Skip to content
← Back to Azure Container Services

You are viewing a free preview of this lesson.

Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.

View PricingCreate Account

Containers on Azure Overview

Containers on Azure Overview

Containers have become the standard unit of deployment for modern cloud applications. Microsoft Azure offers a rich set of container services that span the full spectrum of complexity — from running a single container with no infrastructure to manage, to operating enterprise-grade Kubernetes clusters at scale. This lesson introduces the Azure container ecosystem, explains when you would use each service, and maps out the journey ahead.

Why Containers in the Cloud?

Containers solve the "it works on my machine" problem by packaging an application together with its dependencies, libraries, and configuration into a single portable image. Running containers in the cloud adds further benefits:

  • Elastic scaling — scale from zero to thousands of instances based on demand
  • Global reach — deploy containers to any of Azure's 60+ regions
  • Managed infrastructure — let Azure handle patching, networking, and high availability
  • Integrated security — leverage Azure Entra ID, managed identities, and network policies
  • Cost efficiency — pay only for the compute you consume, with options for spot and reserved pricing

The Azure Container Service Landscape

Azure provides four core container services. Each targets a different level of operational complexity and control.

+--------------------------------------------------------------+
|                    Azure Container Services                    |
|--------------------------------------------------------------|
|                                                              |
|  Low complexity                          High complexity      |
|  Less control                            Full control         |
|                                                              |
|  +--------+    +---------+    +-----------+    +--------+    |
|  |  ACI   |    |Container|    |    AKS    |    |  AKS   |    |
|  |        |    |  Apps   |    | (managed) |    |(custom)|    |
|  +--------+    +---------+    +-----------+    +--------+    |
|                                                              |
+--------------------------------------------------------------+

Azure Container Registry (ACR)

ACR is a managed Docker registry for storing and distributing container images. It is not a compute service — it is the image store that all other container services pull from. ACR supports OCI images and Helm charts, integrates with Azure Entra ID for authentication, and offers geo-replication for multi-region deployments.

Azure Container Instances (ACI)

ACI is the simplest way to run a container on Azure. You provide an image, specify CPU and memory, and Azure runs it — no virtual machines to provision, no orchestrator to configure. ACI is ideal for:

  • Burst workloads and batch jobs
  • Quick prototyping and testing
  • CI/CD build agents
  • Sidecar containers for AKS (virtual nodes)

Azure Kubernetes Service (AKS)

AKS is a managed Kubernetes cluster. Azure handles the control plane (API server, etcd, scheduler), while you manage the worker nodes and your application workloads. AKS is the right choice when you need:

  • Advanced orchestration (rolling updates, auto-scaling, self-healing)
  • Service mesh, network policies, and fine-grained RBAC
  • Multi-team, multi-service deployments
  • Stateful workloads with persistent volumes

Azure Container Apps

Container Apps is a serverless container platform built on top of Kubernetes (and the open-source KEDA and Dapr projects) but without exposing the Kubernetes API. It provides:

  • Automatic scaling from zero to many replicas
  • Built-in traffic splitting and revision management
  • Dapr integration for microservice patterns (pub/sub, service invocation, state stores)
  • HTTP ingress and event-driven triggers out of the box

Comparing the Four Services

Feature ACI Container Apps AKS
Complexity Very low Low–medium Medium–high
Scaling Manual (container groups) Automatic (0 to N) Automatic (HPA, KEDA, cluster autoscaler)
Pricing model Per-second (vCPU + memory) Per-second (vCPU + memory) VM node costs + optional add-ons
Best for Short-lived tasks, burst compute Microservices, APIs, event-driven apps Complex workloads, full K8s control
Kubernetes knowledge Not required Not required Required
Persistent storage Azure Files (limited) Azure Files Azure Disks, Azure Files, CSI drivers
Networking VNet injection available Managed VNet, custom VNet Full VNet integration, CNI options
Ingress Public IP or DNS label Built-in Envoy-based ingress Ingress controllers (NGINX, App Gateway)

The Supporting Cast

Beyond the core four, several Azure services complement container workloads:

Service Role
Azure Container Registry (ACR) Store and manage container images
Azure Monitor / Container Insights Metrics, logs, and diagnostics
Azure Key Vault Secrets, certificates, and encryption keys
Azure Entra ID Identity and access management
Azure Policy Governance and compliance for clusters
Microsoft Defender for Containers Image scanning and runtime protection
Azure DevOps / GitHub Actions CI/CD pipelines for building and deploying

How Container Services Fit into an Architecture

A typical containerised architecture on Azure might look like this:

Developer
   |
   |  git push
   v
GitHub Actions / Azure DevOps
   |
   |  docker build & push
   v
Azure Container Registry (ACR)
   |
   +-----> Azure Container Apps   (APIs, web apps)
   |
   +-----> AKS                    (complex microservices)
   |
   +-----> ACI                    (batch jobs, CI agents)

Images are built in CI/CD, pushed to ACR, and then pulled by whichever compute service is most appropriate for the workload.

Choosing the Right Service

Use this decision tree as a starting point:

  1. Is it a one-off or short-lived task? → ACI
  2. Is it an API, web app, or event-driven service that should scale automatically? → Container Apps
  3. Do you need full Kubernetes control, custom operators, or complex multi-service orchestration? → AKS
  4. Are you already running Kubernetes on-premises and want a consistent experience? → AKS

There is no single "best" service — the right choice depends on your team's Kubernetes expertise, the complexity of your workloads, and your operational preferences.

Azure Regions and Availability

All four container services are available in most Azure regions. For production workloads, consider:

  • Availability Zones — AKS supports zone-redundant node pools; Container Apps supports zone redundancy
  • Paired regions — Use ACR geo-replication to keep images close to your compute
  • Data residency — Ensure your chosen region meets compliance requirements

Cost Considerations

Service Cost driver Tip
ACI Per-second CPU + memory Use spot containers for fault-tolerant batch jobs
Container Apps Per-second CPU + memory (consumption plan) or dedicated plan Scale to zero when idle to minimise costs
AKS Underlying VM node costs Use the cluster autoscaler and spot node pools
ACR Storage + data transfer + build minutes Use lifecycle policies to purge old images

What This Course Covers

Over the next nine lessons, you will explore each service in depth:

Lesson Focus
Azure Container Registry (ACR) Building, storing, and securing images
Azure Container Instances (ACI) Running single containers and container groups
Introduction to AKS Cluster architecture and deployment basics
AKS Cluster Configuration Node pools, scaling, and upgrades
AKS Networking and Ingress CNI, services, ingress controllers
AKS Storage and Persistence Volumes, persistent volume claims, CSI drivers
Azure Container Apps Serverless containers, revisions, scaling rules
ACI vs AKS vs Container Apps Decision framework and migration paths
Container Security on Azure Image scanning, runtime protection, network policies

Summary

  • Azure provides four core container services: ACI, AKS, Container Apps, and ACR (as the image store).
  • ACI is the simplest — run a container with no infrastructure to manage.
  • Container Apps is serverless and scales automatically, with built-in Dapr and KEDA support.
  • AKS provides full Kubernetes control for complex, multi-service workloads.
  • ACR is the managed registry that stores your images and integrates with all compute services.
  • Choose the service that matches your team's skills, your workload complexity, and your operational requirements.
  • The supporting ecosystem (Monitor, Key Vault, Defender, Entra ID) provides observability, security, and governance across all container workloads.
Subscribe to continue