Azure Web App for
Containers
Azure Service Fabric
(Mesh)
Azure Batch
Azure Red HatOpenShift
Azure KubernetesService (AKS)
Azure Container Instances
(ACI)
Azure Container Registry
(ACR)
Run containers on Azure
https://insights.stackoverflow.com/survey/20192019Developer
SurveyNearly 90.000 developers
https://insights.stackoverflow.com/survey/2019Nearly 90.000 developers
2019Developer
Survey
https://insights.stackoverflow.com/survey/2019Nearly 90.000 developers
2019Developer
Survey
Azure Web App for
Containers
Azure Service Fabric
(Mesh)
Azure Batch
Azure Red HatOpenShift
Azure KubernetesService (AKS)
Azure Container Instances
(ACI)
Azure Container Registry
(ACR)
Run containers on Azure
Azure Web App for
Containers
Azure Service Fabric
(Mesh)
Azure Batch
Azure Red HatOpenShift
Azure KubernetesService (AKS)
Azure Container Instances
(ACI)
Azure Container Registry
(ACR)
Run containers on Azure
Think ahead. Act now.
Azure Container Registry
Private Container Image registry
Based on Open Standard
Helm Repo
Geo replicationACR Tasks
Azure Web App for
Containers
Azure Service Fabric
(Mesh)
Azure Batch
Azure Red HatOpenShift
Azure KubernetesService (AKS)
Azure Container Instances
(ACI)
Azure Container Registry
(ACR)
Run containers on Azure
Azure Web App for
Containers
Azure Service Fabric
(Mesh)
Azure Batch
Azure Red HatOpenShift
Azure KubernetesService (AKS)
Azure Container Instances
(ACI)
Azure Container Registry
(ACR)
Run containers on Azure
Azure Web App for
Containers
Azure Service Fabric
(Mesh)
Azure Batch
Azure Red HatOpenShift
Azure KubernetesService (AKS)
Azure Container Registry
(ACR)
Run containers on Azure Azure Container
Instances (ACI)
Azure Container Instances (ACI)
Pay for use
Serverless containers
Public or Private accessible
For short lived workloads like Bursts
Scheduled work
1 hour 1 month
From € 1.05 for 1 CPU with 1 GB for 24 hoursTo € 5.22 for 4 CPU with 14 GB for 24 hours
Project Rome
Backend process
No UI
Every hour, 5 minutes
Backend process & Front end
With public available UI
Run Continuously
Over SSL with authentication
Regularly new releases
No downtime
Auto scaling
v2: v1:
Azure Container Instances (ACI)
Pay for use
Serverless containers
Public or Private accessible
1 container instance only
No High Availability
No zero-downtime deployment
No scale out
Limited scale up
No autoscaling
No out of the box SSL support
No cache for pulled containers
Pay extra for Windows containersFor short lived workloads like Bursts
Scheduled work
Think ahead. Act now.
Azure Service Fabric
(Mesh)
Azure Batch
Azure Red HatOpenShift
Azure KubernetesService (AKS)
Azure Container Registry
(ACR)
Azure Container Instances
(ACI)
Run containers on Azure
Azure Web App for
Containers
WebApp for Container
Pay for Hostingplan as long as it exists
Scale up
Scale out
Auto scaling
Zero-downtime deployment
SSL by default
Authentication
Identity
Custom domains
Hostingplan
From € 3.59 for 1 CPU with 3.5 GB for 24 hoursTo € 14.37 for 4 CPU with 14 GB for 24 hours
WebApp for Container – Zero-downtime deployment
Deployment slots
webapp
staging
Release Pipeline
production
1. deploy
3. swap
2. ready?
Container
Registry
https://myapp.azurewebsites.net
https://myapp-staging.azurewebsites.net
WebApp for Container: in control vs managed
Yourcontainer
Traffic
webapp
az resource update --name web --resource-group $RESOURCEGROUP --namespace Microsoft.Web --resource-type config --parent sites/$WEBAPP_NAME --set properties.cors.allowedOrigins=null --api-version 2015-06-01
Before
After
"cors": {"allowedOrigins": null,"supportCredentials": false
},
"cors": null,
Intermediate container
• CORS• EasyAuth
.NET Core applicationKestrel
→Max 25 MB upload
Webapp for Container: in control vs managed
Proactive Auto HealRestart when:
80% requests > 200 seconds
90% memory
WEBSITE_PROACTIVE_AUTOHEAL_ENABLED=false
Think ahead. Act now.
