CategoryAzure

Building an Infrastructure Pipeline Part 1 Version Control

  Defining Infrastructure as Code is becoming prevalent in all areas of IT, but none more so than in the cloud. Be this Azure Resource Manager Templates, AWS Cloudformation or third party tools like Terraform. Once you’ve gone down this route, you open up the ability to treat your infrastructure code like any other code, and because it’s just code you can now leverage some of the tools...

Azure Free Accounts

Microsoft recently announced the introduction of Azure Free Accounts, these are credit and resources that are free for a certain time period. This is aimed at competing with AWS free tier and similar offerings. Before we take a look at what is on offer, there are a few caveats to check to see if you are actually eligible: To claim the free offer you need to be a new Azure customer, so that means...

Ignite Azure Update – Day 1

As expected, day 1 of Microsoft’s Ignite conference saw a large number of announcements across all products, including Azure. Below you’ll find my summary of Azure announcements I pulled in from the conference floor. There are a lot of quality of life announcements that didn’t necessarily make it into the Keynotes, but that could be a big deal if they impact you. Also a quick reminder, if your at...

Virtual Network Service Endpoints

It didn’t make it into todays Ignite Keynote, but today Microsoft released a preview of a new Azure service, Service Endpoints. It is now possible to take  Azure services that have previously only had public endpoints, and restrict these to only allow access from a specific virtual network (or multiple networks), or even specific subnets. This preview is starting out with Azure SQL and Storage...

Azure AD Connect and The Trouble With Expired Passwords

In an on premises world, with Active Directory, password expiry is easy. Set the required policy for your domain, make sure it’s applied and forget about it, AD will take care of enforcing password changes and compliance with your password rules. Moving your identity to Azure complicates things, and that’s what we are going to talk about today, and in particular password expiry and...

Introduction to Azure Container Instances

Microsoft today released a public preview of a new service, Azure Container Instances. This may seem confusing initially, Azure already has a container service called Azure Container Services (ACS), but this is a somewhat different offering. ACS is a full container hosting solution, including orchestrators, deployed on top of multiple IaaS based Azure Virtual machines. Azure Container Instances (ACI) is not an orchestrator, it is a platform for deploying containers quickly and  simply. The exciting difference with ACI is that containers are now a first class object in Azure, using ACI you can just deploy a container object, there is no need to deploy and manage VMs to host your containers, you simply specify the size of the container your require without having to care about the underlying VMs or storage.
This simple container as service offering should be useful to those looking to quickly spin up a container without having to worry about infrastructure behind it, but what is even more exiting is the potential to provide a platform as a service offering  to be used by orchestrators for providing containers (see later in this article).
In this article we’ll take a look at some of the basics of this service, how it can be used and it’s limitations.
Limitations
ACI is in preview, so there are some limitations on what you can do with the service:

Only Linux containers are supported at the moment, Windows containers to come in the future
It’s not currently possible to attach a container to a virtual network
Use of ACS is currently only through the Azure Cloud Shell or using Azure Resource Manager templates, there is no GUI in the portal and no PowerShell or Command line option to run locally. We’ll focus on using the cloud shell in this article
There are some limitations both on region availiblity, and the size of containers in a region

Isolation
Containers are run on the host machine using HyperV isolation, so that container instances are as isolated as virtual machines in Azure. This should mean containers offer the same level of security and performance isolation from other users sharing the same host,
Creating a container
Creating a container is a single line command in  cloud shell, with various option. At a minimum you need to specify the name to use for the container, the image you want to use (can come from Dockerhub or a private registry), the resource group to store this in, and if you want a public IP the ip-address option. Note that your container name needs to be lower case, otherwise you’ll see an error.

PowerShell

az container create --name helloworld --image microsoft/aci-helloworld --resource-group containertesting --ip-address public

1

az container create --name --image microsoft/aci-helloworld --resource-group --ip-address public

This creates a new container with the default size of 1 CPU and 1.5GB memory. It adds a public IP and exposes port 80.

