Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
"Dedicated" is an Azure Container Instances (ACI) sku that provides an isolated and dedicated compute environment for securely running containers. Using the dedicated sku results in each container group having a dedicated physical server in an Azure datacenter, ensuring full workload isolation to help meet your organization's security and compliance requirements.
The dedicated sku is appropriate for container workloads that require workload isolation from a physical server perspective.
A dedicated host for Azure Container Instances provides double encryption at rest for your container data when the service persists it to the cloud. This encryption protects your data to help meet your organization's security and compliance requirements. ACI also gives you the option to encrypt this data with your own key, giving you greater control over the data related to your ACI deployments.
Prerequisites
Note
Due to some current limitations, not all limit increase requests are guaranteed to be approved.
- The default limit for any subscription to use the dedicated sku is 0. If you would like to use this sku for your production container deployments, create an Azure Support request to increase the limit.
Use the dedicated sku
Important
Using the dedicated sku is only available in API version 2019-12-01 or later. Specify this API version or a more recent one in your deployment template.
Starting with API version 2019-12-01, there's a sku property under the container group properties section of a deployment template, which is required for an ACI deployment. Currently, you can use this property as part of an Azure Resource Manager deployment template for ACI. Learn more about deploying ACI resources with a template in the Tutorial: Deploy a multi-container group using a Resource Manager template.
The sku property can have one of the following values:
Standard- the standard ACI deployment choice, which still guarantees hypervisor-level securityDedicated- used for workload level isolation with dedicated physical hosts for the container group
Modify your JSON deployment template
In your deployment template, modify or add the following properties:
- Under
resources, setapiVersionto2019-12-01. - Under the container group properties, add a
skuproperty with valueDedicated.
Here's an example snippet for the resources section of a container group deployment template that uses the dedicated sku:
[...]
"resources": [
{
"name": "[parameters('containerGroupName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2019-12-01",
"location": "[resourceGroup().location]",
"properties": {
"sku": "Dedicated",
"containers": {
[...]
}
}
}
]
Following is a complete template that deploys a sample container group running a single container instance:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"containerGroupName": {
"type": "string",
"defaultValue": "myContainerGroup",
"metadata": {
"description": "Container Group name."
}
}
},
"resources": [
{
"name": "[parameters('containerGroupName')]",
"type": "Microsoft.ContainerInstance/containerGroups",
"apiVersion": "2019-12-01",
"location": "[resourceGroup().location]",
"properties": {
"sku": "Dedicated",
"containers": [
{
"name": "container1",
"properties": {
"image": "nginx",
"command": [
"/bin/sh",
"-c",
"while true; do echo `date`; sleep 1000000; done"
],
"ports": [
{
"protocol": "TCP",
"port": 80
}
],
"environmentVariables": [],
"resources": {
"requests": {
"memoryInGB": 1.0,
"cpu": 1
}
}
}
}
],
"restartPolicy": "Always",
"ipAddress": {
"ports": [
{
"protocol": "TCP",
"port": 80
}
],
"type": "Public"
},
"osType": "Linux"
},
"tags": {}
}
]
}
Deploy your container group
Create a resource group with the az group create command.
az group create --name myResourceGroup --location chinaeast2
Deploy the template with the az deployment group create command.
az deployment group create --resource-group myResourceGroup --template-file deployment-template.json
Within a few seconds, you should receive an initial response from Azure. A successful deployment takes place on a dedicated host.