Azure Containers and Serverless Services: Making the Right Decision

Author: Yu Li

The Microsoft Azure ecosystem offers a very wide range of services related to containers and serverless apps. The diversity of the public cloud offering brings flexibility, efficiency and innovation. But it also poses challenges for many cloud architects and public cloud managers when it comes to architectural decisions. It is not unusual for me to have the feeling that I can no longer see the forest for the trees. A decision tree can provide clarity and an overview.

The crucial question: Which service is suitable when?

Which service makes sense when depends on the deployment scenario and the core function. To provide a clear overview, I show six relevant Microsoft Azure services in the context of containers and serverless, their core functions and the deployment scenarios in Figure 1.

Six Azure Container & Serverless Services Briefly Explained

The selected six Azure services cover one or more of the following core functions:

• Container Service includes the functions to run a container, from networking, security, scaling to deployment. 
• Orchestration includes the management functions of multiple containers, such as deployment and rollback of containers, scale-out and custom scaling, allocation of host resources to containers, load balancing and monitoring. 
• Serverless is a cloud-native capability that enables developers to build and run applications without having to manage servers.
• Service Mesh extends cloud-native applications with observability, security and reliability transparently at the infrastructure layer. 
• Hybrid cloud unifies management of the public cloud and private cloud.

My eight application recommendations on services

On the services and under the different scenarios, I can make the following recommendations on when to apply them: 

1. Azure Container Apps was launched by Microsoft in November 2021 and it strengthens the container and serverless portfolio, which consists of well-known services such as Azure Kubernetes service. Azure Container Apps is a managed Serverless Kubernetes solution from Microsoft that provides the complete package for implementing microservices architectures. Azure Container Apps integrates many popular open source features such as KEDA, DAPR and Envoy to address challenges such as event-based scaling, security, observability and networking in microservices architecture. KEDA enables fine-grained automatic scaling for event-based Kubernetes workloads. DAPR abstracts common tasks in microservices such as state management, binding or service invocation into a separate layer, which in turn massively simplifies design, security and observability. 
   Recommendation 1 → Use Azure Container Apps for event-based applications and complex microservice applications to accelerate development and improve scalability. Weigh the opportunities and risks when modernizing or building a new application based on Azure Container Apps. 
   Recommendation 2 → Deploy Azure Container Apps to build the application hosting platform if you do not have a large customization requirement for Kubernetes. Run proof-of-concepts to verify feasibility if you have custom needs for Kubernetes.
    
2. Azure App Service for Containers runs containerized apps in a fully managed way and offers features such as AuthN/AuthZ and CI/CD. It provides integration with Azure Active Directory, for example, or Facebook and Google for authentication and authorization out-of-the-box. A so-called "Easy-Auth" side-car container [1] is deployed alongside the application container to handle AuthN/AuthZ logic queries. Azure App Service for Containers also provides out-of-the-box integration to Azure Container Registry when deploying, as well as various code repo providers such as Github, and therefore takes either container images or source code with a Dockerfile as input for deployment. Despite many advantages, this platform reaches its limits when it comes to running and managing applications that consist of multiple microservices. 
   Recommendation 3 → Use Azure App Service for Containers for simple applications with few microservices.
   Recommendation 4 → Deploy Azure App Service for Container to start the project when business requirements and technical complexity are unclear.
    
3. Azure Kubernetes Service is Microsoft's managed Kubernetes service and differs from self-managed Kubernetes in terms of vertical integration (e.g., installation and some of the operational tasks are handled by Azure Kubernetes Service) and integration with the Azure ecosystem. Azure Kubernetes Service is suitable for complex applications based on a microservice architecture. The core function of AKS is container orchestration, which covers many aspects from deployment to scaling to monitoring. During deployment, Kubernetes ensures that, for example, all container services of the application are deployed simultaneously with a new version. In the event of a failure, these can then be rolled back to the last version in a synchronized manner. AKS further also ensures that only individual microservices, rather than the entire application (all microservices), scale during peak loads based on metrics such as CPU, memory, and queue fullness.
   Recommendation 5 → Deploy Azure Kubernetes service for complex applications. Complex in this case means that the applications consist of multiple microservices and are often developed by different teams.

