Azure Container Instances Promises Cheaper, More Agile Container Tools

The public preview of the Azure Container Instances service brings cloud-hosted containers much closer to the idea of containers generally.

“Containers offer a new form of agility,” pointed out Corey Sanders, Microsoft’s Head of Product for Azure Compute. “You can ship apps significantly faster, you can update them faster, you can make changes and work together across a broad team in a much simpler way, giving apps and services much more agility. They also offer a huge amount of portability; you can build an app and deploy across multiple cloud and multiple app platforms. And because of their quick start time and very small size they offer really easy and rapid scale; you can scale your app nearly instantaneously to meet the demands of your customers or end users.”

If you’re experimenting with containers or working on a prototype, the need to first set up the VM that will host the container (and to remember to patch and delete the container later) is a speed bump for getting started. With ACI, you type in a command and get a running instance of the container image you reference — with a public IP if you want one — in less than five seconds. (If you don’t already have a resource group on Azure you have to create that, which adds another few seconds at the command line the first time.)

What you get back from the command line interface (CLI) is a JSON blob with the stats and status of your container — including the IP address. You can get more details with the logs command and remove the container with delete. There’s a Node.js Hello World application on GitHub and Docket Hub to experiment with.

Using the Azure CLI to spin up containers with ACI isn’t restricted to the Azure Cloud Shell in the portal; you can use it anywhere the CLI is available, which means on your PC or Mac or even your iPhone. The New Stack saw a demo of starting containers with the build of the Azure CLI that’s in the Azure Cloud Shell and Microsoft told us that “the new ACI container commands will be available in the downloadable Azure CLI within a few days.”

You can also deploy from a public Docker repository, from a private registry or from the Azure Container Registry. ACI isn’t limited to individual containers; you can deploy multiple containers as a container group that shares a host machine, local network, storage, and life cycle using a template. You can directly mount Azure file shares to persist and retrieve state with container instances and Microsoft plans to integrate with Azure’s virtual networks, load balancers, and other networking infrastructure.

Built-In Management

Azure manages the underlying infrastructure for container instances, like finding an appropriate host machine to run the container on, but for more complex container infrastructure you’ll still want to use an orchestrator to handle things like scaling and coordinated upgrades, Sanders said. “The way to think about Azure Container Instances is that they’re very much focused on simple container management, and enabling fast and easy deployment,” but they can also be building blocks for other container tools.

The open source ACI Kubernetes connector that Microsoft is working on, using container groups to create Kubernetes pods, is a sample to show how a whole container orchestrators can integrate with ACI using its REST API (which will be published in Swagger). If you want to use the Microsoft Draft Kubernetes app builder tool with ACI, the ACI Kubernetes connector enables that. The connector also lets you have traditional VM-based containers for predictable workloads and on-demand container instances for bursting and scaling, in the same Kubernetes cluster.

also as a piece of infrastructure to build on top of.

finally "herdless cattle" use cases, meaning build/test, rendering, etc.

— brendandburns (@brendandburns) July 26, 2017

“You can use VMs for packing your workloads very tightly or you can use Azure Container Instances to deploy containers in a much more agile way, to be able to spin them up and deploy them down in seconds and to burst very, very quickly,” Sanders said, predicting that most organizations will use a combination of the two.

The connector is “still experimental and not ready for production use” but will allow you to manage container instances on Azure from your own Kubernetes environment (although for many workloads you’ll want to have containers on the same network). The connector can be used in any Kubernetes environment. The connector simply acts as a proxy to ACI, using an Azure service principal to create the necessary Azure resources.

The pricing for instances is also unusual; it combines per second and resource pricing. The default for an instance is a single CPU and 1.5GB of memory, but you can choose up to four cores and allocate between 1GB and 3.5GB to each core. Create requests cost $0.0025 and memory and CPU cost $0.0000125 per second (per GB or core). “This allows customers and developers to make sure that the platform is perfectly fitting their workload, not paying for second than more required or a GB of memory more than is necessary,” Microsoft asserts.

An increasing number of Azure services support containers (credit Microsoft)

Running a container non-stop would cost about $50 a month, although that’s not what the service is designed for; think devtest, rendering, scripts, experimentation and scaling instead. Although you can have a public IP address for your container instance, having a public endpoint optional; “You can also use this to run any sort of batch job workload,” Sanders said.

Azure container architect and Kubernetes co-founder Brendan Burns talks about “herdless cattle” uses, where you don’t need hyperscale but you don’t want to use your own infrastructure either. Running a script that executes quickly could mean a significant saving with per-second billing, and it may be a better match for some workloads than serverless functions, where you pay per request.

Because containers instances are a first-class object in Azure, not buried inside a VM, you can track usage of individual containers with billing tags if you want, and you can use Role-Based Access Control to determine who can connect to the instance.

ACI benefits from the Windows Server underpinnings of Azure, and in particular Windows Server 2016.

“Deployment is securely isolated between customers using technology from Hyper-V isolation,” said Sanders. “With Azure Container Instances, your application is as isolated in a container as it would be in a VM.”

First Class Treatment

Making containers first-class objects on Azure is a sign of how committed Microsoft is to containers, and how useful it expect them to be for customers. That means ACI isn’t just a “quick and dirty” way of spinning up containers. The flexibility and economics of Azure Container Instances make them a significant building block.

“We do expect some Azure services to build on top of Azure Container Instances and enable solutions using it and we are working with several of those right now,” Sanders told us. He didn’t name the services, but Container Instances would seem to be ideal for Azure Container Services, Azure App Service, Service Fabric and Azure Batch.

Feature image by Ashley Knedler via Unsplash.