Our project requires two docker instances:
- a custom image built on top of an official PHP image via a Dockerfile
- needs access to the PHP scripts (currently in the same git repository as the Dockerfile)
- needs access to the MySQL server mentioned bellow
- needs access to a persistent volume containing data files and log files
- depends on environment values to get MySQL passwords and other secrets or configuration
- an official MySQL image
- needs access to a persistent volume containing data files
Public access to the MySQL should be forbidden. However, there should be a way to connect to the MySQL server from specific computers / specific AAD users if needed to manually alter the database or get a dump of it.
The PHP web should be available via HTTPS using a custom or Let's Encrypt certificate. Not sure, whether it should be handled inside the PHP instance, via a proxy instance, via Azure API gateway or another way.
After deploing a new PHP image, the CI should run a script inside the docker image which migrate the MySQL schema and data. The script should get a MySQL "root"-like password so it has enough permissions to do its work.
We use Azure DevOps for git repositories and for CI.
I was able to set up a Azure DevOps Pipeline YAML to build and publish the custom PHP image to an Azure Container Repository. However, I found no suitable tasks to start/configure/deploy/stop a Container Instance from Azure DevOps Releases. Neither I am sure what to use / how to add HTTPS support.
It's my first docker deployment in production - up to now, I was only using docker for development. I've tried to study the docs, search net but still has no idea what the best practices are, how to build it together. I would appreaciate any, even partial help and hints, how to correctly deploy the thing. Thanks.