4. Azure Red Hat Openshift. Openshift is one of the most popular Kubernetes variants and is used by many companies for their private cloud. For some time now, Openshift has also been available on Azure in a managed version. Openshift offers out-of-the-box many enterprise-friendly features such as monitoring, logging, CI/CD that do not come with Kubernetes. With Azure Kubernetes Service, these have to be covered, for example, with services such as Azure DevOps (CI/CD) or Azure Monitor. However, Openshift also charges a corresponding price for this. In addition to the infrastructure costs (VMs), license costs (e.g. $124 for a D4s v3 VM) must also be paid. In comparison, AKS does not incur any license costs in addition to the infrastructure costs (VMs) [2][3]. Moreover, AKS is already fully integrated into the Azure ecosystem, such as Azure DevOps or Azure Monitor Security Center. In this regard, an informed consideration is essential.
   Recommendation 6 → Consider Azure Red Hat Openshift if you are already using Openshift for private cloud and on-prem and have a hybrid cloud strategy.

5. Azure Functions is the serverless offering from Microsoft Azure. When using Azure Functions, Microsoft Azure handles the operation and scaling of code logic, allowing the DevOps team to focus on functional requirements. Azure Function provides built-in integration with Application Insights for logging and monitoring. For CI/CD, many options are supported, such as Azure Pipelines or GitHub Actions. With numerous triggers and bindings, you can integrate other services like Azure Storage Account with little effort. Depending on your needs, Azure Functions scale automatically and scaling is completely handled by cloud providers. However, there are also disadvantages such as vendor lock-in or latency when using Serverless. I have reflected more details on advantages and disadvantages of Serverless in this deep dive blog.[4] 
   Recommendation 7 → Serverless is not suitable for every scenario. Deploy Azure Functions for the appropriate scenario like event-based architecture.

6. Azure Container Instance + Virtual Nodes. The combination enables AKS to scale in seconds and with ease. Azure Container Instances (ACI) are managed services for running short-lived container instances. For example, ACI caches the base operating system image to accelerate the deployment of short-lived container workloads. ACI enables faster scaling compared to Azure App Service for Containers or VMs. Azure Virtual Nodes - as a super complement to Azure Container Instance - integrates AKS with Azure Container Instance at the network level. Thus, the Kubernetes API is extended to support Azure Container Instance. The combination of Azure Container Instance and Virtual Nodes allows faster response to peak loads because no VMs need to be created to scale up. This combination is considered Microsoft's approach to evolve AKS to Serverless Kubernetes.
   Recommendation 8 → Consider combining Azure Container Service and Virtual Nodes for applications with many peak loads vs. occasional calls. 

Make decisions with a decision tree

To help make architectural decisions, I've summarized the six Azure Container and Serverless Services and their core tasks in a decision tree below. This provides a clear overview and I can find the appropriate Azure Container & Serverless Apps service depending on the situation.

Conclusion

Azure's wide range of services related to containers and serverless can make it hard to see the forest for the trees. It's a matter of finding the right service for different scenarios to take advantage of them. This is also critical to project success. Imagine choosing an "aircraft carrier" service for a "rubber boat" problem. This makes the cost and complexity skyrocket, but the return is the same. Get a clear overview of Azure services and visualize their pros and cons. This will help you make the right architectural decision. The decision tree is one way to keep everything in perspective so you can make the right decision for your challenge.

Referenzen

[1] Microsoft App Service Easy Auth. easyauth/index.html at master · cgillum/easyauth (github.com)

[2] Pricing Azure Openshift

[3] Pricing Azure Kubernetes Service

[4] Cloud-Native! Aber wie? Container vs. Serverless

[5] Do we need yet another managed container service