Tutorial: Create an Azure Files volume mount in Azure Container Apps
Learn to write to permanent storage in a container app using an Azure Files storage mount. For more information about storage mounts, see Use storage mounts in Azure Container Apps.
In this tutorial, you learn how to:
- Create a Container Apps environment
- Create an Azure Storage account
- Define a file share in the storage account
- Link the environment to the storage file share
- Mount the storage share in an individual container
- Verify the storage mount by viewing the website access log
Note
Azure Container Apps supports mounting file shares using SMB and NFS protocols. This tutorial demonstrates mounting an Azure Files share using the SMB protocol. To learn more about mounting NFS shares, see Use storage mounts in Azure Container Apps.
Prerequisites
- Install the latest version of the Azure CLI.
Set up the environment
The following commands help you define variables and ensure your Container Apps extension is up to date.
Sign in to the Azure CLI.
az cloud set -n AzureChinaCloud az login # az cloud set -n AzureCloud //means return to Public Azure.
Set up environment variables used in various commands to follow.
RESOURCE_GROUP="my-container-apps-group" ENVIRONMENT_NAME="my-storage-environment" LOCATION="canadacentral"
Ensure you have the latest version of the Container Apps Azure CLI extension.
az extension add -n containerapp --upgrade
Register the
Microsoft.App
namespace.az provider register --namespace Microsoft.App
Register the
Microsoft.OperationalInsights
provider for the Azure Monitor Log Analytics workspace if you haven't used it before.az provider register --namespace Microsoft.OperationalInsights
Create an environment
The following steps create a resource group and a Container Apps environment.
Create a resource group.
az group create \ --name $RESOURCE_GROUP \ --location $LOCATION \ --query "properties.provisioningState"
Once created, the command returns a "Succeeded" message.
At the end of this tutorial, you can delete the resource group to remove all the services created during this article.
Create a Container Apps environment.
az containerapp env create \ --name $ENVIRONMENT_NAME \ --resource-group $RESOURCE_GROUP \ --location "$LOCATION" \ --query "properties.provisioningState"
Once created, the command returns a "Succeeded" message.
Storage mounts are associated with a Container Apps environment and configured within individual container apps.
Set up a storage account
Next, create a storage account and establish a file share to mount to the container app.
Define a storage account name.
This command generates a random suffix to the storage account name to ensure uniqueness.
STORAGE_ACCOUNT_NAME="myacastorageaccount$RANDOM"
Create an Azure Storage account.
az storage account create \ --resource-group $RESOURCE_GROUP \ --name $STORAGE_ACCOUNT_NAME \ --location "$LOCATION" \ --kind StorageV2 \ --sku Standard_LRS \ --enable-large-file-share \ --query provisioningState
Once created, the command returns a "Succeeded" message.
Define a file share name.
STORAGE_SHARE_NAME="myfileshare"
Create the Azure Storage file share.
az storage share-rm create \ --resource-group $RESOURCE_GROUP \ --storage-account $STORAGE_ACCOUNT_NAME \ --name $STORAGE_SHARE_NAME \ --quota 1024 \ --enabled-protocols SMB \ --output table
Get the storage account key.
STORAGE_ACCOUNT_KEY=`az storage account keys list -n $STORAGE_ACCOUNT_NAME --query "[0].value" -o tsv`
The storage account key is required to create the storage link in your Container Apps environment.
Define the storage mount name.
STORAGE_MOUNT_NAME="mystoragemount"
This value is the name used to define the storage mount link from your Container Apps environment to your Azure Storage account.
Create the storage mount
Now you can update the container app configuration to support the storage mount.
Create the storage link in the environment.
az containerapp env storage set \ --access-mode ReadWrite \ --azure-file-account-name $STORAGE_ACCOUNT_NAME \ --azure-file-account-key $STORAGE_ACCOUNT_KEY \ --azure-file-share-name $STORAGE_SHARE_NAME \ --storage-name $STORAGE_MOUNT_NAME \ --name $ENVIRONMENT_NAME \ --resource-group $RESOURCE_GROUP \ --output table
This command creates a link between container app environment and the file share created with the
az storage share-rm
command.Now that the storage account and environment are linked, you can create a container app that uses the storage mount.
