Yo dawg, I heard you liked containers so I put a container inside your container!
In all seriousness though, I wonder if this could solve one of our issues of running mutli-container apps in Azure, which is currently causing us some trouble in regards to VNETs and Private Endpoints. I’m sure it’s likely because we should be using Kubernetes or similar, or at the very least have someone who knows how to actually set the Ops part of DevOps up better than we currently do. Long story short, those things won’t realistically happen, and if we could solve them by running multiple podmans inside a docker docker-container deployed as an azure app then we could likely fix our security issues of not being able to setup VNETs and PEs on multi-container apps because it’s been a “up-coming” feature for at least a year.
I’d be interested to know your thoughts on it. The efficiency doesn’t matter as much, our workloads are around 1-5% of our Azure budget which is basically a blip on the bigger budgets.
Are you running the multi-container apps under App Service?
Yes, with the docker compose option.
Container-in-container also pushes a number of responsibilities from the the App Service down into the head container, like ingress, service management, health, logging etc. You might as well run compose/swarm on your own VM(s) than reinvent those wheels.
AKS + kompose might be a not too bad option. AKS can deploy on the private vnet and can do private endpoints. The cluster will probably fall over once a year for but it will mostly manage itself. If you leave k8s to auto upgrade, run a microk8s instance as a test env somewhere and it will hit the upgrade issues before AKS releases a k8s version.
- https://github.com/kubernetes/kompose
- https://learn.microsoft.com/en-us/azure/aks/private-clusters...