What’s new in managed identity support for Azure Container Apps
Add comment
Share:FacebookXLinkedIn

What’s new in managed identity support for Azure Container Apps

July 19, 2024Add comment3 min read
Post Views: 5,444

Azure Container Apps Managed Identity Support Now Available

Azure Container Apps now support Managed Identity, enabling secure authentication with Azure services without storing secrets in applications. Below are the key features and guidelines for this update:

Scaling Definition

Scaling in Azure Container Apps is managed through a combination of limits, rules, and behavior:

  • Limits: Define the minimum and maximum number of replicas.
    • Minimum replica: Default 0, min 0, max 1,000.
    • Maximum replica: Default 10, min 1, max 1,000.
  • Rules: Define the criteria for adding or removing replicas.
  • Behavior: Explains how rules and limits dictate scaling over time.

Scaling Rules

Scaling triggers fall into three categories:

  1. HTTP: Based on concurrent HTTP requests.
  2. TCP: Based on concurrent TCP connections.
  3. Custom: Based on CPU, memory, or event-driven data sources like Azure Service Bus and Azure Event Hubs.

Scaling Examples

HTTP Scaling Example

bashCopyEditaz containerapp create \
  --name <CONTAINER_APP_NAME> \
  --resource-group <RESOURCE_GROUP> \
  --environment <ENVIRONMENT_NAME> \
  --image <CONTAINER_IMAGE_LOCATION> \
  --min-replicas 0 \
  --max-replicas 5 \
  --scale-rule-name azure-http-rule \
  --scale-rule-type http \
  --scale-rule-http-concurrency 100

TCP Scaling Example

bashCopyEditaz containerapp create \
  --name <CONTAINER_APP_NAME> \
  --resource-group <RESOURCE_GROUP> \
  --environment <ENVIRONMENT_NAME> \
  --image <CONTAINER_IMAGE_LOCATION> \
  --min-replicas 0 \
  --max-replicas 5 \
  --transport tcp \
  --ingress <external/internal> \
  --target-port <CONTAINER_TARGET_PORT> \
  --scale-rule-name azure-tcp-rule \
  --scale-rule-type tcp \
  --scale-rule-tcp-concurrency 100

Custom Scaling Example (Azure Service Bus)

bashCopyEditaz containerapp create \
  --name <CONTAINER_APP_NAME> \
  --resource-group <RESOURCE_GROUP> \
  --environment <ENVIRONMENT_NAME> \
  --image <CONTAINER_IMAGE_LOCATION> \
  --min-replicas 0 \
  --max-replicas 5 \
  --secrets "connection-string-secret=<SERVICE_BUS_CONNECTION_STRING>" \
  --scale-rule-name azure-servicebus-queue-rule \
  --scale-rule-type azure-servicebus \
  --scale-rule-metadata "queueName=my-queue" \
                        "namespace=service-bus-namespace" \
                        "messageCount=5" \
  --scale-rule-auth "connection=connection-string-secret"

Authentication with Managed Identities

You can enable authentication in scaling rules using a Managed Identity instead of secrets.

Example Using Managed Identity

bashCopyEditaz containerapp create \
  --resource-group <RESOURCE_GROUP> \
  --name <APP_NAME> \
  --environment <ENVIRONMENT_ID> \
  --user-assigned <USER_ASSIGNED_IDENTITY_ID> \
  --scale-rule-name azure-queue \
  --scale-rule-type azure-queue \
  --scale-rule-metadata "accountName=<AZURE_STORAGE_ACCOUNT_NAME>" "queueName=queue1" "queueLength=1" \
  --scale-rule-identity <USER_ASSIGNED_IDENTITY_ID>

Key Considerations

  • Billing: No usage charges when applications scale to zero.
  • Cooldown Period: Default 300 seconds.
  • Polling Interval: 30 seconds.
  • No Vertical Scaling: Only horizontal scaling is supported.
  • Dapr Actors: Stateful Dapr actors should not scale to zero due to state management dependencies.

By leveraging Managed Identities and optimized scaling rules, you can enhance security, reduce operational overhead, and improve the performance of Azure Container Apps.

Share:FacebookXLinkedIn
Join the discussion

Menu

Bülleten