Hey friends, Azure Container
Instances - or ACI - is a super
flexible compute option. Today,
folks are using it for all sorts
of things like long running
processes, backend APIs, worker
roles and Logic App workflows
and even build and test
pipelines. Mark Russinovich is
back [cough] six years after his last
visit to show me how it works
and more. Today on Azure Friday.
Hey friends, I'm Scott Hanselman.
It's Azure Friday and I've got
Mark Russinovich with me. Our
multi-year long Twitter beef is
over. We've come together to
share Azure with the people. How
are you, Sir?
I'm doing good thanks. Thanks
for finally having me back on. It's
always a pleasure. You always
bring me such wonderful demos
and today you're going to
explain to me what ACI is. It's
one of our wonderful offerings
that you're going to explain and
show me. Hopefully some great
demos. That's right. OK, So what
is ACI? Uh, well, ACI stands
for Azure Container Instances,
and you can think of it as
serverless containers as a
service. We interested
introduced it a little over two
years ago. We were the first
cloud to introduce serverless
containers and. What serverless
containers means is, in contrast
to the more standard way that
people are deploying containers
where they launch a virtual
machine, and then they go deploy
the containers Docker images
into that virtual machine. With
ACI, you simply call the API
endpoint and say, deploy this
image and the ACI service takes
care of managing the
infrastructure underneath those
containers, and you just
interact with the container so
it's very lightweight, very easy
way to get containers up and
running, but if I have like
multiple containers or one
orchestrator, where does ACI
stop and then?
Container orchestrator start.
Yeah, good question. We've got
container groups so there is
some light ability to deploy
multiple containers that work
together, but if you want
sophisticated orchestration,
rolling upgrades, and other
features like that, then you're
going to want to use a container
orchestrator like. Kubernetes
with Azure Kubernetes service.
OK now I have a container that
I'm running. Part of my website
on and I didn't really know what
I was doing and I picked Azure
app service and I put it into
the Linux container up there.
Why would I use ACI and when
would I put it on my web
container? When I do that well,
I see is great for long running
workloads that would be like a
middle tier or or supporting
microservices as part of a
larger application that might
have a web app. Is the front end
that you would run on app
service. So it's really great
for. Taking care of that
kind of middle
infrastructure that is
kind of agnostic to a
programming model like a
web front end.
Also, if I put like dapper, that
would be a good thing for ACI.
Absolutely yeah. OK so then my
podcast though is got like SSL
shirts and it's really HTTP
traffic. That's kind of an app
service thing, so it makes more
sense for me. Yeah, app service
takes care of those things like
SSL termination and load
balancing on the front and your
domain name registration and
mapping. OK, but you said it was
serverless containers, but Azure
functions is serverless
functions and there's a
container runtime that I can get
that let's me run those
functions. But that's that's
different. When I use functions,
when I use ACI. Good question
functions is server list as
well. Functions is really
designed for kind of short run
event driven microservices. So
little tasks that are stateless
that pop in and out there get
get invoked through some
trigger, whereas with ACI you
can choose to have them be event
driven. But you can have them
sit there and be long running.
You can have them run for hours
or. Days or weeks or months. So
really they are kind of agnostic
to the way that you interact
with them, and so then are more
kind of flexible in general
purpose. I like that. So then
when you said originally that
serverless containers, that's
the best way to think about
this. It is just that I can have
serverless functions, kind of
units of work as a service. I
can have web apps as a service
on Azure Web apps, but this is
containers that I can spin up,
spin down, pay as I go, and then
if I outgrow them, I outgrow
them into the IIS ecosystem. So
I really have a lot of great
choices here. Yes, in fact
there is a cool integration
with IIS which is through
virtual kubelet which allows
you to create a serverless
Kubernetes cluster with ACI is
the back end for it. Wow, OK,
this is cool, so this is
enough talk. I want to see
some amazing demo, so I'm
going to switch to show your
screen. Alright. Alright Sir,
OK here we go.
So what I've got here is on a CI
Yaml file. This would specify
the deployment of a single image
container or single container.
Here you can see that here's the
image and what this I'm going to
go ahead and deploy this in a
minute. But what this container
does is accepts it images and
then does OCR on those images
and then reports back to text
through a simple Web API.
And you can see that I've got it
mapped internally. The image
itself to a port here and then.
I also specified through ACI
that I want to public IP address
and I also want that port to be
port 5000, so this way I'll be
able to interact with that
container instance from the web.