As mentioned, there’s no interface in the portal for containers, so if you look in your resource group you will see the object you created, but there is very little you can do with it in the GUI.

Once your done with container you can delete it with the container delete command

PowerShell

az container delete --name helloworldcontainer --resource-group containertest

1

az container delete --name helloworldcontainer --resource-group containertest

As mentioned containers can also be deployed using ARM templates, you can find some examples here.
Container Sizes
Unlike virtual machines, containers aren’t restricted to pre-set sizes, you can choose at deployment time the amount of CPU cores and Memory. To specify these ammend your command to include the cpu and memory commands:

PowerShell

az container create --name helloworld --image microsoft/aci-helloworld --resource-group containertest --cpu 2 --memory 4 --ip-address (public

1

az container create --name --image microsoft/aci-helloworld --resource-group containertest --cpu 2 --memory 4 --ip-address (public

I have seen some errors when deploying larger size containers in certain regions (mainly West Europe), so I suspect there are some limits in place for the preview. Larger sizes in East US seemed to work fine. I’ve not yet been able to find documentation of how big your containers can get.

Data and Persistence
As mentioned, it’s not currently possible to connect an container to an Azure virtual network so using local network resources for persisting data is not possible. Container instances do offer the ability to mount Azure file shares for persistent data, with plans to add Azure disks in the future.
I’ve not yet been able to get hold of the documentation for how to attach file shares, I will update this article when I have that.
Alternatively, if your data can be stored in a database you can  make use of public services like Azure SQL, Cosmos DB or Table storage.
Container Groups
ACI has the concept of container groups, these are multiple containers which  are deployed to the same host and share the same network and any mounted volumes, the concept is similar to Kubernetes pods. Container groups need to be deployed using an ARM template rather than through the cloud shell, you can see an example of this here.
Orchestration
As already mention, ACI is not an orchestator, it’s a tool for providing easy deployment of indvidual VM’s. However, ACI is intended to be used with orchestrators, theorchestrator can utilise ACI as the method of provisioning VMs and not have to care about managing hosts. ACI comes ready with an example (experimental) connector for Kubernetes and I am sure further down the line we will see these for other orchestrators.
Pricing
Container pricing is a bit more complex than VM’s, your charged on 3 metrics

Create request – a one of fee for each creation of a container, currently $0.0025 in the East US region
Memory Usage – The amount of memory used by each container per second. Billed at $0.0000125 per GB per second
CPU Usage – The amount of CPU cores used by each container per second. Billed at $0.000013 per core per second

so a container created once with 2 cores and 2GB memory, running for an hour would cost
0.0025 +((0.0000125 * 3600)*2) + ((0.000013 * 3600)*2)=$0.1861
 

Azure Resource Policies Part 1 – Built in Policies

As your Azure usage increased you will inevitably need to grant rights to other users to create and manage resources. Often you need to apply limits to what these user can do with their Azure subscription. Role Based Access Control allows you to put users into roles which grant them access to specific top level resources (virtual machines, storage, SQL etc.), what RBAC doesn’t do however is...

Setup Storage Replica in Azure

In my last article we discussed the various different options for providing SMB shares in Azure given the lack of shared storage. One of the options we discussed for this was using a new feature of Server 2016 – Storage Replica, and in this article we will take a deep dive into how to setup this up in Azure. This Windows Server feature allows you to replicate data between two servers (or...

SMB File Sharing in Azure

In an ideal world, all our cloud applications would be designed from the ground up to work with the cloud, they would be designed to work with cloud principals, make use of PaaS services and provide high availability. Unfortunately, this is often not the case. We are regularly tasked with moving existing on-premises applications into the cloud as a “lift and shift” type operation, until they can...

Disaster Recovery for Azure VMS with Site Recovery

Disaster recovery is, or should be, a must for for many production applications. Having the ability to recover your application in a separate geographic location should a major incident occur is vital to the continued availability of your service. Microsoft have offered a DR service called Azure Site Recovery (ASR) for some time now, but this has been focused on taking on-premises applications...

Follow Me

Follow me on Twitter