ --resource-group $RESOURCE_GROUP \ --yaml app.yaml \ --output table
Verify the storage mount
Now that the storage mount is established, you can manipulate files in Azure Storage from your container. Use the following commands to observe the storage mount at work.
Open an interactive shell inside the container app to execute commands inside the running container.
az containerapp exec \ --name $CONTAINER_APP_NAME \ --resource-group $RESOURCE_GROUPThis command may take a moment to open the remote shell. Once the shell is ready, you can interact with the storage mount via file system commands. For more information see Connect to a container console in Azure Container Apps.
Change into the nginx /var/log/nginx folder.
cd /var/log/nginxReturn to the browser and navigate to the website and refresh the page a few times.
The requests made to the website create a series of log stream entries.
Return to your terminal and list the values of the
/var/log/nginxfolder.lsNote how the access.log and error.log files appear in this folder. These files are written to the Azure Files mount in your Azure Storage share created in the previous steps.
View the contents of the access.log file.
cat access.logExit out of the container's interactive shell to return to your local terminal session.
exitNow, you can view the files in the Azure portal to verify they exist in your Azure Storage account. Print the name of your randomly generated storage account.
echo $STORAGE_ACCOUNT_NAMENavigate to the Azure portal and open up the storage account created in this procedure.
Under Data Storage select File shares.
Select myshare to view the access.log and error.log files.
Clean up resources
If you're not going to continue to use this application, run the following command to delete the resource group along with all the resources created in this article.
az group delete \
--name $RESOURCE_GROUP