azureazure-web-app-serviceazure-web-app-for-containers

Azure Web App for Containers managed identity and non-web applications


We are looking for a way to deploy one or two long-running containers in Azure. after considering ACI (more suitable for short lived workloads) and AKS (too much overhead for running a single container?) we've decided to go with Azure Web App for Containers We are left with the following questions on this service:

  1. Non-web containers - Is it suitable for running generic non-web application containers? for example, can it listen and expose ports/protocols other than http/s, can it run cron jobs that trigger an outbound non-http TCP connection?
  2. Managed identity - Will the container be able to leverage managed identity set for the app service, for example to access Azure Key Vault secrets, or other PaaS services that support MI?

Solution

    1. Non-web containers - Is it suitable for running generic non-web application containers? for example, can it listen and expose ports/protocols other than http/s, can it run cron jobs that trigger an outbound non-http TCP connection?

    No, Azure Web App only can expose on port and it must be one of 80 and 443. And as I know, it's not suitable to run cron jobs.

    1. Managed identity - Will the container be able to leverage the managed identity set for the app service, for example, to access Azure Key Vault secrets or other PaaS services that support MI?

    Yes, Azure Web App support Managed Identity to access other resources such as Azure Key Vault secrets that support the Managed Identity.