Microsoft ACA updates 2023 - Q2
Within this blog, I want to give an overview of all the feature in Q2 2023 that becomes available in General Availability, Technical Preview or End of Support by Microsoft. This information can be found at Microsoft Azure Updates.
Features that are now supported by Microsoft (GA):
- [General available] Azure Pipelines task to build and deploy to Azure Container Apps
Azure Container Apps support for a new Azure Pipelines task that builds and deploys container apps from Azure DevOps is now generally avaialble. By integrating this task into their pipelines, customers can enable continuous delivery of their source code to Azure Container Apps. The Azure Pipelines task builds source code in a repository into a container image, pushes it to Azure Container Registry, and deploys it to Container Apps. The task uses a Dockerfile if one is provided. If there is no Dockerfile, it can still build a container image from source code for supported languages and runtimes, including .NET, Python, and Node.js. - [General available] Azure Pipelines task to build and deploy to Azure Container Apps
Azure Container Apps support for a new Azure Pipelines task that builds and deploys container apps from Azure DevOps is now generally avaialble. By integrating this task into their pipelines, customers can enable continuous delivery of their source code to Azure Container Apps. The Azure Pipelines task builds source code in a repository into a container image, pushes it to Azure Container Registry, and deploys it to Container Apps. The task uses a Dockerfile if one is provided. If there is no Dockerfile, it can still build a container image from source code for supported languages and runtimes, including .NET, Python, and Node.js. - [General available] GitHub action to build and deploy to Azure Container Apps
A new GitHub action to build and deploy to Azure Container Apps is now generally available. This new GitHub action is now the default Azure Container Apps GitHub flow. This flow builds and deploys container apps from GitHub Actions workflows. By making this action the default, Container Apps enables continuous delivery of their source code to Azure Container Apps. The GitHub action builds source code in a repository into a container image, pushes it to Azure Container Registry, and deploys it to Container Apps. The action uses a Dockerfile if one is provided. If there is no Dockerfile, it will build a container image from source code for supported languages and runtimes, including .NET, Python, and Node.js. Click here to learn more. - [General available] Inbound IP restrictions for Azure Container Apps
Azure Container Apps now supports restricting inbound traffic by IP addresses. This feature enables container apps to restrict inbound HTTP or TCP traffic by allowing or denying access to a specific list of IP address ranges. Click here to learn more. - [General available] TCP support for Azure Container Apps
Azure Container Apps now supports using TCP-based protocols other than HTTP or HTTPS for ingress. With this feature, you can now deploy Container Apps that communicate using TCP-based protocols on a specific port you set within the environment. Additionally, a container app can expose a TCP port externally for ingress when using a custom virtual network. Click here to learn more.
Features that are currently in Public Preview and not yet GA
- [Public Preview] Secrets volume mounts for Azure Container Apps
Azure Container Apps now supports secrets volume mounts. In addition to referencing secrets as environment variables, you can now mount secrets as volumes in your container apps. Your apps can access all or selected secrets as files in a mounted volume. This feature, currently in public preview, works with secrets stored directly in Azure Container Apps and secrets referenced from Azure Key Vault. Click here to learn more. - [Public Preview] Free managed TLS certificates for Azure Container Apps
Azure Container Apps now supports managed certificates. This feature is in public preview. Managed certificates are free and enable you to automatically provision and renew TLS certificates for any custom domain you add to your container app. Click here to learn more. - [Public Preview] Serverlessly run on-demand, scheduled, and event-driven jobs on Azure Container Apps
In addition to continuously running services that can scale to zero, Azure Container Apps now supports jobs. The jobs feature is in public preview and enables you to run serverless containers that perform a task and exit when complete. Azure Container Apps jobs support three trigger types: manual (on-demand), scheduled, and event-driven. Manual jobs are triggered by a user or an external system, such as another container app. Scheduled jobs are triggered at a specified time or interval. Event-driven jobs are triggered by scaling rules. Common scenarios for jobs include:- Running a one-time containerized data migration job;
- Running a recurring containerized batch job, such as a nightly inventory processing job;
- Running a containerized job in response to an event, such as a message arriving in a queue;
- Running CI/CD build processes such as Azure Pipelines agents and GitHub Actions runners in a Container Apps environment.
A job can run multiple executions concurrently, and each job execution can run multiple replicas in parallel. Container apps and jobs share the same Container Apps environment, providing them with a common serverless platform and shared capabilities such as networking and observability. Jobs can communicate with container apps in the same environment. Jobs support both the Consumption and Dedicated plans. In the Consumption plan, you pay only when jobs are executing, by the second. In the Dedicated plan, jobs with specialized compute requirements can take advantage of custom workload profiles. Click here to learn more.