Project Rome
Level 7 Firewall for all traffic
Lots of containers
Better density of our resources
Make use of some CNCF projects
- Mesh: Istio
- Logging: Prometheus, Jaeger
- Service discovery: CoreDNS
- Messaging: NATS
v3: v2:
Backend process & Front end
With public available UI
Run Continuously
Over SSL with authentication
Regularly new releases
No downtime
Auto scaling
Firewall
Application Gateway & Firewall
vnet
App ServiceEnvironment
CertificateDevOps Agent
Azure ContainerInstances
traffic
AKS
https://myapp.azurewebsites.net
WebApp for Container
Pay for Hostingplan as long as it exists
Scale up
Scale out
Auto scaling
Zero downtime deployment
SSL by default
Authentication
Identity
Custom domains
Scaling out is slow
No optimal use of resources
No firewall possibility (yet)
Limited logging possibilities
No health check functionality
Only support for port 80 & 443
Not suitable for lots of containers
Not portable
Cannot debug
Azure Service Fabric
(Mesh)
Azure Batch
Azure Red HatOpenShift
Azure Container Registry
(ACR)
Azure Container Instances
(ACI)
Azure Web App for
Containers
Run containers on Azure
Azure KubernetesService (AKS)
Kubernetes
De facto standard container orchestrator
Started by Google
Since v1 Open Source by
Large, rapidly growing ecosystem
Declarative configuration
Azure Kubernetes Service (AKS)Running containers at scale
Scaling up & scaling out
Autoscaling
Zero downtime deployment
High Availability
Public & Private endpoints
Health management
Enormous ecosystem
Portable
SSL Support*
Identity management*
Keyvault integration*
Azure Kubernetes Service (AKS)
master master master worker worker worker
AKS
100% managed by Microsoft IaaS managed by Microsoft
€ 0 € … (VM pricing)
Public & Private Endpoints - Services
Service(LoadBalancer)
Service(LoadBalancer)
Service(LoadBalancer)
Service(LoadBalancer)
IP-Address IP-Address IP-Address IP-Address
Public & Private Endpoints - Ingress
Service(ClusterIP)
Service(ClusterIP)
Service(ClusterIP)
Service(ClusterIP)
Service(Loadbalancer)
Ingress controller
IP-Address
IngressOurExternalAPI.com
IngressMyproject.com
IngressAdminSite.com
IngressMyproject.com/apis
SSL
Service(ClusterIP)
Service(ClusterIP)
Service(ClusterIP)
Service(ClusterIP)
Service(Loadbalancer)
Ingress controller
IP-Address
IngressOurExternalAPI.com
IngressMyproject.com
IngressAdminSite.com
IngressMyproject.com/apis
Works on ingress
Auto request certificate
Auto renewal
https://github.com/jetstack/cert-managerDNS Zone
Azure Kubernetes Service (AKS) - Scaling
worker worker worker worker
replicas
replicas
4
5
Pod Autoscaler 4-20> 60% CPU
Cluster Autoscaler
Kubernetes - Health monitoring
Every n seconds check:
Restarts container
During rolling update deployment:
Stop deployment
During container startup
No traffic
Default endpoint
Health endpoint (/health)
Health endpoints returns != 200?
AKS
master master master worker worker worker
AKS
100% managed by Microsoft IaaS managed by Microsoft
AKS as the Silver bullet
Kubernetes created an ecosystem of expandable standards but this still needs configuration.
For example:
• Deployments
• Network Policies
• Role Based Access Controls
• Pod Security Policies
• Pod Priority and more...
Common integration points can be different across cloud providers• Authentication • Logging• Metrics• Storage
Azure Kubernetes Service (AKS)Running containers at scale
Scaling up & scaling out
Autoscaling
Zero downtime deployment
High Availability
Public & Private endpoints
Health management
Enormous ecosystem
Portable
SSL Support*
Identity management*
Keyvault integration*
Authentication
A lot of management for a couple of containers
Steep learning curve
Not all Azure functionality is mature (yet)• Scale sets
• Network policies
• Multiple Node pools
No turnkey configuration
Azure Service Fabric
(Mesh)
Azure Batch Azure KubernetesService (AKS)
Azure Container Registry
(ACR)
Azure Container Instances
(ACI)
Azure Web App for
Containers
Run containers on Azure
Azure Red HatOpenShift
Azure Red Hat OpenShift
Based on, and extends Kubernetes
No virtual machine operation or patching
Enterprise minded
Support from RedHat
Build in:
Small cluster - 1st year: 4.502,40
OpenShift Kubernetes
Container Registry Docker, Azure Container Registry
Monitoring Prometheus
Log aggregator EFK stack
Certificate management cert-manager
CI/CD Jenkins/Azure DevOps
Authentication dex
Azure Service Fabric
(Mesh)
Azure KubernetesService (AKS)
Azure Container Registry
(ACR)
Azure Container Instances
(ACI)
Azure Web App for
Containers
Azure Red HatOpenShift
Run containers on Azure
Azure Batch
Azure Batch
For large-scale parallel and high-performance computing (HPC) batch jobs
Native
imperative
Batch Shipyard
declarative
yaml
Batch Shipyard
Task Task Task
Compute node
Compute node
Compute node
Azure Batch
Job
Pool
Azure Storage
https://github.com/Azure/batch-shipyard
Azure Batch Azure KubernetesService (AKS)
Azure Container Registry
(ACR)
Azure Container Instances
(ACI)
Azure Web App for
Containers
Azure Red HatOpenShift
Run containers on Azure
Azure Service Fabric
(Mesh)
Service Fabric
Application platform providing rich programming models
- Reliable services
- Reliable actors
- Reliable collections
Portable
Run containers
Service Fabric Mesh
Serverless
Seamless integration with Azure
Deploy & scale in seconds
High availability
Per second billing
Not Portable
Container only
(Preview v2 soon)
Responsibility
You
Azure
Application Deployment
HardwareOS PatchingRuntime upgradesMicro-billingCapacity planningNetwork & Storage
Azure Web App for
Containers
Azure Service Fabric
(Mesh)
Azure Batch
Azure Red HatOpenShift
Azure KubernetesService (AKS)
Azure Container Instances
(ACI)
Azure Container Registry
(ACR)
Run containers on Azure
Think ahead. Act now.
Please review my session
in the Yellenge App!
Pascal Naber
Coding Azure ArchitectXpirit Netherlands@pascalnaber
http://pascalnaber.wordpress.com
https://github.com/pascalnaber/expertslivenl19
Top Related