Problem Statement
You need to run containers in Azure. What are the options available to you? What are the pros and cons of each option? How do you choose the right option for your use case?
Basics
In order to run a program, you need a source code and a runtime environment. This runtime environment can be a virtual machine with an operating system and whatever dependencies are needed to run the program. This is the traditional way of running programs. However, there are other ways to run programs. One of these ways is to use containers. Containers are a way to package up a program and all of its dependencies into a single package. This package can then be run on any machine that has a container runtime installed. This makes it easy to run programs in a consistent way across different machines. Containers are lightweight and fast to start up, making them a good choice for running programs in the cloud.
Storing program
This container packaging has evolved into a standard which is OCI (Open Container Initiative) Image and Distribution Spec. This standard defines how containers should be packaged and run.
References:
https://opencontainers.org/posts/blog/2024-03-13-image-and-distribution-1-1/
Running program
With a common/standard image spec, there is also a common/standard runtime spec. This is the OCI Runtime Spec. This spec defines how containers should be run.
References:
https://opencontainers.org/posts/blog/2024-02-18-oci-runtime-spec-v1-2/#what-is-the-oci-runtime-spec
There are several reference implementations of the OCI runtime spec. Within this reference implementation, runtime implementation can be broadly categorized into two types: low-level and high-level.
Low-level runtime implementations are responsible for the core functionalities of container management. They handle the creation, execution, and lifecycle management of containers at a granular level. These implementations interact directly with the operating system's kernel and utilize system calls to manage namespaces, cgroups, and other low-level resources. Examples of low-level runtimes include runc and crun, which are designed to be lightweight and efficient, providing the essential building blocks for container execution.
High-level runtime implementations, on the other hand, build upon the capabilities provided by low-level runtimes. They offer additional features and abstractions that simplify container management and orchestration. High-level runtimes often integrate with container orchestration platforms like Kubernetes and provide functionalities such as image management, network configuration, and volume handling. Examples of high-level runtimes include containerd and CRI-O, which provide a more comprehensive and user-friendly interface for managing containers in a production environment.
Container Options in Azure
Azure offers several first-party options for running containers. These are Azure Container Instances (ACI), Azure Kubernetes Service (AKS), and Azure Container Apps (ACA). Each of these services has its own use cases and features. Depending on your requirements, you can choose the service that best fits your needs.
Azure Container Instances (ACI)
Azure Container Instances is a service that allows you to run containers without having to manage the underlying infrastructure. You can run containers on demand and only pay for the resources that you use. This makes it easy to run containers in the cloud without having to worry about managing servers. In essence, ACI is like running docker run but in the Azure cloud, providing a simple and efficient way to deploy and manage containers.
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS) is a managed Kubernetes service that enables you to run containers at scale. Kubernetes is an open-source container orchestration platform that allows you to manage containers within a cluster. AKS simplifies the deployment and management of Kubernetes clusters in Azure.
One of the key advantages of AKS is its access to the Kubernetes API, which allows you to build and customize your own deployment options. While the deployment and management of AKS itself are handled via Azure Resource Manager (ARM) APIs, the deployment and management of containers within AKS are managed through the Kubernetes API. This differs from Azure Container Apps (ACA), where the Container Apps service is directly integrated as a first-party API within ARM.
Azure Container Apps (ACA)
Azure Container Apps is a service that allows you to run containers in a serverless way. It support consumption based pricing and also workload profiles which let you choose VMs based on your workload. Autoscaling of replicas (of your application) and also scaling of VMs is supported and seamless. mTLS (in-transit encryption) is supported. Resiliency options such as retry policies, circuit breakers, and timeouts are supported. It also supports monitoring and logging. It is a fully managed service and opinionated. If you are happy with features in ACA and don't want to customize, then ACA is a good choice. ACA is a good choice for developers who want to focus on their application and not worry about the underlying infrastructure. ACA service will continue to evolve and add more features.
Other options
While there are other options, these are the main ones that are commonly used.