Slide 1

Slide 1 text

Serverless Kubernetes Thorsten Hans @ThorstenHans Consultant With Azure Container Apps

Slide 2

Slide 2 text

Consultant @ Thinktecture #Azure #Kubernetes #CloudNative #Terraform [email protected] thinktecture.com thorsten-hans.com @ThorstenHans Thorsten Hans

Slide 3

Slide 3 text

What we will cover today o Introduction o Introducing Azure Container Apps o Running containerized workloads in Azure Container Apps o Provisioning, deployment, and monitoring o Conclusion Talking Points

Slide 4

Slide 4 text

Do we really need another service to run containers in Azure? Yes, we do!

Slide 5

Slide 5 text

Why do we need another service for containers? • There is no real serverless pricing for AKS (although we have cluster autoscaling and other features) • Kubernetes itself could become complex • It’s hard to find, and hire people that really know Kubernetes • Sometimes, Kubernetes is an overkill Introduction

Slide 6

Slide 6 text

The new Azure landscape for containers Introduction Azure Kubernetes Service Azure WebApps for Containers Azure Container Instances Azure Container Apps P

Slide 7

Slide 7 text

What we will cover today ü Introduction o Introducing Azure Container Apps o Running containerized workloads in Azure Container Apps o Provisioning, deployment, and monitoring o Conclusion Talking Points

Slide 8

Slide 8 text

What is Azure Container Apps? • Serverless platform to run containerized applications • Customers will be charged on actual compute allocation (consumption) • Built on top of powerful open-source projects • Kubernetes • Envoy • Dapr • KEDA • Hides most of the complexicity from the customer Introducing Azure Container Apps

Slide 9

Slide 9 text

What is Azure Container Apps? • In Azure Container Apps we can run different shapes of applications • Microservices • Background processing • Event-driven applications Introducing Azure Container Apps

Slide 10

Slide 10 text

Building Blocks Introducing Azure Container Apps https://docs.microsoft.com/en-us/azure/container-apps/environment

Slide 11

Slide 11 text

Ingress (Envoy) capabilities • Envoy (https://www.envoyproxy.io/) acts as Ingress controller for your workloads • Apps could be exposed to the internet • We can implement traffic split (see SMI Spec) • (https://github.com/servicemeshinterface/smi-spec/blob/main/apis/traffic-split/v1alpha4/traffic-split.md) • Apps exposed internally and hosted in the same environment, can interact with each other • In this case, think of regular fully qualified Kubernetes service Introducing Azure Container Apps

Slide 12

Slide 12 text

Microservice capabilities • Dapr (https://dapr.io) is baked into Azure Container Apps • Dapr makes building Microservices easier • Dapr sidecars will be spinned up automatically • Kubernetes sidecar-pattern • Dapr is 100% optional! You don’t have to use Dapr if you don’t want to Introducing Azure Container Apps

Slide 13

Slide 13 text

Scaling (KEDA) capabilities • Azure Container Apps is built with scalability in mind • KEDA (https://keda.sh) allows you to scale certain workloads based on a different scalers • A scaler describes scaling behavior based on external (or internal) signals e.g.: • Azure Service Bus Queue • Redis • Apache Kafka • Utilization e.g., CPU or memory • Scaling configuration is part of the overall deployment manifest Introducing Azure Container Apps

Slide 14

Slide 14 text

What we will cover today ü Introduction ü Introducing Azure Container Apps o Running containerized workloads in Azure Container Apps o Provisioning, deployment, and monitoring o Conclusion Talking Points

Slide 15

Slide 15 text

Running workloads in Azure Container Apps - Hello Azure Container Apps Demo

Slide 16

Slide 16 text

What we will cover today ü Introduction ü Introducing Azure Container Apps ü Running containerized workloads in Azure Container Apps o Provisioning, deployment, and monitoring o Conclusion Talking Points

Slide 17

Slide 17 text

How to provision Azure Container Apps • Azure Container Apps comes as a set of regular Azure Resource Manager entities • Project Bicep is the best approach to provision Azure Container Apps • Terraform does not support Azure Container Apps yet • tracked at: https://github.com/hashicorp/terraform-provider-azurerm/issues/14122 • Azure CLI integration is available via preview extension Provisioning, deployment, and monitoring

Slide 18

Slide 18 text

How to deploy workloads to Azure Container Apps • Workloads must be persisted in some sort of container registry (e.g., ACR) • If authentication is required, credentials must be part of the deployment • No MSI support (yet) • Again, Bicep is currently the preferred way to go Provisioning, deployment, and monitoring

Slide 19

Slide 19 text

How to monitor workloads in Azure Container Apps • Azure Container Apps comes with Azure Monitor integration • Container logs will be streamed to Log Analytics Workspace (Azure Monitor) • Logging agents materialize messages written to STDOUT and STDERR with contextual information e.g.: • Container App Name • Revision Name • Environment Name • Container Image • … Provisioning, deployment, and monitoring

Slide 20

Slide 20 text

Provisioning and Deployment - Deploying single-container app in Azure Container Apps - Running a multi-container app in Azure Container Apps - Investigating with Azure Monitor Demo

Slide 21

Slide 21 text

What we will cover today ü Introduction ü Introducing Azure Container Apps ü Running containerized workloads in Azure Container Apps ü Provisioning, deployment, and monitoring o Conclusion Talking Points P

Slide 22

Slide 22 text

o Frictionless runtime for multi-container apps (essential parts of Kubernetes) o Probably powerful enough for many organizations o Overall integration with Azure Service will grow during preview o Azure Container Apps is a nice addition to the service landscape o But it is not replacement for Azure Kubernetes Service or Web Apps for Containers Conclusion

Slide 23

Slide 23 text

o We are early in public preview o There is no SLA on the service and its availability o There are still important things missing (e.g. access to the underlying private network infrastructure) o Although Azure Container Apps can deal with sensitive values (by leveraging underlying Kubernetes Secrets) native integration with Azure Key Vault (Secret Store CSI Driver) is not there yet Conclusion

Slide 24

Slide 24 text

Any further questions?!?! Thorsten Hans @ThorstenHans Consultant Don’t be afraid. Shoot your question now in person, or later at [email protected] or @ThorstenHans thns.io/slides