And so why don't we switch over
to the portal?
And I've got a cloud shell here.
I've got here.
An Azure CLI Command line. Here
you can see container create.
This is the ACI command to
create an ACI container based
off of that YAML. Here this is
going to pull down that image
and I'm going to go ahead and
launch that loops. I'm in the
wrong directory. Happens to
the best of us.
Azure cloud shell is great
'cause that easy tools just
right there takes no time at all
and it's available right there
at the top of the portal.
Yeah. And if we switch
over here. We got that ACI
container deployed and you can
see stats coming out of it so
it's monitoring metrics that
show up out of it.
And these things start up really
fast right now. I could use a VM
for kind of work like this, but
containers or easier there
lighter weight and there's a
whole tooling ecosystem around
them. So when I want to spend
something up fast and easy that
they see is a great choice.
Yeah, that's exactly right at
the pay as you go. It's billing
by the 2nd, so wow, it's and
also you can dynamically choose
the size of the container we go
back to that Yaml file. Let me
pull it up here. Oops.
Open the run Visual
Studio now words.
Here you can see actually that
I've got four CPUs, so is this a
four core with eight gig? But I
can pick whatever I need too,
and this is about what the size
I need to do that OCR machine
learning model to run that
efficiently. So that's the size
that I pick, but we could pick
something smaller or larger. I
even notice that restart policy,
they're saying restart on
failure, so that's super useful
as well. Being able to decide
when this workload starts and
stops? Yeah, that's that's
right, and actually that
highlights the fact that a lot
of people think that this is a
dev test service. This is
something where you just if you
want to play around with your
images to get them.
Running figure them out and then
go to something like a chaos to
actually deploy them for
production. Actually it is
designed for production and we
have customers that are running
for it in production. So things
like support for venetz support
for init containers which a lot
of customers have asked for. So
these kind of initialization
containers that run before your
main microservice container has
support for that which is
required for many production
scenarios. So Anet volume mounts
as well so you can Mount disks
to it. 2000 so you can have them
have managed date as well, so a
bunch of functionality here that
really make these general
purpose. And for many workloads
you can fully replace virtual
machines with. Yeah I wanted my
kids to stop running Minecraft
servers on my local machine here
so I just run him in ACI in the
per second billing. Makes it
really easy to spin up a
Minecraft server in the cloud,
but don't tell Azure, Yeah.
So why don't we go and take a
look at this container in
action? Just to prove to you
it's got this public IP address
here. If I can grab you got that
little bit, copy their icon
there too. On the right? Yeah,
they were. Publicly it copies
that public thing, so I'd have
to edit it anyway, so that
should go in your list of bugs.
You tell your friends actually
it actually. Oh
wow, so this is.
Got swagger definition for the
API that exposes here nice and
so you can see that it's got a
synchronous read where we can
try it out and upload an image.
And choose a file. I
love swagger UI is on
web APIs. So nice.
And. I've got a few files
in here Friday's coming over.
These are some of my favorite
books. Yeah, I understand other
option does films and I await
those films. They were the
options expired, so if anybody's
out there interested in making
really cool techno thriller
movie, check it out, excellent.
And then you can see down here
in the response that sure
enough, we got zero day as the.
As the OCR back from
container instance that was
really fast really cool.
But it gets even cooler actually
'cause. ACI's got integrations
with logic apps, and so you know
I was just sitting there
manually uploading an image, but
if we wanted something more
automated, this part of a larger
application where, for example,
we're dropping images into a
storage account and we want them
automatically OCR for us, you
can do that pretty simply to
using logic apps. So I've got
this logic app here and if I go
under the edit view, we can walk
through. The flow here.
So you can see when pictures
added or modified to blob
storage container will look at
that in a minute, captured the
filename, get the properties of
the container group, and then
there's this condition and that
get properties is calling.
Basically in the ACI connector
for logic apps, and the
condition is. Is there already a
container instance running?
And if there's not, then use
that ACI connector to go fire up
the ACI instance before
proceeding with the Workflow.
And if true, just proceed, which
is to get the picture content
from the storage account, send
it over HTTP to the container
instance, transform the HTTP
output that comes back to text,
and then store the text from the
OCR back into the storage
account. You know not to be too
much of Fanboy or fan person,
but that kind of demo is pure
money because people should not
be sleeping. How exciting it is
that you can spin up a container
for a few seconds in the middle
of a logic app workflow. You
really think about that business
logic as part of the larger
logic app. You get the benefits
of that great designer and then
you get to use that container
that you're probably already.
