Implement Azure Container Apps

Question 1

What is Azure container Apps (ACA)?

Answer 1

• Enable you to run microservices and containerised apps on a serverless platform that runs on top of Azure Kubernetes service
• Can dynamically scale based on HTTP traffic, event driven processing, CPU or memory load and any KEDA supported scaler

Question 2

What are common uses of ACA?

Answer 2

• deploying API endpoints
• hosting background processing apps
• handling event driven processing
• running microservices

Question 3

What can we do with ACA?

Answer 3

• run multiple container revisions and manage the container apps lifecycle
• autoscale apps
• enable HTTP ingress without having to manage other infra
• split traffic across multiple app versions
• build microservices with Dapr

Question 4

What is a container apps environment?

Answer 4

• individual apps deployed to a single container apps env which acts as secure boundary around groups of container apps
• apps in same env are deployed in same VN and write logs to same log analytics workspace

Question 5

What reasons would you have to deploy container apps to same env?

Answer 5

• managed related services
• deploy different apps to same VN
• instrument Dapr apps that communicate via the Dapr API
• Have apps to share Dapr config
• have apps share same log analyitcs

Question 6

What reasons would you have to not deploy container apps to same env?

Answer 6

• Ensure two apps never share same compute resources
• ensure two Dapr apps cant communicate via Dapr API

Question 7

What is the microservice architecture in relation to ACA?

Answer 7

• allow you to independtly develop, upgrade, version and scale core areas of functionality in overall system
• ACA provides independent scaling, service discovery and Dapr integration

Question 8

How does networking work with microservices?

Answer 8

• function calls spread across network
• Need to account for failures, retries and timeouts
• container app does feature building blocks for running microservices but Dapr provides even richer model

Question 9

What does Dapr include?

Answer 9

• observability
• pub/sub
• service to service invocation with mutual TLS, retries and more

Question 10

How does ACA manage container orchestration?

Answer 10

• containers in ACA can use any runtime, programming lang or dev stack of your choice
• supports any linux based x86-64 container image
• No required base container image, if container crashes it auto restarts
• changes to template ARM config section trigger a new container app revision

Question 11

What is sidecar pattern?

Answer 11

• Can define multiple containers in single container app
• containers in the app share hard disk, network resource and experience same app lifecycle
• e.g. agent that reads logs from primary container on a shared volume and forwards them to logging service

Question 12

How can we manage private registers on ACA?

Answer 12

• provide credentials in the container apps config to deploy images from private registers
• to use a container registry you define the required feilds in the registries array in properties.configuration section of the container app resource template
  -passwordsecretRef field IDs the name of the secret in the secrets array where you defined the password
• can then pull image from private reg

Question 13

What limiatons does ACA have?

Answer 13

• privileged containers cannot be run in ACA = if program attempts to run process that requires root access, the app inside the container experiences a runtime error
• OS = linux based container images only

Question 14

How does ACA provide auth and auhorisation features?

Answer 14

• built in features to secure external ingress-enabled apps with minimal or 0 code
• dont require any particular lang SDK and work out the box
• Only used with HTTPs
• Ensure “AllowInSecure” is disabled on config

Question 15

How does app access work with ACA?

Answer 15

• RequireAuthentication = only authenticated users can access app
• AllowUnauthorisedAccess = authenticates but doesnt restrict access

Question 16

What is federated ID?

Answer 16

• Third party ID provider used by ACA
• manages user ID and auth flow for you
• github, facebook, AAD, google, twitter and openID supported

Question 17

What is the auth and authorization middleware in ACA?

Answer 17

• runs as a sidecar container on each replica in your app
• when enabled every incoming HTTP request passes through security layer b4 app
• handles auth of session, authenticates users and clients and injects info into HTTP request headers

Question 18

How does auth flow work in ACA with and without provider SDK?

Answer 18

• with = app signs users into provider manually and submits auth token to container apps for validation (used in browserless apps and native mobile apps)
• without = app delegates federated sign-in to container apps (used in browser apps which present the providers sign-in page to users

Question 19

What are app revisions in ACA?

Answer 19

• revision is an immutable snapshot of a container app version
• can use to release a new version of app or quickly revert to previous version
• new revisions created when you update app with revision scope changes
• can control which revisions are active and the traffic that is routed to each one

Question 20

How does ACA revision naming work?

Answer 20

• by default ACA creates a unique revision name with a suffix consisting of a semi-random string of alphanumeric chars
• e.g. container app names album-api would create a revision album-api-1st-revision

Question 21

What command allows you to update ACA containers?

Answer 21

• “az containerapp update” cmd allows you to modify env vars, compute resources, scale params and deployment of different images to container app

Question 22

How does ACA handle secrets?

Answer 22

• Once secrets are defined at app level, secured values are available to container apps
• scoped to app rather than revision
• adding, removing or changing secrets doesnt generate a new revision, will need to manually deploy one or restart existing one
• each revision can reference one or more secrets
• multiple revisions can ref same secret
• secrets defined with “–secrets” param, can then be accessed via env vars

Question 23

What is Dapr?

Answer 23

• set of incrementally adoptable features that simplify the authoring of distributed, microservice apps
• provides capabilities for enabling app communication through pub/sub msgs or reliable and secure service-service calls

Question 24

What is CNCF?

Answer 24

• Cloud Native Computing Foundation
• Part of linux foundation and provides support, oversight and direction for fast growing cloud native projects
• Dapr is part of CNCF

Question 25

How does ACA integrate with Dapr?

Answer 25

- Provides managed supported Dapr integration - Handles Dapr version upgrades seamlessly - Exposes simplified Dapr interaction model to incease dev productivity

Question 26

Core features of Dapr?

Answer 26

- Service-service invocation - State management - pub/sub - bindings (triggers) - actors (message driven single threaded units of work designed to quickly scale) - observability - secrets (can be accessed through code)

Question 27

What are container apps with Dapr enabled?

Answer 27

- Dapr is enabled at the container app level by configuring a set of dapr args - values apply to all revisions of a given container app when running in multiple revisions mode

Question 28

What is just pure Dapr mode in ACA?

Answer 28

- fully managed Dapr APIs are exposed to each container app through Dapr sidecar - APIs can be invoked from container app via HTTP - sidecar runs on HTTP port 3500

Question 29

What is Dapr component configuration?

Answer 29

- Dapr uses a modular design where functionality is delivered as a component - components can be shared across multiple container apps - Dapr IDs provided in the scopes array dictates which dapr enabled container apps load a given component at runtime

Question 30

Which channels does ACA provide for configuring dapr?

Answer 30

- Container apps CLI - IaaC templates such as ARM and bicep - Portal