|
| 1 | +--- |
| 2 | +title: Connect a container app to a cloud service with Service Connector |
| 3 | +description: Learn to connect a container app to an Azure service using the Azure portal or the CLI. |
| 4 | +author: maud-lv |
| 5 | +ms.author: malev |
| 6 | +ms.service: container-apps |
| 7 | +ms.topic: how-to |
| 8 | +ms.date: 06/16/2022 |
| 9 | +# Customer intent: As an app developer, I want to connect a containerized app to a storage account in the Azure portal using Service Connector. |
| 10 | +--- |
| 11 | + |
| 12 | +# How to connect a Container Apps instance to a backing service |
| 13 | + |
| 14 | +Azure Container Apps allows you to use Service Connector to connect to cloud services in just a few steps. Service Connector manages the configuration of the network settings and connection information between different services. To view all supported services, [learn more about Service Connector](../service-connector/overview.md#what-services-are-supported-in-service-connector). |
| 15 | + |
| 16 | +In this article, you learn to connect a container app to Azure Blob Storage. |
| 17 | + |
| 18 | +> [!IMPORTANT] |
| 19 | +> This feature in Container Apps is currently in preview. |
| 20 | +> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability. |
| 21 | +
|
| 22 | +## Prerequisites |
| 23 | + |
| 24 | +- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/dotnet). |
| 25 | +- An application deployed to Container Apps in a [region supported by Service Connector](../service-connector/concept-region-support.md). If you don't have one yet, [create and deploy a container to Container Apps](quickstart-portal.md) |
| 26 | +- An Azure Blob Storage account |
| 27 | + |
| 28 | +## Sign in to Azure |
| 29 | + |
| 30 | +First, sign in to Azure. |
| 31 | + |
| 32 | +### [Portal](#tab/azure-portal) |
| 33 | + |
| 34 | +Sign in to the Azure portal at [https://portal.azure.com/](https://portal.azure.com/) with your Azure account. |
| 35 | + |
| 36 | +### [Azure CLI](#tab/azure-cli) |
| 37 | + |
| 38 | +```azurecli-interactive |
| 39 | +az login |
| 40 | +``` |
| 41 | + |
| 42 | +This command prompts your web browser to launch and load an Azure sign in page. If the browser fails to open, use device code flow with `az login --use-device-code`. For more sign in options, go to [sign in with the Azure CLI](/cli/azure/authenticate-azure-cli). |
| 43 | + |
| 44 | +--- |
| 45 | + |
| 46 | +## Create a new service connection |
| 47 | + |
| 48 | +Use Service Connector to create a new service connection in Container Apps using the Azure portal or the CLI. |
| 49 | + |
| 50 | +### [Portal](#tab/azure-portal) |
| 51 | + |
| 52 | +1. Navigate to the Azure portal. |
| 53 | +1. Select **All resources** on the left of the Azure portal. |
| 54 | +1. Enter **Container Apps** in the filter and select the name of the container app you want to use in the list. |
| 55 | +1. Select **Service Connector** from the left table of contents. |
| 56 | +1. Select **Create**. |
| 57 | + |
| 58 | + :::image type="content" source="media/service-connector/connect-service-connector.png" alt-text="Screenshot of the Azure portal, selecting Service Connector within a container app." lightbox="media/service-connector/connect-service-connector-expanded.png"::: |
| 59 | + |
| 60 | +1. Select or enter the following settings. |
| 61 | + |
| 62 | + | Setting | Suggested value | Description | |
| 63 | + | --- | --- | --- | |
| 64 | + | **Container** | Your container name | Select your Container Apps. | |
| 65 | + | **Service type** | Blob Storage | This is the target service type. If you don't have a Storage Blob container, you can [create one](../storage/blobs/storage-quickstart-blobs-portal.md) or use another service type. | |
| 66 | + | **Subscription** | One of your subscriptions | The subscription containing your target service. The default value is the subscription for your container app. | |
| 67 | + | **Connection name** | Generated unique name | The connection name that identifies the connection between your container app and target service. | |
| 68 | + | **Storage account** | Your storage account name | The target storage account to which you want to connect. If you choose a different service type, select the corresponding target service instance. | |
| 69 | + | **Client type** | The app stack in your selected container | Your application stack that works with the target service you selected. The default value is **none**, which generates a list of configurations. If you know about the app stack or the client SDK in the container you selected, select the same app stack for the client type. | |
| 70 | + |
| 71 | +1. Select **Next: Authentication** to select the authentication type. Then select **Connection string** to use access key to connect your Blob Storage account. |
