Deploying Docker Containers with Azure Storage Service Endpoint
Question
You have an Azure subscription named Sub1. Sub1 contains a virtual network named VNet1 that contains one subnet named Subnet1.
Subnet1 contains an Azure virtual machine named VM1 that runs Ubuntu Server 18.04.
You create a service endpoint for MicrosoftStorage in Subnet1.
You need to ensure that when you deploy Docker containers to VM1, the containers can access Azure Storage resources by using the service endpoint.
What should you do on VM1 before you deploy the container?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C.C
The Azure Virtual Network container network interface (CNI) plug-in installs in an Azure Virtual Machine. The plug-in supports both Linux and Windows platform.
The plug-in assigns IP addresses from a virtual network to containers brought up in the virtual machine, attaching them to the virtual network, and connecting them directly to other containers and virtual network resources. The plug-in doesn't rely on overlay networks, or routes, for connectivity, and provides the same performance as virtual machines.
The following picture shows how the plug-in provides Azure Virtual Network capabilities to Pods:
The correct answer is B. Edit the docker-compose.yml file.
When you create a service endpoint for Microsoft Storage in Subnet1, it allows traffic from the subnet to the Azure Storage service over a private endpoint. This way, traffic to the Storage service doesn't traverse the public internet.
To ensure that Docker containers deployed on VM1 can access Azure Storage resources using the service endpoint, you need to specify the endpoint's DNS name as the storage endpoint in the Docker container configuration.
This can be achieved by editing the docker-compose.yml file on VM1. The docker-compose.yml file contains the configuration information for Docker containers, including network settings, volumes, and environment variables.
To configure the Docker container to use the service endpoint for Microsoft Storage, add the following environment variable to the Docker container configuration in the docker-compose.yml file:
javascript- AZURE_STORAGE_ENDPOINT_SUFFIX=<storage account name>.blob.core.windows.net Replace <storage account name> with the name of your Azure Storage account.
Option A, creating an application security group and a network security group (NSG), is not required for this scenario. Application security groups are used to simplify network security group rule management by grouping virtual machines with similar security requirements. NSGs are used to filter network traffic to and from Azure resources.
Option C, installing the container network interface (CNI) plug-in, is also not required for this scenario. The CNI plug-in is used to configure network interfaces for containers running in Kubernetes. It is not relevant for Docker containers running on VM1.