Skip to main content

Creating a Docker container

Once the worker application is running, a Docker container can be created.

The Docker container can be uploaded to a container registry of choice.

This guide will upload the image to an Azure Container Registry, but you can use any docker container registry of choice.

info

Please note that some container registry offerings (see Docker Hub) have rate limits in place.

This is not recommended for Taskurai production environments, consider paid subscriptions or use an Azure Container Registry.

Prerequisites

Add Docker support

Docker support requires a Docker-file. This file is a set of comprehensive instructions, for building your .NET Taskurai Worker Service as a Docker image. The dockerfile is a file without a file extension. The following is an example Docker-file, and should exist at the root directory of the project file.

tip

When you have set up the worker using the template installer, a dockerfile is already included. The file should exist at the root directory of the project file.

dockerfile
FROM mcr.microsoft.com/dotnet/runtime:7.0 AS base
WORKDIR /app

# Creates a non-root user with an explicit UID and adds permission to access the /app folder
# For more info, please refer to https://aka.ms/vscode-docker-dotnet-configure-containers
RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser

FROM mcr.microsoft.com/dotnet/sdk:7.0 AS build
WORKDIR /src
COPY ["TestWorker.csproj", "TestWorker/"]
RUN dotnet restore "TestWorker/TestWorker.csproj"

COPY [".", "TestWorker/"]
WORKDIR "/src/TestWorker"
RUN dotnet build "TestWorker.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "TestWorker.csproj" -c Release -o /app/publish /p:UseAppHost=false

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "TestWorker.dll"]

Create container registry

An Azure Container Registry (ACR) resource allows you to build, store, and manage container images and artifacts in a private registry.

  1. Sign in to Azure

To begin, sign in to Azure:

az login
  1. If you have more than one subscription, set the active subscription:
az account set --subscription XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
  1. Create a resource group

Create a resource group with the az group create command.

az group create --name rg-container-registries --location westeurope
  1. Create a container registry

In this guide, you create a Basic registry, which is a cost-optimized option for developers. For production usage, you may need to upgrade the plan.

Create an ACR instance using the az acr create command*. The registry name must be unique within Azure.

az acr create --resource-group rg-container-registries \
  --name myuniqueregistrysample --sku Basic

When the registry is created, the output should be similar to this:

{
  "adminUserEnabled": false,
  "creationDate": "2019-01-08T22:32:13.175925+00:00",
  "id": "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/rg-container-registries/providers/Microsoft.ContainerRegistry/registries/myuniqueregistrysample",
  "location": "westeuropre",
  "loginServer": "myuniqueregistrysample.azurecr.io",
  "name": "myuniqueregistrysample",
  "provisioningState": "Succeeded",
  "resourceGroup": "rg-container-registries",
  "sku": {
    "name": "Basic",
    "tier": "Basic"
  },
  "status": null,
  "storageAccount": null,
  "tags": {},
  "type": "Microsoft.ContainerRegistry/registries"
}

Take note of the loginServer in the output for later usage.

Log in to the registry

Before pushing and pulling container images, you must log in to the registry:

az acr login --name myuniqueregistrysample

Push image to registry

info

With Azure Container Registry, you can build and push docker images without installing Docker locally.

  1. Go to the project directory.

  2. Enter the following command to build a Docker image:

az acr build --registry myuniqueregistrysample --image taskuraitestworker:latest --platform 'linux/amd64' .
Recommendations for tagging and versioning container images

This sample uses the latest label for tagging the Docker image.

It is recommended to think about a strategy for container image tagging.

Workers that use the latest tag, will pull the latest container image on a new deployment request. This may not be the desired behavior. Consider using stable tags for container tagging, like version tags (major.minor), unique stamps (date-time, Git commit, Build id, ...).

Create an access token

Taskurai must be able to authenticate to the registry. It will require pull permissions to retrieve container images.

Use the following command to create a token:

az acr token create --name taskuraipulltoken --registry myuniqueregistrysample \
  --repository taskuraitestworker \
  content/read \
  --output json

This command should return something like this:

{
  "creationDate": "2023-06-19T16:15:03.369859+00:00",
  "credentials": {
    "certificates": null,
    "passwords": [
      {
        "creationTime": "2023-06-19T16:15:15.328776+00:00",
        "expiry": null,
        "name": "password1",
        "value": "XXX1..."
      },
      {
        "creationTime": "2023-06-19T16:15:15.328776+00:00",
        "expiry": null,
        "name": "password2",
        "value": "XXX2..."
      }
    ],
    "username": "taskuraipulltoken"
  },
  "id": "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/rg-container-registries/providers/Microsoft.ContainerRegistry/registries/myuniqueregistrysample/tokens/taskuraipulltoken",
  "name": "taskuraipulltoken",
  "provisioningState": "Succeeded",
  "resourceGroup": "rg-container-registries",
  "scopeMapId": "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/rg-container-registries/providers/Microsoft.ContainerRegistry/registries/myuniqueregistrysample/scopeMaps/taskuraipulltoken-scope-map",
  "status": "enabled",
  "type": "Microsoft.ContainerRegistry/registries/tokens"
}

Keep the generated passwords in a safe place. You will need the token name taskuraipulltoken as the username and one of the passwords to configure the Taskurai worker.