Define the container app name.
CONTAINER_APP_NAME="my-container-app"
Create the container app.
az containerapp create \ --name $CONTAINER_APP_NAME \ --resource-group $RESOURCE_GROUP \ --environment $ENVIRONMENT_NAME \ --image nginx \ --min-replicas 1 \ --max-replicas 1 \ --target-port 80 \ --ingress external \ --query properties.configuration.ingress.fqdn
This command displays the URL of your new container app.
Copy the URL and paste into your web browser to navigate to the website.
Once the page loads, you'll see the "Welcome to nginx!" message. Keep this browser tab open. You'll return to the website during the storage mount verification steps.
Now that you've confirmed the container app is configured, you can update the app to with a storage mount definition.
Export the container app's configuration.
az containerapp show \ --name $CONTAINER_APP_NAME \ --resource-group $RESOURCE_GROUP \ --output yaml > app.yaml
Note
While this application doesn't have secrets, many apps do feature secrets. By default, when you export an app's configuration, the values for secrets aren't included in the generated YAML.
If you don't need to change secret values, then you can remove the
secrets
section and your secrets remain unaltered. Alternatively, if you need to change a secret's value, make sure to provide both thename
andvalue
for all secrets in the file before attempting to update the app. Omitting a secret from thesecrets
section deletes the secret.Open app.yaml in a code editor.
Replace the
volumes: null
definition in thetemplate
section with avolumes:
definition referencing the storage volume. The template section should look like the following:template: volumes: - name: my-azure-file-volume storageName: mystoragemount storageType: AzureFile containers: - image: nginx name: my-container-app volumeMounts: - volumeName: my-azure-file-volume mountPath: /var/log/nginx resources: cpu: 0.5 ephemeralStorage: 3Gi memory: 1Gi initContainers: null revisionSuffix: '' scale: maxReplicas: 1 minReplicas: 1 rules: null
The new
template.volumes
section includes the following properties.Property Description name
This value matches the volume created by calling the az containerapp env storage set
command.storageName
This value defines the name used by containers in the environment to access the storage volume. storageType
This value determines the type of storage volume defined for the environment. In this case, an Azure Files mount is declared. The
volumes
section defines volumes at the app level that your application container or sidecar containers can reference via avolumeMounts
section associated with a container.Add a
volumeMounts
section to thenginx
container in thecontainers
section.containers: - image: nginx name: my-container-app volumeMounts: - volumeName: my-azure-file-volume mountPath: /var/log/nginx
The new
volumeMounts
section includes the following properties:Property Description volumeName
This value must match the name defined in the volumes
definition.mountPath
This value defines the path in your container where the storage is mounted. Update the container app with the new storage mount configuration.
az containerapp update \ --name $CONTAINER_APP_NAME \ --resource-group $RESOURCE_GROUP \ --yaml app.yaml \ --output table
Verify the storage mount
Now that the storage mount is established, you can manipulate files in Azure Storage from your container. Use the following commands to observe the storage mount at work.
Open an interactive shell inside the container app to execute commands inside the running container.
az containerapp exec \ --name $CONTAINER_APP_NAME \ --resource-group $RESOURCE_GROUP
This command may take a moment to open the remote shell. Once the shell is ready, you can interact with the storage mount via file system commands.
Change into the nginx /var/log/nginx folder.
cd /var/log/nginx
Return to the browser and navigate to the website and refresh the page a few times.
The requests made to the website create a series of log stream entries.
Return to your terminal and list the values of the
/var/log/nginx
folder.ls
Note how the access.log and error.log files appear in this folder. These files are written to the Azure Files mount in your Azure Storage share created in the previous steps.
View the contents of the access.log file.
cat access.log
Exit out of the container's interactive shell to return to your local terminal session.
exit
Now, you can view the files in the Azure portal to verify they exist in your Azure Storage account. Print the name of your randomly generated storage account.
echo $STORAGE_ACCOUNT_NAME
Navigate to the Azure portal and open up the storage account created in this procedure.
Under Data Storage select File shares.
Select myshare to view the access.log and error.log files.
Clean up resources
If you're not going to continue to use this application, run the following command to delete the resource group along with all the resources created in this article.
az group delete \
--name $RESOURCE_GROUP