mount azure file share to web app for linux containers with docker-compose

3.5k views Asked by At

I am trying to mount an azure file share to a Web App for Containers (linux) service. This is a .net Core 3 web api app with an angular front end. The app container runs perfectly locally when I mount a local drive to load the exact same files as in the file share.

according to the docker docs for azure file share I should set my docker compose file to be the following:

version: '3.4'

services:
  webui:
    image: ${DOCKER_REGISTRY-}webui
    build:
      context: .
      dockerfile: src/WebUI/Dockerfile
    environment:
      - "UseInMemoryDatabase=false"
      - "ASPNETCORE_ENVIRONMENT=Production"
      - "ConnectionStrings__DefaultConnection=Server="
      - "ASPNETCORE_Kestrel__Certificates__Default__Path=/security/mycertfile.pfx"
      - "ASPNETCORE_Kestrel__Certificates__Default__Password=Your_password123"
    ports:
      - "5000:5000"
      - "5001:5001"
    volumes:
       - mcpdata:"/security:/security"
    restart: always

volumes:
  mcpdata:
    driver: azure_file
    driver_opts:
      share_name: sharename
      storage_account_name: storageaccountname

In the configuration for my web app I have created the following file mount: enter image description here

I can confirm that the file share contains the file referenced in the environment variables: mcpdata/security/mycertfile.pfx

PROBLEM:

When the container is run by the service it gives an error:

System.InvalidOperationException: There was an error loading the certificate. The file '/security/mycert.pfx' was not found.

WHAT I TIRED:

  1. Because the container fails I cannot ssh into it to check for the files. So i pull the image from azure container registry locally and then do a docker export -o dump.tar . I then extract the files and the security folder is not created.
  2. I also tried just referencing the named file share directly in the docker compose file by removing the top level mount definition from the docker compose file. removed code shown below:
volumes:
  mcpdata:
    driver: azure_file
    driver_opts:
      share_name: sharename
      storage_account_name: storageaccountname

QUESTION:

Can someone help me connect an azure file share to my container, or help me confirm where the files are mounted when the container fails.

EDIT 1:

attempt to add file share mount with azure cli. I used the following command to add the file share mount to my web app:

az webapp config storage-account add --resource-group "rgname" --name "appname" --slot development --custom-id fsmount001 --storage-type AzureFiles --share-name "sname" --account-name "aname" --access-key "key" --mount-path /

this command works and creates the file mount, however I still get the error that it cannot find the cert file in the /security/ folder

If I bash into the app via kudu and not the container itself, I can see that the file mount exists and is named security in the root of the web app.

EDIT 2: SOLUTION

set up the file mount with the following command:

az webapp config storage-account add --resource-group "rgname" --name "appname" --slot development --custom-id fsmount001 --storage-type AzureFiles --share-name "sname" --account-name "aname" --access-key "key" --mount-path /security/security/

In docker compose I use:

volumes:
   - fsmount001: /security:/security

In appsettings.Production.json:

  "IdentityServer": {
    "Key": {
      "Type": "File",
      "FilePath": "/security/mycert.pfx",
      "Password": "password"
    }
  }

This is what my file mount settings look like in the azure portal under configuration -> path mappings: enter image description here

Inside the file mount is a folder called security which contains the cert file.

Thanks to Charles help and I hope this helps someone else!

1

There are 1 answers

6
Charles Xu On BEST ANSWER

The steps what you have followed is for the ACI, not for the Web App. To mount the Azure File Share to the Azure Web App for the container, you just need to follow the steps in Link storage to your app.

And you need to change the docker-compose file at the volumes:

From:

volumes:
       - mcpdata:"/security:/security"

Into:

volumes:
       - custom-id:/security/security/

The custom-id is the thing you uses in the CLI command.