← Back to Dashboard

Design 12: Container Instance (ACI)

Summary

This design implements Azure Container Instances (ACI) for running simple containers without Kubernetes.

Topology: The Container Group runs in a Spoke VNet (Delegated Subnet).

1. Key Design Decisions (ADR)

ADR-01: Compute

  • Decision: ACI.
  • Rationale: Fastest way to run a container. No cluster management.

ADR-02: Network

  • Decision: VNet Injection.
  • Rationale: Container needs to access Private IPs in Hub/Spoke.

2. High-Level Design (HLD)

+--------------+           +--------------------------+           +--------------+
|  Task        |           |        HUB VNet          |           |  SPOKE VNet  |
|  Scheduler   |           |      (Trigger)           |           |  (Worker)    |
+------+-------+           +------------+-------------+           +------+-------+
       |                                |                                |
       v                                | (Peering)                      |
+------+-------+                        v                                v
|  Logic App   |           +------------+-------------+           +------+-------+
|  (Orch)      |---------->| Private Endpoint         |<--------->|  ACI Group   |
+--------------+           | (Trigger)                |           |  (Python)    |
                           +--------------------------+           +------+-------+

3. Low-Level Design (LLD)

                               PRIMARY REGION (East US)
+-----------------------------------------------------------------------+
| HUB VNet: vnet-hub (10.0.0.0/16)                                      |
|   +-----------------------+                                           |
|   | Logic App             |                                           |
|   +-----------|-----------+                                           |
|               |                                                       |
|               v (Peering)                                             |
+---------------|-------------------------------------------------------+
                |
+---------------|-------------------------------------------------------+
| SPOKE VNet: vnet-aci-spoke (10.1.0.0/16)                              |
|   +-----------------------+                                           |
|   | Subnet: ACI           |                                           |
|   | (Delegated)           |                                           |
|   | [Container Group]     |                                           |
|   |   [Container 1]       |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

                               SECONDARY REGION (West US)
+-----------------------------------------------------------------------+
| DR STRATEGY                                                           |
|   +-----------------------+                                           |
|   | ACI Group (DR)        |                                           |
|   | (On-Demand)           |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

4. Component Rationale

  • Container Group: A pod-like structure. Can hold multiple containers sharing localhost.

5. Strategy: High Availability (HA)

  • Status: Low. If the node fails, container restarts.

6. Strategy: Disaster Recovery (DR)

  • Implementation: Redeploy.
  • Process: Script deployment to West US.

7. Strategy: Backup

  • Data: Use Azure Files mount for persistent data.

8. Strategy: Security

  • Network: Private IP only.

9. Well-Architected Framework Analysis

  • Reliability: Medium.
  • Security: High.
  • Cost Optimization: Medium. Per-second billing. Expensive for 24/7.
  • Operational Excellence: High.
  • Performance Efficiency: High.

10. Detailed Traffic Flow

1. Start: Logic App triggers.

2. Create: Calls ARM API to create ACI in Spoke.

3. Run: ACI pulls image, runs script.

4. Access: ACI connects to SQL in Hub via Peering.

5. Stop: ACI terminates.

11. Runbook: Deployment Guide (Azure Portal)

11. Runbook: Deployment Guide (Azure Portal)

Phase 1: Create Resource Group & VNet

1. Create Resource Group: rg-design12-aci. Region: East US.

2. Create VNet:

* Name: vnet-aci-spoke.

* Address space: 10.1.0.0/16.

* Subnet: snet-aci (10.1.1.0/24).

* *Note: This subnet will be delegated to Microsoft.ContainerInstance/containerGroups.*

3. Peering: Peer vnet-aci-spoke to vnet-hub.

Phase 2: Create Container Instance

1. Search: "Container instances" -> + Create.

2. Resource Group: rg-design12-aci.

3. Container name: aci-worker-01.

4. Region: East US.

5. Image Source: Quickstart images.

6. Image: mcr.microsoft.com/azuredocs/aci-helloworld:latest (Linux).

7. Networking Tab:

* Networking type: Private.

* Virtual network: vnet-aci-spoke.

* Subnet: snet-aci.

8. Advanced Tab:

* Restart policy: On failure.

9. Review + create -> Create.

Phase 3: Verify Connectivity

1. Go to the new ACI resource.

2. Overview -> Note the IP Address (e.g., 10.1.1.4).

3. Connect to a VM in the Hub (or peered Spoke).

4. Run curl http://10.1.1.4.

5. You should see the "Welcome to Azure Container Instances" HTML.

Phase 4: Clean Up (Optional)

1. ACI is billed per second. Delete the resource group when done to save money.