Containers on Azure Peter Lasne Sr. Software Development Engineer Commercial Software Engineering Microsoft © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Images WFE Service A Service B Service C Application Node.js + Express LAMP LAMP Application Stack Alpine Ubuntu Operating System Containers Containers WFE WFE A A B B C C Container Engine Docker Engine Guest OS Ubuntu Hypervisor / Host OS Hyper-V Hardware Physical Server
microservices architecture is a design pattern, containers are an implementation detail
Density Agility Polyglot Deployment 10/28/2019 10:36 PM Density more workloads on the same hardware Agility rapidly adjust service mix based on demand Polyglot each service can have its own OS, app stack, etc. Deployment no downtime; roll in and out services independently © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Things it makes easier: Things it makes harder: scalability portability continuous improvement application design performance security management
Windows Server vs. Hyper-V containers It is a deployment decision; not a design decision Web tier LOB app (+Binaries) Container A App tier LOB app (+Binaries) Container B DB tier LOB app (+Binaries) Container C Windows Guest OS Optimized for Hyper-V container Hyper-V container App A Bins/Libraries Windows Guest OS Optimized for Hyper-V container Hyper-V container App B Bins/Libraries Libraries (Shared across containers) Libraries Host OS with container support Hypervisor Server (Physical or Virtual) Server
Azure Container Service Virtual Machines Docker for Azure Bonus: Functions are deployable in containers
Azure Container Instance (ACI) Best for: Job processing Automation Serverless Container Groups Restart Policy Volumes (Azure Files, ephemeral, secrets) Expensive but /GB/s and /core/s Can be orchestrated from Kubernetes (proof-of-concept) SNAT App Ops Container Group
Azure Container Service (ACS) Best for: Applications ACS ACS Engine AKS Microsoft Involvement Deployment Tooling Platform Service Patching VMSS + orchestrator Managed Orchestrators Swarm, DCOS, Kubernetes Kubernetes Custom VNET? No; use peering Yes Customizable? Low High Swarm, DCOS, Kubernetes Docker Docker Docker Docker VM VM VM VM VMSS - Master VMSS - Worker Azure Container Service Use this if you can Azure Resource Manager
Azure Resource Manager Service Fabric Best for: Greenfield microservices applications Stateful services with replication! Reliable Actor API Reliable Service API Linux and Windows HA, Health Monitoring, Self-Healing Rolling Upgrades, Load Balancing DNS, Service Discovery, Rollback Placement Constraints, Containers microservices Azure Service Fabric VM VM VM Scale Set Azure Resource Manager
Azure Resource Manager Docker for Azure Best for: Simple container orchestration Best practice installation Prescriptive update path Self-cleaning / Self-healing Logging to Storage Account Persistent Volume Driver – Azure Files Swarm Docker Docker Docker Docker VM VM VM VM VMSS - Manager VMSS - Worker Azure Resource Manager
Web App for Containers (App Service) Best for: Simple, inexpensive web applications Uniform distribution – no orchestrator Prepackaged and BYOC Some App Service functionality: slots, CI/CD, etc. No VNET integration, no AAD auth, no site extensions, etc. SNAT C1 C2 C1 C2 Docker Docker VM Worker VM Worker App Service Resource Manager
Azure Batch Large-scale parallel compute Task Task Azure Batch Best for: Batch processing Large-scale parallel compute Task Task Docker Docker VM Worker VM Worker Azure Batch Resource Manager
Azure Container Registry Containers for Docker, ACS, App Service, Batch, Service Fabric, etc. Manages both Windows and Linux images Managed service (no need to manage patching, updates, etc.) Works with standard open source tools, like Docker login, push, and pull Credentials managed in AAD, including Service Principals
Best Practice Default to Linux Default to Kubernetes Leverage the ecosystem Patch/Re-deploy VMs; Re-deploy containers Slim containers (Alpine; no tooling; build container) No root; no write Use keep-alive + connection pooling Cattle; not pets
Kubernetes Production-Grade Container Orchestration (deployment, scaling, and management) Planet-Scale: Google runs billions of containers a week on Kubernetes Automatic binpacking Horizontal scaling Automated rollout/rollback Storage orchestration Self-healing Service discovery and load balancing Secret and configuration management Batch execution Master etcd scheduler API Server Controller Manager Proxy Container Runtime Kubelet Deployment ReplicaSet Pod App (Container) Sidecar Node Service Load Balancer