Let’s talk about Containers in Azure.
In this article, we’ll cover services related to Containers in Azure. We’ll see what scenarios they each address.
Our map will be the current services as of this writing (early April 2018):
It is important to note that this space moves quite fast and that picture will change.
What are containers?
Before jumping into managed services, let’s give a super brief overview of containers. A good overview of containers is available on Docker’s site.
In a nutshell, Docker Containers offer a way to:
- Package environments / applications (Docker File / Image)
- Share those packages (Docker Registry)
- Run containers in isolation (OS level isolation)
Docker isn’t anything new under the sun. Application Packaging is old news and OS level isolation is common place on Linux. But it brings an Open Source standard. That means a proliferation of Open Source tools.
Docker Containers also hit a sweet spot in terms of architecture compromises. Let’s compare them to Virtual Machines. Docker Containers do not offer as much isolation & security. But they offer agility: lighter image size, shorter deployment time & quicker startup. Let’s compare them to direct install (e.g. deploying a web app on a server). Docker is an heavier weight alternative. But it offers more isolation, security & repeatability. The last point means it get us out of the it works on my laptop syndrome.
For those reasons, Docker Containers are quite popular in the Cloud & Dev-Ops world. They are portable, relatively easy to author, quick to deploy & lightweight in general.
The onus of managing VMs then fall on us. This increases the Total Cost of Ownership (TCO). But it allows us to have a better control on the running software, which can be useful in some situation.
Azure Container Services (AKS) is a managed Kubernetes Cluster.
By managed we mean the OS & Kubernetes get patched & upgraded automatically. We do not manage underlying worker nodes (i.e. VMs). Also, master nodes are fully managed and aren’t billed.
What is Kubernetes and what is its relationship with Docker Containers? When running multiple containers on a cluster, we quickly need more tools than the Docker tool. We need something to:
- Schedule containers
- Monitor their health
- Restart them
- Perform roll-over updates
Those features are associated with a container orchestration / middleware, for instance Kubernetes.
Kubernetes quickly is emerging as a lead runner of the Container Orchestrator race. Pioneered by Google, it is now open sourced with a strong community.
AKS is still in preview at the time of this writing (early April 2018). Despite that, it is the go-to service for managed Kubernetes.
There is some confusion around AKS and ACS. AKS replaces ACS. ACS supported Kubernetes but also Mesos & Docker Swarm. It wasn’t fully managed though. It was more of an accelerator to create a cluster of VMs (including the master nodes). VMs would need to be managed by us subsequently.
AKS is easy to setup and sports a fully open-source version of Kubernetes.
AKS is perfect to run containers either for dev-test or production.
Azure Container Instance
Azure Container Instance (ACI) is a new form of compute pioneered by Azure.
It consists of a VM-less container. Instead of provisioning a VM (or a cluster) to run containers, ACI allows us to run a container by itself.
The pricing model is core / RAM per minute.
This makes ACI ideal for bursting scenarios when a cluster doesn’t have enough capacity. It is also well suited to run “batch jobs”, i.e. jobs running sporadically.
A typical architecture has an AKS cluster running “long running” containers. ACI can then be used for bursting and jobs. This way, ACI run containers do not impact cluster resources.
ACI is also perfect to run container in isolation, e.g. during a dev phase.
Azure Container Registry
Azure Container Registry offers a managed Docker Registry. This enables us to publish Docker images to our own private registry.
The alternative is installing a Docker Registry server on a VM cluster or using the Docker Hub. Azure Container Registry is fully managed, follows Azure numerous compliances and is integrated with Azure identity / security.
Also, Azure Container Registry can be deployed in the same region as our workload. This means less latency for publishing and consuming Docker Images.
Most Enterprise deployments use Azure Container Registry.
Service Fabric is running a ton of services in Azure. For instance, Azure SQL DB, Cosmos DB & Intune are all running on top of Service Fabric.
Microsoft built Service Fabric to serve internal services before Docker Containers were public. It was released as an Azure Service later. It is now freely available for Windows and Linux servers. In that sense, it isn’t bound to Azure.
Service Fabric now supports Docker Containers. It is comparable to Kubernetes. It also supports stateful services. Stateful service have their state persisted locally and replicated on different nodes.
Service Fabric really shines in Micro-Services scenarios.
For instance, traditional Azure Web App packages. Application is packaged as a zip file. It can then easily be deployed to any Web App. Web App run in lock-down environments, ensuring isolation between different apps.
As we explained, Docker Containers offer a Open Source standard.
Azure Web App now supports Docker Containers. That bring the best of both world together. Azure Web Apps become a sort of specialized Docker Container orchestrator. We benefit from the platform knowing containers are Web Apps. It can load balance them, auto scale them, manage certificates, etc. . Most great features Azure Web Apps have introduced over the years but for Containers.
Similarly to Azure Web Apps, Azure Batch now supports Docker Containers.
Azure Batch is great for Big Compute. It can schedule tasks with dependencies on a fully managed cluster. It is a great platform to run CPU-intensive computation in a reliable way.
“Pre Containers Batch” managed zip-file packages with pre-install scripts. Docker Containers allow to fully encapsulate a runtime environment in a standard way.
Azure has fully embraced Docker Containers technology. Docker Containers can be leveraged in a variety of services as we’ve seen.
That technological space changes quickly and constantly.
Azure story isn’t fully written yet.
We could speculate on what different shape the strategy will take, but we won’t indulge in that here. We did show that Docker Containers are becoming ubiquitous on the platform. They will get a growing support and integration level.