| 72 | + |
| 73 | +1. Select **Next: Network** to select the network configuration. Then select **Enable firewall settings** to update firewall allowlist in Blob Storage so that your container apps can reach the Blob Storage. |
| 74 | + |
| 75 | +1. Then select **Next: Review + Create** to review the provided information. Running the final validation takes a few seconds. Then select **Create** to create the service connection. It might take a minute or so to complete the operation. |
| 76 | + |
| 77 | +### [Azure CLI](#tab/azure-cli) |
| 78 | + |
| 79 | +The following steps create a service connection using an access key or a system-assigned managed identity. |
| 80 | + |
| 81 | +1. Use the Azure CLI command `az containerapp connection list-support-types` to view all supported target services. |
| 82 | + |
| 83 | + ```azurecli-interactive |
| 84 | + az provider register -n Microsoft.ServiceLinker |
| 85 | + az containerapp connection list-support-types --output table |
| 86 | + ``` |
| 87 | +
|
| 88 | +1. Use the Azure CLI command `az containerapp connection connection create` to create a service connection from a container app. |
| 89 | +
|
| 90 | + If you're connecting with an access key, run the code below: |
| 91 | +
|
| 92 | + ```azurecli-interactive |
| 93 | + az containerapp connection create storage-blob --secret |
| 94 | + ``` |
| 95 | +
|
| 96 | + If you're connecting with a system-assigned managed identity, run the code below: |
| 97 | +
|
| 98 | + ```azurecli-interactive |
| 99 | + az containerapp connection create storage-blob --system-identity |
| 100 | + ``` |
| 101 | +
|
| 102 | +1. Provide the following information at the Azure CLI's request: |
| 103 | +
|
| 104 | + - **The resource group which contains the container app**: the name of the resource group with the container app. |
| 105 | + - **Name of the container app**: the name of your container app. |
| 106 | + - **The container where the connection information will be saved**: the name of the container, in your container app, that connects to the target service |
| 107 | + - **The resource group which contains the storage account:** the name of the resource group name with the storage account. In this guide, we're using a Blob Storage. |
| 108 | + - **Name of the storage account**: the name of the storage account that contains your blob. |
| 109 | +
|
| 110 | + > [!IMPORTANT] |
| 111 | + > To use Managed Identity, you must have the permission to manage [Azure Active Directory role assignments](../active-directory/managed-identities-azure-resources/howto-assign-access-portal.md). If you don't have this permission, you won't be able to create a connection. You can ask your subscription owner to grant you this permission or use an access key instead to create the connection. |
| 112 | +
|
| 113 | + > [!NOTE] |
| 114 | + > If you don't have a Blob Storage, you can run `az containerapp connection create storage-blob --new --secret` to provision a new one. |
| 115 | +
|
| 116 | +--- |
| 117 | +
|
| 118 | +## View service connections in Container Apps |
| 119 | +
|
| 120 | +View your existing service connections using the Azure portal or the CLI. |
| 121 | +
|
| 122 | +### [Portal](#tab/azure-portal) |
| 123 | +
|
| 124 | +1. In **Service Connector**, select **Refresh** and you'll see a Container Apps connection displayed. |
| 125 | +
|
| 126 | +1. Select **>** to expand the list. You can see the environment variables required by your application code. |
| 127 | +
|
| 128 | +1. Select **...** and then **Validate**. You can see the connection validation details in the pop-up panel on the right. |
| 129 | +
|
| 130 | + :::image type="content" source="media/service-connector/connect-service-connector-refresh.png" alt-text="Screenshot of the Azure portal, viewing connection validation details."::: |
| 131 | +
|
| 132 | +### [Azure CLI](#tab/azure-cli) |
| 133 | +
|
| 134 | +Use the Azure CLI command `az containerapp connection list` to list all your container app's provisioned connections. Provide the following information: |
| 135 | +
|
| 136 | +- **Source compute service resource group name**: the resource group name of the container app. |
| 137 | +- **Container app name**: the name of your container app. |
| 138 | +
|
| 139 | +```azurecli-interactive |
| 140 | +az containerapp connection list -g "<your-container-app-resource-group>" --name "<your-container-app-name>" --output table |
| 141 | +``` |
| 142 | + |
| 143 | +The output also displays the provisioning state of your connections: failed or succeeded. |
| 144 | + |
| 145 | +--- |
| 146 | + |
| 147 | +## Next steps |
| 148 | + |
| 149 | +> [!div class="nextstepaction"] |
| 150 | +> [Environments in Azure Container Apps](environment.md) |
0 commit comments