Tutorial: Configure a sidecar container for custom container in Azure App Service (preview)
In this tutorial, you add OpenTelemetry collector as a sidecar container to a Linux custom container app in Azure App Service.
In Azure App Service, you can add up to 4 sidecar containers for each sidecar-enabled custom container app. Sidecar containers let you deploy extra services and features to your container application without making them tightly coupled to your main application container. For example, you can add monitoring, logging, configuration, and networking services as sidecar containers. An OpenTelemetry collector sidecar is one such monitoring example.
Note
For the preview period, sidecar support must be enabled at app creation. There's currently no way to enable sidecar support for an existing app.
If you don't have an Azure subscription, create a trial account before you begin.
1. Set up the needed resources
First you create the resources that the tutorial uses. They're used for this particular scenario and aren't required for sidecar containers in general.
In the Azure Cli, run the following commands:
git clone https://github.com/Azure-Samples/app-service-sidecar-tutorial-prereqs cd app-service-sidecar-tutorial-prereqs azd provision
When prompted, supply the environment name, subscription, and region you want. For example:
- Environment name: my-sidecar-env
- Subscription: your subscription
- Region: (Asia) China North 2
When deployment completes, you should see the following output:
APPLICATIONINSIGHTS_CONNECTION_STRING = InstrumentationKey=...;IngestionEndpoint=...;LiveEndpoint=... Open resource group in the portal: https://portal.azure.cn/#@/resource/subscriptions/.../resourceGroups/...
Open the resource group link in a browser tab. You'll need to use the connection string later.
Note
azd provision
uses the included templates to create the following Azure resources:- A resource group
- A container registry with two images deployed:
- An Nginx image with the OpenTelemetry module.
- An OpenTelemetry collector image, configured to export to Azure Monitor.
- A log analytics workspace
- An Application Insights component
2. Create a sidecar-enabled app
In the resource group's management page, select Create.
Search for web app, then select the down arrow on Create and select Web App.
Configure the Basics panel as follows:
- Name: A unique name
- Publish: Container
- Operating System: Linux
- Region: Same region as the one you chose with
azd provision
- Linux Plan: A new App Service plan
Select Container. Configure the Container panel as follows:
- Sidecar support: Enabled
- Image Source: Azure Container Registry
- Registry: The registry created by
azd provision
- Image: nginx
- Tag: latest
- Port: 80
Note
These settings are configured differently in sidecar-enabled apps. For more information, see Differences for sidecar-enabled apps.
Select Review + create, then select Create.
Once the deployment completes, select Go to resource.
In a new browser tab, navigate to
https://<app-name>.chinacloudsites.cn
and see the default Nginx page.
3. Add a sidecar container
In this section, you add a sidecar container to your custom container app.
In the app's management page, from the left menu, select Deployment Center.
The deployment center shows you all the containers in the app. Right now, it only has the main container.
Select Add and configure the new container as follows:
- Name: otel-collector
- Image source: Azure Container Registry
- Registry: The registry created by
azd provision
- Image: otel-collector
- Tag: latest
- Port: 4317
Port 4317 is the default port used by the sample container to receive OpenTelemetry data. It's accessible from any other container in the app at
localhost:4317
. This is exactly how the Nginx container sends data to the sidecar (see the OpenTelemetry module configuration for the sample Nginx image).Select Apply.
You should now see two containers in the deployment center. The main container is marked Main, and the sidecar container is marked Sidecar. Each app must have one main container but can have multiple sidecar containers.
4. Configure environment variables
For the sample scenario, the otel-collector sidecar is configured to export the OpenTelemetry data to Azure Monitor, but it needs the connection string as an environment variable (see the OpenTelemetry configuration file for the otel-collector image).
You configure environment variables for the containers like any App Service app, by configuring app settings. The app settings are accessible to all the containers in the app.
In the app's management page, from the left menu, select Configuration.
Add an app setting by selecting New application setting and configure it as follows:
- Name: APPLICATIONINSIGHTS_CONNECTION_STRING
- Value: The connection string in the output of
azd provision
Select Save, then select Continue.
Note
Certain app settings don't apply to sidecar-enabled apps. For more information, see Differences for sidecar-enabled apps
5. Verify in Application Insights
The otel-collector sidecar should export data to Application Insights now.
Back in the browser tab for
https://<app-name>.chinacloudsites.cn
, refresh the page a few times to generate some web requests.Go back to the resource group overview page, select the Application Insights resource. You should now see some data in the default charts.
Note
In this very common monitoring scenario, Application Insights is just one of the OpenTelemetry targets you can use, such as Jaeger, Prometheus, and Zipkin.
Clean up resources
When you no longer need the environment, you can delete the resource group, App service, and all related resources. Just run this command in the Cli, in the cloned repository:
azd down
Differences for sidecar-enabled apps
You configure sidecar-enabled apps differently than apps that aren't sidecar-enabled. Specifically, you don't configure the main container and sidecars with app settings, but directly in the resource properties. These app settings don't apply for sidecar-enabled apps:
- Registry authentication settings:
DOCKER_REGISTRY_SERVER_URL
,DOCKER_REGISTRY_SERVER_USERNAME
andDOCKER_REGISTRY_SERVER_PASSWORD
. - Container port:
WEBSITES_PORT