teamcity to containerize and deploy to azure kubernetes (Part I)

Folks, I had been thinking for a while to implement a full CI/CD cycle for docker containerization of a legacy .NET framework 3.5 application and deploy it to Azure Kubernetes Cluster. While in one of my post I have used Azure DevOps project to implement the same scenario, I did encountered several issues with that approach. First of all, you have a limitation of 1800 minutes of build by any of the hosted agents. Secondly, each build will trigger the rigorous process of spinning up the hosted agent, installing Framework SDK and prerequisites for a successful build. For any .NET framework application, it is advisable to use VS 2017 Hosted agent since it will have VS 2017, Docker, Azure CLI, etc., installed as part of the configuration. This takes a significant amount of time for a single build to happen. I am sure there is a resolution to get away from this issue, but I couldn’t think much about it. Then I thought to have my own build agent or provision and use Azure TeamCity for CI/CD operations. But the challenge over here is that, Azure TeamCity is a Linux based system and running MSBuild commands or NUGET restore are some of the painful tasks. Considering all these scenarios, I thought why not provision a VS 2017 Windows 2016 VM and build my own build agent over there using TeamCity.

Having said that, I am trying to implement the approach of having a single VM that will have VS 2017, Team City Server and Client, Docker Community Edition, Azure PowerShell, Git Windows, Azure CLI, etc., to name a few, which will ideally provide an automated process to build docker images, push to Azure Container Registry, pull from Container Registry and deploy the container to Azure Kubernetes Cluster.

I am going to divide this post into two –

Create CI build for building docker images and publishing to Azure Container Registry through Team City

Create CD process to deploy container images from Azure Container Registry to Azure Kubernetes Service through Team City

Let’s go ahead and start provisioning a VM.


Provision and configure a Windows 2016 VM in cloud

Considering the approach, I find it much evitable to provision the VM image of Visual Studio Community 2017 on Windows Server 2016 (x64) in azure. Go to azure marketplace and create the VM.




I am going for D2 v3 VM Size with 8 GB RAM, 50 GB Temporary Storage.


We need to specify the inbound port rules so that the machine is accessible from internet.


A standard SDD looks good to me for Disks configuration.


Configure the networking interface with VNET, Subnet, Public IP


Keep rest of the settings and go ahead to create the VM. Once the VM has been provisioned successfully, go ahead and RDP the system.


Install Some Prerequisites in VM before we start configuring CI/CD processes.


Download TeamCity from the following link During the installation process of TeamCity, I am going have both the Build Agent and Server installed.


Once you have TeamCity installed, we need to install Docker Community Edition in the server.

Docker Community Edition

Download Docker Community Edition from the following link


While installing docker, remember to select Windows Container instead of Linux Container. Once docker is installed, we need Hyper-V to be enabled for docker to work. You will be automatically prompted for enabling Hyper-V post which the server will get restarted. Select Yes to get it done. You also need to create a docker hub account which will get associated to your docker.


Azure PowerShell

Install Azure PowerShell by running the below command in Windows PowerShell elevated to Administrator.


Install-Module -Name AzureRM –AllowClobber



Azure CLI

Download and Install Azure CLI from the following link



Chocolatey is a software management automation which helps to install various packages. Install Chocolatey using the following commands in PowerShell.


Run Get-ExecutionPolicy. If it returns restricted, then run the command Set-ExecutionPolicy AllSigned.

Run the following command to install Chocolatey


Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString(‘’))

With all these packages installed, we should be good for now.


Configure inbound port rule to Allow connection to TeamCity

In order to connect to TeamCity from your browser without login to VM, you need to add an inbound rule in order to accept the connections. Open Networking section of VM and add inbound rule with any port number (in my case it is 8001) which has been configured during TeamCity installation process. Allow for all actions.



Once done, you can browse TeamCity using your DNS name followed by port number, like You should be able to view TeamCity login page.


Once you log into TeamCity, verify your agent is connected.



manually build docker image and Push to ACR

Before we go ahead to setup the CI/CD process for building docker image using Team City, let us first try to manually build the docker image and push to ACR. Open Windows PowerShell and run the following commands in sequential order.

