All the things Azure Container Apps Thorsten Hans @ThorstenHans Consultant Serverless Kubernetes in Azure

Consultant @ Thinktecture #Azure #Kubernetes #CloudNative #Terraform [email protected] thinktecture.com thorsten-hans.com @ThorstenHans Thorsten Hans

What we will cover today o Introduction o Introducing Azure Container Apps o Running containerized workloads in Azure Container Apps o Provisioning, deployment, and monitoring o Conclusion Talking Points

Do we really need another service to run containers in Azure? Yes, we do!

Why do we need another service for containers? • There is no real serverless pricing for AKS (although we have cluster autoscaling and other features) • Kubernetes itself could become complex • It’s hard to find, and hire people that really know Kubernetes • Sometimes, Kubernetes is an overkill Introduction

The new Azure landscape for containers Introduction Azure Kubernetes Service Azure WebApps for Containers Azure Container Instances Azure Container Apps P

What we will cover today ü Introduction o Introducing Azure Container Apps o Running containerized workloads in Azure Container Apps o Provisioning, deployment, and monitoring o Conclusion Talking Points

What is Azure Container Apps? • Serverless platform to run containerized applications • Customers will be charged on actual compute allocation (consumption) • Built on top of powerful open-source projects • Kubernetes • Envoy • Dapr • KEDA • Hides most of the complexicity from the customer Introducing Azure Container Apps

What is Azure Container Apps? • In Azure Container Apps we can run different shapes of applications • Microservices • Background processing • Event-driven applications Introducing Azure Container Apps

Building Blocks Introducing Azure Container Apps https://docs.microsoft.com/en-us/azure/container-apps/environment

Ingress (Envoy) capabilities • Envoy (https://www.envoyproxy.io/) acts as Ingress controller for your workloads • Apps could be exposed to the internet • We can implement traffic split (see SMI Spec) • (https://github.com/servicemeshinterface/smi-spec/blob/main/apis/traffic-split/v1alpha4/traffic-split.md) • Apps exposed internally and hosted in the same environment, can interact with each other • In this case, think of regular fully qualified Kubernetes service ( myservice.mynamespace.svc.cluster.local) Introducing Azure Container Apps

Microservice capabilities • Dapr (https://dapr.io) is baked into Azure Container Apps • Dapr makes building Microservices easier • Dapr sidecars will be spinned up automatically • Kubernetes sidecar-pattern • Dapr is 100% optional! You don’t have to use Dapr if you don’t want to Introducing Azure Container Apps

Scaling (KEDA) capabilities • Azure Container Apps is built with scalability in mind • KEDA (https://keda.sh) allows you to scale certain workloads based on a different scalers • A scaler describes scaling behavior based on external (or internal) signals e.g.: • Azure Service Bus Queue • Redis • Apache Kafka • Utilization e.g., CPU or memory • Scaling configuration is part of the overall deployment manifest Introducing Azure Container Apps

What we will cover today ü Introduction ü Introducing Azure Container Apps o Running containerized workloads in Azure Container Apps o Provisioning, deployment, and monitoring o Conclusion Talking Points

Running workloads in Azure Container Apps - Hello Azure Container Apps Demo

What we will cover today ü Introduction ü Introducing Azure Container Apps ü Running containerized workloads in Azure Container Apps o Provisioning, deployment, and monitoring o Conclusion Talking Points

How to provision Azure Container Apps • Azure Container Apps comes as a set of regular Azure Resource Manager entities • Project Bicep is the best approach to provision Azure Container Apps • Terraform does not support Azure Container Apps yet • tracked at: https://github.com/hashicorp/terraform-provider-azurerm/issues/14122 • Azure CLI integration is available via preview extension Provisioning, deployment, and monitoring

How to deploy workloads to Azure Container Apps • Workloads must be persisted in some sort of container registry (e.g., ACR) • If authentication is required, credentials must be part of the deployment • No MSI support (yet) • Again, Bicep is currently the preferred way to go Provisioning, deployment, and monitoring

How to monitor workloads in Azure Container Apps • Azure Container Apps comes with Azure Monitor integration • Container logs will be streamed to Log Analytics Workspace (Azure Monitor) • Logging agents materialize messages written to STDOUT and STDERR with contextual information e.g.: • Container App Name • Revision Name • Environment Name • Container Image • … Provisioning, deployment, and monitoring

Provisioning and Deployment - Deploying single-container app in Azure Container Apps - Running a multi-container app in Azure Container Apps - Investigating with Azure Monitor Demo

What we will cover today ü Introduction ü Introducing Azure Container Apps ü Running containerized workloads in Azure Container Apps ü Provisioning, deployment, and monitoring o Conclusion Talking Points P

o Frictionless runtime for multi-container apps (essential parts of Kubernetes) o Probably powerful enough for many organizations o Overall integration with Azure Service will grow during preview o Azure Container Apps is a nice addition to the service landscape o But it is not replacement for Azure Kubernetes Service or Web Apps for Containers Conclusion

o We are early in public preview o There is no SLA on the service and its availability o There are still important things missing (e.g. access to the underlying private network infrastructure) o Although Azure Container Apps can deal with sensitive values (by leveraging underlying Kubernetes Secrets) native integration with Azure Key Vault (Secret Store CSI Driver) is not there yet o Track ACA issues and roadmap at https://github.com/microsoft/azure-container-apps Conclusion

Any further questions?!?! Thorsten Hans @ThorstenHans Consultant Don’t be afraid. Shoot your question now in person, or later at [email protected] or @ThorstenHans thns.io/slides