implemented azure container instance sample app

Author: DrisDary

run-samples.sh

@@ -35,7 +35,7 @@ SAMPLES=(
   "samples/web-app-cosmosdb-mongodb-api/python|bash scripts/deploy.sh|bash scripts/validate.sh && bash scripts/call-web-app.sh"
   "samples/web-app-managed-identity/python|bash scripts/user-assigned.sh|bash scripts/validate.sh && bash scripts/call-web-app.sh"
   "samples/web-app-sql-database/python|bash scripts/deploy.sh|bash scripts/validate.sh && bash scripts/get-web-app-url.sh"
-  "samples/aci-vacation-planner/python|bash scripts/deploy.sh|bash scripts/validate.sh"
+  "samples/aci-blob-storage/python|bash scripts/deploy.sh|bash scripts/validate.sh"
 )
 
 # 1a. Define Terraform Samples

…es/aci-vacation-planner/python/README.md samples/aci-blob-storage/python/README.mdsamples/aci-vacation-planner/python/README.md renamed to samples/aci-blob-storage/python/README.md samples/aci-vacation-planner/python/README.md renamed to samples/aci-blob-storage/python/README.md

@@ -50,14 +50,30 @@ azlocal start_interception
 cd python
 bash scripts/deploy.sh
 
-# Validate the deployment
+# Validate the deployment (includes stop/start/restart lifecycle tests)
 bash scripts/validate.sh
 ```
 
+## Advanced Deployment
+
+The advanced script demonstrates additional ACI features on top of the basic deployment:
+
+- **Init containers** — Run a health-check container before the app starts
+- **emptyDir volumes** — Shared temporary storage between init and app containers
+- **Secret volumes** — Config files decoded from base64 and mounted read-only
+- **Secure environment variables** — Connection string hidden from API responses
+- **DNS name label / FQDN** — Generates a fully qualified domain name
+
+```bash
+# Run the basic deployment first, then:
+bash scripts/deploy-advanced.sh
+```
+
 ## Cleanup
 