- Running a one-time containerized data migration job;
- [Public Preview] Init containers in Azure Container Apps
The init containers feature in Azure Container Apps is now in public preview. Init containers are specialized containers that run to completion before application containers are started in a replica, and they can contain utilities or setup scripts not present in your container app image. Init containers are useful for performing initialization logic such as setting up accounts, running setup scripts, and configuring databases. Click here to learn more. - [Public Preview] Cross Origin Resource Sharing (CORS) in Azure Container Apps
Azure Container Apps now supports Cross Origin Resource Sharing (CORS) in public preview. By default, requests made through a browser to a domain that doesn’t match the page’s origin domain are blocked. The CORS feature allows specific origins to make calls on their app through the browser. Now Azure Container Apps customers can easily set up Cross Origin Resource Sharing from the portal or through the CLI. Click here to learn more. - [Public Preview] Session affinity for Azure Container Apps
Azure Container Apps now supports session affinity, also known as sticky sessions, for HTTP-based workloads. This feature is in public preview. Session affinity enables you to route all requests from a single client to the same Container Apps replica. This is useful for stateful workloads that require session affinity. Container apps in single revision mode support session affinity. When enabled, Container Apps automatically adds a cookie to HTTP responses to track the replica being used by the client. Click here to learn more. - [Public Preview] Azure Key Vault references for secrets in Azure Container Apps
Azure Container Apps now supports Azure Key Vault references in application secrets. This feature is in public preview. Azure Key Vault references enable you to source a container app’s secrets from secrets stored in Azure Key Vault. Using the container app's managed identity, the platform automatically retrieves the secret values from Azure Key Vault and injects it into your application's secrets. Both versioned and non-versioned secrets are supported. To learn more, see Secrets in Azure Container Apps. Click here to learn more. - [Public Preview] Azure Container Apps available in Azure China
Azure Container Apps is now available in public preview in Azure China. Azure Container Apps is a managed serverless container service which offers an ideal platform for application developers who want to run apps and microservices in containers without managing infrastructure. Azure Container Apps is built on a foundation of powerful open-source technology including Kubernetes, KEDA, Dapr, and Envoy. - [Public Preview] Azure Container Apps offers new plan and pricing structure
Azure Container Apps now offers a new plan and pricing structure designed to adapt compute options to individual apps and microservices components for more flexible microservices solutions. Azure Container Apps now supports a Dedicated plan in addition to the existing serverless Consumption plan. Compute options are represented as workload profiles defined at the Azure Container Apps environment scope. We currently support general purpose and memory optimized workload profiles with up to 16 vCPU’s and 128GiB’s of memory. When using Dedicated workload profiles, you are billed per node, compared to Consumption where you are billed per app. For each Dedicated workload profile in your environment, you can:- Select the category and size of the workload profile;
- Deploy as many apps as you want to each one;
- Use autoscaling to add/remove nodes based on the needs of the apps;
- Limit scaling of the profile to provide increased cost control and predictability.
Each app can be configured to run on any of the workload profiles defined for the Azure Container Apps environment scope with Consumption and Dedicated plans running seamlessly in the same Azure Container Apps environment. This is ideal for developers when deploying a microservice solution where each app can run on the appropriate compute infrastructure. Additionally, the new Consumption workload profile allows developers to request up to 4 vCPU’s and 8Gib’s of memory for an app, twice what can be requested in the original Consumption only plan. The new plan structure we are announcing today also delivers a set of preview features to optimize network architecture including: - Reduced subnet size requirements with a new /27 minimum;
- Support for Azure Container Apps environments on subnets with locked down network security - groups and user defined routes (UDR);
- Support for Azure Container Apps environments on subnets configured with Azure Firewall and third-party network appliances.
Click here to learn more.
- Select the category and size of the workload profile;
- [Public Preview] Azure Container Apps supports user defined routes (UDR) and smaller subnets
User defined routes (UDR) and smaller required subnet sizes are now available in public preview for Azure Container Apps on the Consumption + Dedicated plan structure. You can define UDRs to manage how outbound traffic is routed to your container app environment’s subnet by enabling network appliances such as firewalls on the new Consumption + Dedicated plan structure. In addition, with the new plan structure, the minimum subnet size required is a /27 CIDR. A minimum subnet size of /23 is still required for container apps created on the existing Consumption plan. Click here to learn more.
For more information about the features that are coming out, please refer to the public roadmap of Microsoft ACA team.