azure_containers_app
Technology
• 2 min

Navigating Azure Container Apps: Insights and Experiences from Real-World Implementation

Philippe Dupart
Philippe Dupart

Posted on 18 April 2024.

Azure Container Apps

Azure container apps is a fully managed Kubernetes service that could be compared to ECS in AWS or Cloud Run in GCP. Compared to AKS, all integrations with Azure are already done for you. The best example is the use of managed identity where here you only need to enable a parameter whereas in AKS it’s complicated and changes every two years.

Deploying an ACA


Similar to many Azure services, Azure Container Apps is divided into two components:

  • Container Apps Environment: This component allows you to specify the infrastructure for deploying your container app. You can describe the Kubernetes cluster configuration here.
  • Container Apps: Here, you define the application you wish to deploy in your infrastructure. The configuration resembles a Kubernetes deployment template. Notably, you can configure it extensively, akin to managing a deployment in Kubernetes.

Here is a link to the terraform documentation of the Azure Container Apps where you can find an example of code to deploy one easily.

ACA Strengths


The service possesses all the advantages of using a managed service, like scaling, redundancy, paying only what you consume, etc.

  • Nearly seamless Implementation of End-to-End Encryption: Azure Container Apps simplifies the implementation of robust encryption mechanisms.
  • Versatile Hosting: It supports various types of applications, including jobs and web apps, and proves user-friendly for those familiar with Kubernetes.
  • Integration with Azure Ecosystem: Azure Container Apps seamlessly integrates with Azure's ecosystem, offering features like managed identity, logging, and DNS resolution.
  • No need to upgrade your Kubernetes version: As the service is fully managed, it’s important to note that you will never need to upgrade your Kubernetes API version or node pool version!

ACA Constraints


Here, I will detail all the issues I had while using Azure Container Apps on my recent projects. They are grouped into two main topics: technical constraints imposed by the Azure service and technical issues due to Terraform or Azure API issues while using the service.

Technical Constraints
  • Network size limitations: It mainly depends on the type of your Azure container app Environment. In the consumption plan, the minimum network size is a /23 as you can see, it’s too much! Fortunately, in our case, our project was not required to be peer to the internal network of the company. Due to all this, I would recommend using the Workload profile.
    Also, read this Azure documentation regarding networking in Azure Container Apps to avoid some errors like overlapping with Kubernetes internal ranges!
  • The absence of a managed identity load in the init container may not seem like a huge problem, but it can be painful if you want to generate credentials to access a service using the IAM role or interact with Azure services in any other way.
  • Inability to rename resources created by default: Azure container Apps like Azure Kubernetes Service will create a default resource group and populate some resources in it. In the consumption plan, you can’t rename any of those resources, so it will not be compliant with your company's internal naming policy!
    In the workload plan, you can rename the resource group and most of the resources; it’s another criterion that will help you choose the workload plan.

Service Still in development:

During our project, we encountered challenges due to the service changing quite a lot, such as:

  • There is difficulty managing identity resolution due to specific identity endpoints in the container app, which were not managed in the old Az CLI/library version.
  • Inability to modify secrets, risking disruption to the Terraform state.
  • There are limitations on using managed identity to access ACR in other subscriptions, which seem only to be an interface issue.
  • Log configuration resets with each container app environment change (recently fixed).

Conclusion

Azure Container Apps presents a robust alternative to ECS and Cloud Run, positioning itself as a leading hosting solution within Azure's ecosystem. While it may currently present challenges, initiating projects with this service could accelerate its refinement and align with Azure's best practices.

Despite the current hurdles, I recommend considering Azure Container Apps for your container deployment needs. I anticipate its evolution and enhancements soon.