You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Containers have become the standard unit of deployment for modern cloud applications. Microsoft Azure offers a rich set of container services that span the full spectrum of complexity — from running a single container with no infrastructure to manage, to operating enterprise-grade Kubernetes clusters at scale. This lesson introduces the Azure container ecosystem, explains when you would use each service, and maps out the journey ahead.
Containers solve the "it works on my machine" problem by packaging an application together with its dependencies, libraries, and configuration into a single portable image. Running containers in the cloud adds further benefits:
Azure provides four core container services. Each targets a different level of operational complexity and control.
+--------------------------------------------------------------+
| Azure Container Services |
|--------------------------------------------------------------|
| |
| Low complexity High complexity |
| Less control Full control |
| |
| +--------+ +---------+ +-----------+ +--------+ |
| | ACI | |Container| | AKS | | AKS | |
| | | | Apps | | (managed) | |(custom)| |
| +--------+ +---------+ +-----------+ +--------+ |
| |
+--------------------------------------------------------------+
ACR is a managed Docker registry for storing and distributing container images. It is not a compute service — it is the image store that all other container services pull from. ACR supports OCI images and Helm charts, integrates with Azure Entra ID for authentication, and offers geo-replication for multi-region deployments.
ACI is the simplest way to run a container on Azure. You provide an image, specify CPU and memory, and Azure runs it — no virtual machines to provision, no orchestrator to configure. ACI is ideal for:
AKS is a managed Kubernetes cluster. Azure handles the control plane (API server, etcd, scheduler), while you manage the worker nodes and your application workloads. AKS is the right choice when you need:
Container Apps is a serverless container platform built on top of Kubernetes (and the open-source KEDA and Dapr projects) but without exposing the Kubernetes API. It provides:
| Feature | ACI | Container Apps | AKS |
|---|---|---|---|
| Complexity | Very low | Low–medium | Medium–high |
| Scaling | Manual (container groups) | Automatic (0 to N) | Automatic (HPA, KEDA, cluster autoscaler) |
| Pricing model | Per-second (vCPU + memory) | Per-second (vCPU + memory) | VM node costs + optional add-ons |
| Best for | Short-lived tasks, burst compute | Microservices, APIs, event-driven apps | Complex workloads, full K8s control |
| Kubernetes knowledge | Not required | Not required | Required |
| Persistent storage | Azure Files (limited) | Azure Files | Azure Disks, Azure Files, CSI drivers |
| Networking | VNet injection available | Managed VNet, custom VNet | Full VNet integration, CNI options |
| Ingress | Public IP or DNS label | Built-in Envoy-based ingress | Ingress controllers (NGINX, App Gateway) |
Beyond the core four, several Azure services complement container workloads:
| Service | Role |
|---|---|
| Azure Container Registry (ACR) | Store and manage container images |
| Azure Monitor / Container Insights | Metrics, logs, and diagnostics |
| Azure Key Vault | Secrets, certificates, and encryption keys |
| Azure Entra ID | Identity and access management |
| Azure Policy | Governance and compliance for clusters |
| Microsoft Defender for Containers | Image scanning and runtime protection |
| Azure DevOps / GitHub Actions | CI/CD pipelines for building and deploying |
A typical containerised architecture on Azure might look like this:
Developer
|
| git push
v
GitHub Actions / Azure DevOps
|
| docker build & push
v
Azure Container Registry (ACR)
|
+-----> Azure Container Apps (APIs, web apps)
|
+-----> AKS (complex microservices)
|
+-----> ACI (batch jobs, CI agents)
Images are built in CI/CD, pushed to ACR, and then pulled by whichever compute service is most appropriate for the workload.
Use this decision tree as a starting point:
There is no single "best" service — the right choice depends on your team's Kubernetes expertise, the complexity of your workloads, and your operational preferences.
All four container services are available in most Azure regions. For production workloads, consider:
| Service | Cost driver | Tip |
|---|---|---|
| ACI | Per-second CPU + memory | Use spot containers for fault-tolerant batch jobs |
| Container Apps | Per-second CPU + memory (consumption plan) or dedicated plan | Scale to zero when idle to minimise costs |
| AKS | Underlying VM node costs | Use the cluster autoscaler and spot node pools |
| ACR | Storage + data transfer + build minutes | Use lifecycle policies to purge old images |
Over the next nine lessons, you will explore each service in depth:
| Lesson | Focus |
|---|---|
| Azure Container Registry (ACR) | Building, storing, and securing images |
| Azure Container Instances (ACI) | Running single containers and container groups |
| Introduction to AKS | Cluster architecture and deployment basics |
| AKS Cluster Configuration | Node pools, scaling, and upgrades |
| AKS Networking and Ingress | CNI, services, ingress controllers |
| AKS Storage and Persistence | Volumes, persistent volume claims, CSI drivers |
| Azure Container Apps | Serverless containers, revisions, scaling rules |
| ACI vs AKS vs Container Apps | Decision framework and migration paths |
| Container Security on Azure | Image scanning, runtime protection, network policies |