The core component of the CaaS service from Microsoft is the Azure Container Engine, whose source code is available under the Open Source License on Github. The Azure Container Engine acts as a template generator that creates templates for the Azure Resource Manager (ARM). These can be managed using an API with one of the following orchestration tools: Docker Swarm, DC / OS and Kubernetes (since February 2017).
The choice of orchestrator depends primarily on the features available to ACS users when operating containment applications in the Azure cloud.
Mesosphere’s DC/OS Cluster Manager is part of the Azure Container Service, and needs to be combined with the orchestration platform Marathon to be used. This kind of structure provides users with the following functional spectrum:
- Web-based user interface: Administrating container clusters is done using Marathon’s web-based user interface orchestration.
- High availability:Marathon is run as an active/passive cluster. For each active node, a fully redundant passive node is provided, which can take over the tasks of a failed node should one appear.
- Service discovery and load balancing:DC/OS uses Marathon LB to provide a HAproxy-based load balancer and uses Mesos DNS, a DSN service-based discovery tool.
- Health checks: The status of an application can be queried through Marathon via http or TCP. Monitoring functions are available through a REST API, the command line or the web-based user interface.
- Notification service: Those using DC/OS with Marathon in the Azure cloud have the option to reserve an HTTP endpoint for event-related notifications.
- Application groups: On request, containers can be grouped into so-called “pods,” which can be managed as self-contained units.
- Rule-based deployment: Restrictions allow you to define precisely where and how applications are distributed into the cluster.
In the Docker-Swarm version, ACS relies on the Docker stack, using the same open source technologies as the Dockers Universal Control Place (a basic component of the Docker Datacenter). Implemented in the Azure Container Service, Docker Swarm provides the following functionality for scaling and orchestrating container applications:
- Docker Compose: Docker’s solution for multi-container applications allows multiple containers to be linked together and centrally managed with a single command. Any number of containers, including all dependencies, are outlined in a control file based on the award language YAML.
- Control via the command line: The Docker CLI (command line interface) and the multi-container tool Docker Compose enable the direct administration of container clusters via the command line.
- REST API: The Docker Remote API provides access to various third-party Docker ecosystem tools.
- Rule-based Deployment: The distribution of Docker containers in the cluster can be managed using labels and restrictions.
- Service Discovery:Docker Swarm offers users a diverse range of service discovery functions.
Since February 2017, ACS users have also been able to access the orchestrator Kubernetes to automate administrating container applications, as well as deploying and scaling Azure clusters. Thanks to an implementation by ACS, Kubernetes provides all basic functions listed in the Google Container Engine section.
ACS is also integrated directly into the Azure cloud service:
- Azure Portal and Azure CLI 2.0:Users configure container clusters using the Azure portal – the central user interface for the cloud platform – or the command line interface Azure CLI 2.0.
- Azure Container Registry: The Azure Container Registry also provides Microsoft users with a private repository to deploy Docker images.
- Operations Management Suite (OMS): Monitoring and logging options for container services are provided by Microsoft Operations Management Suite (OMS).
- Azure Stack:Azure Stack can be used to help create a container operation in hybrid cloud environments.
Additionally, Microsoft has extended the ACS to include CI/CD (continuous integration and deployment) capabilities for multi-container applications, designed with Visual Studio Team Services, or the open source tool Visual Studio Code.
Identity and access management are controlled by Active Directory, whose basic functions are available free of charge to users up to a limit of 500,000 directory objects. Similar to Amazon ECS, the Azure Container Servicedoes not incur any costs for using the container tools. Fees are only charged for using the infrastructure.
An overview of the Microsoft Azure Container Service