 ```bash
-azlocal group delete --name local-aci-rg --yes
+# Removes all resources created by deploy.sh and deploy-advanced.sh
+bash scripts/cleanup.sh
 ```
 
 ## Application
@@ -81,3 +97,31 @@ The Vacation Planner is a Flask web application with a Bootstrap UI that lets us
 | `AZURE_STORAGE_CONNECTION_STRING` | Blob Storage connection string (from Key Vault) |
 | `BLOB_CONTAINER_NAME` | Name of the blob container for activities |
 | `LOGIN_NAME` | Username for the activity list (default: "paolo") |
+
+## Scripts
+
+| Script | Description |
+|--------|-------------|
+| `scripts/deploy.sh` | Basic deployment: Storage, Key Vault, ACR, ACI with env vars and DNS label |
+| `scripts/validate.sh` | Validates all resources and exercises ACI lifecycle (get, list, logs, exec, stop, start, restart) |
+| `scripts/deploy-advanced.sh` | Advanced deployment: init containers, emptyDir/secret volumes, secure env vars |
+| `scripts/cleanup.sh` | Removes all resources created by deploy.sh and deploy-advanced.sh |
+
+## ACI Features Demonstrated
+
+| Feature | Basic Deploy | Advanced Deploy |
+|---------|:---:|:---:|
+| Container group create | x | x |
+| Public IP + ports | x | x |
+| Environment variables | x | x |
+| Registry credentials (ACR) | x | x |
+| CPU / memory resources | x | x |
+| DNS name label / FQDN | x | x |
+| Secure environment variables | | x |
+| Init containers | | x |
+| emptyDir volumes | | x |
+| Secret volumes | | x |
+| Stop / Start / Restart | validate.sh | |
+| List container groups | validate.sh | |
+| Logs with --tail | validate.sh | |
+| Container exec | validate.sh | |

samples/aci-blob-storage/python/scripts/cleanup.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+
+# =============================================================================
+# ACI Vacation Planner - Cleanup Script
+#
+# Removes all Azure resources created by deploy.sh and deploy-advanced.sh.
+# Deletes resources in reverse order to avoid dependency issues.
+# =============================================================================
+
+# Variables (must match deploy.sh)
+PREFIX='local'
+RESOURCE_GROUP_NAME="${PREFIX}-aci-rg"
+ACI_GROUP_NAME="${PREFIX}-aci-planner"
+ACI_GROUP_ADVANCED="${PREFIX}-aci-planner-advanced"
+KEY_VAULT_NAME="${PREFIX}acikv"
+ACR_NAME="${PREFIX}aciacr"
+STORAGE_ACCOUNT_NAME="${PREFIX}acistorage"
+ENVIRONMENT=$(az account show --query environmentName --output tsv)
+
+# Choose the appropriate CLI based on the environment
+if [[ $ENVIRONMENT == "LocalStack" ]]; then
+	AZ="azlocal"
+else
+	AZ="az"
+fi
+
+echo "============================================================"
+echo "Cleaning up ACI Vacation Planner Resources"
+echo "============================================================"
+echo ""
+
+# 1. Delete ACI container groups (basic + advanced)
+echo "[1/5] Deleting ACI container groups..."
+$AZ container delete \
+	--name "$ACI_GROUP_NAME" \
+	--resource-group "$RESOURCE_GROUP_NAME" \
+	--yes \
+	--only-show-errors 2>/dev/null && echo "  Deleted: $ACI_GROUP_NAME" || echo "  Skipped: $ACI_GROUP_NAME (not found)"
+
+$AZ container delete \
+	--name "$ACI_GROUP_ADVANCED" \
+	--resource-group "$RESOURCE_GROUP_NAME" \
+	--yes \
+	--only-show-errors 2>/dev/null && echo "  Deleted: $ACI_GROUP_ADVANCED" || echo "  Skipped: $ACI_GROUP_ADVANCED (not found)"
+echo ""
+
+# 2. Delete ACR
+echo "[2/5] Deleting ACR [$ACR_NAME]..."
+$AZ acr delete \
+	--name "$ACR_NAME" \
+	--resource-group "$RESOURCE_GROUP_NAME" \
+	--yes \
+	--only-show-errors 2>/dev/null && echo "  Deleted: $ACR_NAME" || echo "  Skipped: $ACR_NAME (not found)"
+echo ""
+
+# 3. Delete Key Vault (delete + purge to release the vault name)
+echo "[3/5] Deleting Key Vault [$KEY_VAULT_NAME]..."
+$AZ keyvault delete \
+	--name "$KEY_VAULT_NAME" \
+	--resource-group "$RESOURCE_GROUP_NAME" \
+	--only-show-errors 2>/dev/null && echo "  Deleted: $KEY_VAULT_NAME" || echo "  Skipped: $KEY_VAULT_NAME (not found)"
+$AZ keyvault purge \
+	--name "$KEY_VAULT_NAME" \
+	--only-show-errors 2>/dev/null && echo "  Purged: $KEY_VAULT_NAME" || true
+echo ""
+
+# 4. Delete Storage Account
+echo "[4/5] Deleting Storage Account [$STORAGE_ACCOUNT_NAME]..."
+$AZ storage account delete \
+	--name "$STORAGE_ACCOUNT_NAME" \
+	--resource-group "$RESOURCE_GROUP_NAME" \
+	--yes \
+	--only-show-errors 2>/dev/null && echo "  Deleted: $STORAGE_ACCOUNT_NAME" || echo "  Skipped: $STORAGE_ACCOUNT_NAME (not found)"
+echo ""
+
+# 5. Delete Resource Group
+echo "[5/5] Deleting Resource Group [$RESOURCE_GROUP_NAME]..."
+$AZ group delete \
+	--name "$RESOURCE_GROUP_NAME" \
+	--yes \
+	--only-show-errors 2>/dev/null && echo "  Deleted: $RESOURCE_GROUP_NAME" || echo "  Skipped: $RESOURCE_GROUP_NAME (not found)"