First, ensure you have the Dockerfile in the root repository. I already have the Dockerfile in my repo which will be used to build the image.



1. Run the following command in PowerShell to build the image –


docker build

2. Run the below command to review the image created


docker images

3. Run the below command to to tag the Image Id with a proper name. The name should be follow the naming convention as {Container registry host}/{application name}, since we are working with ACR


docker tag  {image ID} {azure container registry host/application name} 

e.g. fb8f4791d1f2

4. Log in to Azure CLI


az login

5. Authorize Docker to access ACR using ACR user name and password using the below command


docker login {ACR host} –u {ACR user name} –p {ACR password}

6. Push the tagged image to the registry


docker push {image name}

That’s it. You should be able to view the image pushed to ACR repository.


Setting Up a CI/CD process for building Docker Images using Team City

This should be our first phase to build a Continuous Integration and Deployment process to build docker images from our source repository and deploy the images to Azure Container Registry.

Let us start by creating a project in TeamCity installed in our VM. This need selection of your source control repository URL which in my case is GitHub. The username and password is required to authenticate Team City communicate with GitHub.





Once the project is created, you need to configure the build steps for the whole CI/CD process. I would prefer to configure the build steps manually instead of Auto-detection since it helps to generalize and provide the essentials in a better way. Hence I have selected the option for configuring build steps manually.



Before we start configuring our build steps, we need to be clear with our build stages. Let us highlight them in orderly fashion.

Build docker images for the application using Dockerfile and docker engine installed in the system

Push Docker image created to Azure Container Registry

Authorize Azure Kubernetes Service to access docker images from Azure Container Registry

Pull image container from Container Registry and deploy it as a pod in Azure Kubernetes Service

Build Step #1: Add a build step to build docker image using the docker file we have in our solution directory. The docker command should be build. The Path to file should be the Dockerfile path. If your Dockerfile exist in the root directory of your solution file, then you don’t need to give the absolute path. Your Context folder would be the directory name where your solution resides. We need to keep the Image Platform as Windows since we need MSBuild to build and compile our project. The Image Name:tag should be represented as {container registry host}/{context folder name} which in my case is



Build Step #2: Add a build step to authorize docker to connect to azure container registry. I referred the build step name as ACR Login. The build step will run a PowerShell script and hence while creating the build step I have selected the Runner Type as PowerShell. The Platform where the script will run will be x64 in my case. The Script source should contain the PowerShell code which will authorize Docker to login container registry with container registry username and password, represented as

Docker Command

docker login {container registry name} –u {container registry user name} –p {container registry password}

For e.g.: docker login -u dockerinstance -p MCl5g9Wu=x8JAF/OTWikrmTZydTTAPy7 






Build Step #3: This step will be responsible to push the docker image created after successful ACR authentication to Container registry. Here the Docker command will be push followed by Image name or tag that we have created.

In PowerShell the script looks like this docker push



Once the build steps are configured, Run the build and verify whether the image has been created successfully. However, you might see that there is no compatible agent to run the build.



In order to resolve this issue, you need to do following steps.

Step #1:

First one is to install Azure RM Cloud support plugins for Team City. In order to do that, download the latest version of the plugin from this URL (



It will be downloaded as a zipped folder which will have the following contents. You don’t need to unzip the folder.



Go to Team City and open Administration section.



Select Plugins List from right menu under Server Administration.



Browse the folder where you have downloaded the zipped file of the plugin and upload it.



Once uploaded, your plugin should be available for TeamCity to connect to Azure RM.



Step #2:

Go to Project Settings and click Edit for the Build Step where you are going build the image.



Then update the Image Platform to Any.



Step #3:

Next, ensure your docker desktop is running. Even if you have started the VM from portal, your docker desktop might not be running. So I would suggest to log into the VM and then check that it’s status.


Even when you review the settings of docker desktop, you will find that you need to log in to start docker desktop



That’s it. You should be having a compatible agent now. Run the build. You should be able to view a successful build.



When you verify the ACR repository in Azure Portal, you should be having the image created and stored over there.



We are good with our deployment of images to ACR. In our next post we will extend the Team City build steps to deploy container to AKS. Please follow the post here in Part II (

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.