You've got the image for. You're
already running that container
somewhere internally. Put it up
in the cloud in the integration
is just chefs kiss, yeah.
And if we want to check a look
at this, take a look at this in
action. We can do uploaded blob,
so going to select another one
of those files. Let's pick that
one and upload.
If we go back to logic apps now
and will look at the run
history. Click on
it.
And then we want to go see the.
HTTP result like that.
Actually, there it is.
Attacks from the OCR that came
out of the container instance
going into that storage account.
That's so cool. What a great
integration. That's very clean.
And then finally the last part
of this demo is showing that you
can take the ACI container
instances and put them behind
web app front ends. Because we
were talking about app service,
does a bunch of nice things for
web front end? And then ACI
container can actually do some
of your middle tier workloads.
So we wanted to put a for
example web app front end on
front of a bunch of container
instances. We can do that, so
I've got this web app front end
here. Picture to text app.
An behind this web app front in,
or a bunch of container
instances. So when I choose a
file here in the front end, pick
another page. And submit it.
What's going to happen is that
that calls the ACI container app
with the and gets back to text.
An actual displays the image
that the text is coming from, so
you can see the last words here
are company never to go, and
then the OCR came back company
never to go.
So ACI now part of a larger
application sitting inside of
net along with the Web app front
end sitting in front of a load
balance behind a load balancer
in front behind a public IP
address with what you would
obviously want to do is put a
domain name on top of that and
now you got a full featured app
with microservices implemented
as serverless containers. That
is really cool, and see that
thinking back to my kind of like
initial naive usage of
containers on Azure, which is I
just took a website and I put it
on Azure app service. Now I
could see where the back end of
my app service could potentially
be. ACI I've got logic apps and
flow. And things like that
there's a lot that can be done
with this kind of these Lego
pieces that we can start putting
together in mixing and matching.
And then like we said before at
the beginning, if I outgrow
them, I'm going to outgrow them
into something like AKAKS and
then I get a whole
orchestration. That's right,
yeah, yeah, like I said, even
you can outgrow, you know, into
full blown a case where you're
dealing with the virtual
machines and deploying
containers. Virtual machines
where you can take that
intermediate step where how I do
need the orchestration. I want a
Kubernetes interface on top of
that orchestration and deploy
helm charts for example, but
with ACI based containers
underneath that. So I've got
basically a fully serverless
Kubernetes experience, because
AK S is serverless.
Control servers, and then I've
also got the Serverless back
end. Now I notice at the
beginning when you did the
command, you're doing a Etsy
container, but I understand that
we announced an integration with
Docker 'cause I'm used to using
docker images and Docker, this,
and that it can I do ACI from
the Docker Command line item or
use too? Actually, you can use
Docker directly, so it's in the
integration with Docker Desktop.
You can set a CI context using
the Docker desktop client and
then Docker run with that.
Context will launch the image
into ACI and then you can
interact with it as normal. Wow,
OK, everything is mixed in
Matchman Pluggable and
everything it can be plugged
together. Yeah, so that is that
does make it really convenient
to do depth tests with
containers. Is that doctor
integration, so it's not just
for dev test, we can use it for
prod. I can put any kind of
workload that makes me happy up
there, not just HTTP. I can make
these things quickly. I can spin
'em up, be billed per second,
spinning back down, and then I'm
using the container ecosystem.
That rich open source container
ecosystems, or whether it be tap
or any kind of thing I want to
put in there. I can. There
really is no reason not to use
ACI, is there? No, in fact it's
one of my favorite services just
for that reason, whenever I need
to launch an image or a few
images ACI to the rescue. Very
cool ACI for the recipe. That
should be the name of our our
series. This is the first of a
series of videos that we're
going to showcase. Some of those
serverless containers that we
can do in Azure with ACI. Thank
you so much for hanging out with
me and showing me this stuff,
Sir. Alright, well, thanks for
finally having that could help
you invite me back again soon.
Absolutely I am learning all
about ACI and serverless
containers today on Azure
Friday. Hey, thanks for watching
this episode of Azure.
Friday now I need you to like
it. Comment on it, tell your
friends, retweet it. Watch
more Azure Friday.