+echo ""
+
+echo "============================================================"
+echo "Cleanup complete."
+echo "============================================================"

…acation-planner/python/scripts/deploy.sh …ci-blob-storage/python/scripts/deploy.shsamples/aci-vacation-planner/python/scripts/deploy.sh renamed to samples/aci-blob-storage/python/scripts/deploy.sh samples/aci-vacation-planner/python/scripts/deploy.sh renamed to samples/aci-blob-storage/python/scripts/deploy.sh

@@ -29,11 +29,9 @@ CURRENT_DIR="$(cd "$(dirname "$0")" && pwd)"
 cd "$CURRENT_DIR" || exit
 
 # Choose the appropriate CLI based on the environment
-# When start_interception is active, 'az' already routes to LocalStack,
-# so we use 'az' directly to avoid double-wrapping.
 if [[ $ENVIRONMENT == "LocalStack" ]]; then
-	echo "Using az with LocalStack interception active."
-	AZ="az"
+	echo "Using azlocal for LocalStack emulator environment."
+	AZ="azlocal"
 else
 	echo "Using standard az for AzureCloud environment."
 	AZ="az"
@@ -120,17 +118,21 @@ else
 	exit 1
 fi
 
-# For LocalStack, convert https:// to http:// to avoid SSL certificate issues
-# with self-signed certs on data-plane endpoints
-if [[ $ENVIRONMENT == "LocalStack" ]]; then
-	BLOB_ENDPOINT="${BLOB_ENDPOINT/https:\/\//http:\/\/}"
-	echo "Converted blob endpoint to HTTP: $BLOB_ENDPOINT"
-fi
-
-# Build connection string
+# Build the connection string using the original blob endpoint (resolvable from the host).
 STORAGE_CONN_STRING="DefaultEndpointsProtocol=http;AccountName=${STORAGE_ACCOUNT_NAME};AccountKey=${STORAGE_ACCOUNT_KEY};BlobEndpoint=${BLOB_ENDPOINT}"
 echo "Connection string built successfully."
 
+# For LocalStack, the ACI emulator configures containers with LocalStack's DNS
+# server, so *.localhost.localstack.cloud resolves to the LocalStack container.
+# We only need to downgrade HTTPS to HTTP (containers don't have the LS TLS cert).
+if [[ $ENVIRONMENT == "LocalStack" ]]; then
+	CONTAINER_BLOB_ENDPOINT="${BLOB_ENDPOINT/https:\/\//http:\/\/}"
+	CONTAINER_CONN_STRING="DefaultEndpointsProtocol=http;AccountName=${STORAGE_ACCOUNT_NAME};AccountKey=${STORAGE_ACCOUNT_KEY};BlobEndpoint=${CONTAINER_BLOB_ENDPOINT}"
+	echo "Container blob endpoint: $CONTAINER_BLOB_ENDPOINT"
+else
+	CONTAINER_CONN_STRING="$STORAGE_CONN_STRING"
+fi
+
 # =============================================================================
 # Step 5: Create Blob Container
 # =============================================================================
@@ -159,17 +161,20 @@ echo ""
 echo "============================================================"
 echo "Step 6: Creating Key Vault [$KEY_VAULT_NAME]..."
 echo "============================================================"
-$AZ keyvault create \
+KV_OUTPUT=$($AZ keyvault create \
 	--name "$KEY_VAULT_NAME" \
 	--resource-group "$RESOURCE_GROUP_NAME" \
 	--location "$LOCATION" \
 	--enable-rbac-authorization true \
-	--only-show-errors 1>/dev/null
+	--only-show-errors 2>&1)
 
 if [ $? -eq 0 ]; then
 	echo "Key Vault [$KEY_VAULT_NAME] created successfully."
+elif echo "$KV_OUTPUT" | grep -qi "already exists"; then
+	echo "Key Vault [$KEY_VAULT_NAME] already exists, reusing."
 else
 	echo "Failed to create Key Vault [$KEY_VAULT_NAME]."
+	echo "  $KV_OUTPUT"
 	exit 1
 fi
 
@@ -180,10 +185,11 @@ echo ""
 echo "============================================================"
 echo "Step 7: Storing storage connection string in Key Vault..."
 echo "============================================================"
+# Store the container-friendly connection string so ACI can reach LocalStack
 $AZ keyvault secret set \
 	--vault-name "$KEY_VAULT_NAME" \
 	--name "storage-conn" \
-	--value "$STORAGE_CONN_STRING" \
+	--value "$CONTAINER_CONN_STRING" \
 	--only-show-errors 1>/dev/null
 
 if [ $? -eq 0 ]; then
@@ -339,6 +345,7 @@ if [ "$USE_ACR_IMAGE" = true ]; then
 			BLOB_CONTAINER_NAME="$BLOB_CONTAINER_NAME" \
 			LOGIN_NAME="$LOGIN_NAME" \
 		--ip-address Public \
+		--dns-name-label "$ACI_GROUP_NAME" \
 		--ports 80 \
 		--cpu 1 --memory 1 \
 		--os-type Linux \
@@ -355,6 +362,7 @@ else
 			BLOB_CONTAINER_NAME="$BLOB_CONTAINER_NAME" \
 			LOGIN_NAME="$LOGIN_NAME" \
 		--ip-address Public \
+		--dns-name-label "$ACI_GROUP_NAME" \
 		--ports 80 \
 		--cpu 1 --memory 1 \
 		--os-type Linux \
@@ -384,6 +392,7 @@ echo "Key Vault:         $KEY_VAULT_NAME"
 echo "ACR:               $ACR_NAME ($LOGIN_SERVER)"
 echo "ACI Container:     $ACI_GROUP_NAME"
 echo "Image:             $FULL_IMAGE"
+echo "FQDN:              ${ACI_GROUP_NAME}.${LOCATION}.azurecontainer.io"
 echo ""
 echo "Run 'bash scripts/validate.sh' to verify the deployment."
 echo "============================================================"