software

Phase 3 - Deploying a Custom App to Azure Kubernetes Service Using Azure Container Registry

Published: (March 1, 2026 at 12:56 AM EST)
4 min read
Source: Dev.to

Source: Dev.to

iapilgrim

Lab Overview

🚀 In this lab, we will:

  • Create an Azure Container Registry (ACR)
  • Build a custom Docker image in the cloud
  • Deploy it to Azure Kubernetes Service (AKS)
  • Expose it publicly using a LoadBalancer

This is a production‑style workflow used by modern cloud‑native teams.

🏗 Architecture Overview

Developer → ACR → AKS → Service (LoadBalancer) → Public IP

We use:

  • Azure Kubernetes Service (AKS)
  • Azure Container Registry (ACR)
  • Managed Identity for secure image pulls

🔧 Prerequisites

You already created AKS:

az aks create \
  --resource-group aks-east2-rg \
  --name aks-prod-east2 \
  --location eastus2 \
  --node-count 2 \
  --network-plugin azure \
  --enable-managed-identity \
  --enable-oidc-issuer \
  --enable-workload-identity \
  --enable-addons monitoring

Set variables:

RG=aks-east2-rg
CLUSTER=aks-prod-east2
ACR_NAME=akseast2acr$RANDOM
LOCATION=eastus2

1️⃣ Register Required Azure Providers (Important)

New subscriptions often need manual provider registration:

az provider register --namespace Microsoft.ContainerRegistry
az provider register --namespace Microsoft.ContainerService
az provider register --namespace Microsoft.Network
az provider register --namespace Microsoft.Compute

Verify:

az provider list --query "[?registrationState!='Registered']"

2️⃣ Create Azure Container Registry

az acr create \
  --resource-group $RG \
  --name $ACR_NAME \
  --sku Standard \
  --location $LOCATION

Attach ACR to AKS (important for image‑pull permissions):

az aks update \
  --name $CLUSTER \
  --resource-group $RG \
  --attach-acr $ACR_NAME

This configures managed‑identity‑based access.

3️⃣ Create a Simple Hello App

Create project folder:

mkdir hello-aks && cd hello-aks

app.js

const http = require('http');

const server = http.createServer((req, res) => {
  res.writeHead(200);
  res.end("Hello from AKS + ACR 🚀");
});

server.listen(3000);

package.json

{
  "name": "hello-aks",
  "version": "1.0.0",
  "main": "app.js"
}

Dockerfile

FROM node:18-alpine
WORKDIR /app
COPY . .
EXPOSE 3000
CMD ["node", "app.js"]

4️⃣ Build Image in ACR (Cloud Shell Compatible)

Since Azure Cloud Shell doesn’t support a Docker daemon, use:

az acr build \
  --registry $ACR_NAME \
  --image hello-aks:v1 \
  .

What happens:

  • Source is uploaded to ACR
  • Image is built inside ACR
  • Image is stored securely

Enterprise‑friendly approach ✅

5️⃣ Connect kubectl to AKS

az aks get-credentials \
  --resource-group $RG \
  --name $CLUSTER

Verify connectivity:

kubectl get nodes

6️⃣ Deploy the Application

Get ACR login server:

ACR_LOGIN_SERVER=$(az acr show \
  --name $ACR_NAME \
  --query loginServer \
  --output tsv)

Create hello-deployment.yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-aks
spec:
  replicas: 2
  selector:
    matchLabels:
      app: hello-aks
  template:
    metadata:
      labels:
        app: hello-aks
    spec:
      containers:
      - name: hello-aks
        image: /hello-aks:v1
        ports:
        - containerPort: 3000

Replace “ with the value stored in ACR_LOGIN_SERVER.

Deploy:

kubectl apply -f hello-deployment.yaml

Verify pods:

kubectl get pods

7️⃣ Expose the Application

Create hello-service.yaml:

apiVersion: v1
kind: Service
metadata:
  name: hello-aks-service
spec:
  type: LoadBalancer
  selector:
    app: hello-aks
  ports:
  - port: 80
    targetPort: 3000

Apply the service:

kubectl apply -f hello-service.yaml

Wait for a public IP:

kubectl get svc hello-aks-service -w

Test the endpoint (replace “ with the assigned IP):

curl http://

Expected output

Hello from AKS + ACR 🚀

🎯 What You Learned

  • How AKS pulls images securely from ACR
  • How to build containers without a local Docker daemon
  • How Azure LoadBalancer exposes services
  • How managed identity simplifies authentication
  • How cloud‑native deployments work end‑to‑end

🧠 Real‑World Production Enhancements

Next steps for… (continue with further guidance as needed)

Enterprise‑grade Setup

  • Private ACR with Private Endpoint
  • NGINX Ingress Controller
  • TLS with cert‑manager
  • Horizontal Pod Autoscaler
  • Azure Key Vault + Workload Identity
  • CI/CD with GitHub Actions
  • Blue/Green deployments

🚀 Final Architecture

ACR (Private Registry)

AKS Deployment (2 replicas)

Kubernetes Service (LoadBalancer)

Public IP

You just built a real production foundation used by SaaS companies and platform teams.

0 views
#software #programming #community
View source
Share:
Back to Blog

Related posts

Read more »

Google Gemini Writing Challenge

What I Built - Where Gemini fit in - Used Gemini’s multimodal capabilities to let users upload screenshots of notes, diagrams, or code snippets. - Gemini gener...