Azure Container Apps Jobs in a secure Landing Zone
Published Dec 21 2023 11:13 AM 5,421 Views

Customers in their migration/modernization journey to cloud want to update their apps to be compatible with the cloud and rebuild the apps as microservices that involve tasks that run for a short time and deployed into a secure container infrastructure and ready for production. For these scenarios, Azure Container Apps Landing Zone Accelerator can help the users start with the best practices included to speed up their production process.


Azure Container Apps (ACA) Landing Zone Accelerator provides packaged design guidance on critical design areas with reference architecture backed by reference implementation to help users build and deploy containerized apps to Azure Container Apps in an enterprise landing zone design. Landing Zone Accelerator has been built on the lessons we learned with our customer engagements so you can leverage the design recommendations and considerations without reinventing the wheel.


Design Guidance is published for 4 critical design areas namely Identity, Networking, Security, Management and Operations.


Azure Container Apps is built on top of powerful open-source technologies like KEDA, Dapr, Kubernetes, envoy providing the easiest and quickest path to host the containerized workloads empowering developers to focus on the apps not exposed to the complexities of Kubernetes.


Jobs in Azure Container Apps

Azure Container Apps Jobs allow you to run containerized tasks that execute for a given duration and complete. You can use jobs to run tasks such as data processing, machine learning, or any scenario where on-demand processing is required.

For more information, see the following tutorials:

Job trigger types

There are three different types of triggers that start the job and below are the available triggers.

  • Manual jobs - Manual jobs are triggered on-demand using the Azure CLI, through the Azure portal or a request to the Azure Resource Manager API.
  • Scheduled Jobs - Scheduled jobs are triggered at specific times and can run repeatedly using Cron expressions to define schedules. They support the standard cron expression format with five fields for minute, hour, day of month, month, and day of week. Cron expressions in scheduled jobs are evaluated in Universal Time Coordinated (UTC). The following are examples of cron expressions:



0 */2 * * *

Runs every two hours.

0 0 * * *

Runs every day at midnight.

0 0 * * 0

Runs every Sunday at midnight.

0 0 1 * *

Runs on the first day of every month at midnight.


  • Event driven jobs

Event-driven jobs are triggered by events from supported custom scalers. Examples include like when a new message is added to a queue; a self-hosted GitHub Actions runner or Azure DevOps agent that runs when a new job is queued in a workflow or pipeline.

Reference Architecture

The reference implementation demonstrates the jobs feature within the context of Azure Container Apps landing zone accelerator, a secure baseline infrastructure architecture for a microservices workload deployed into Azure Container Apps. Specifically, this scenario addresses employing 3 types of Jobs, a manual triggered, a schedule triggered, and an event triggered one with basic functionality deploying Azure Container Apps Jobs into a virtual network with no public endpoint.




Jobs bicep implementation

The sample is deployed to Azure using a bicep template found at the root directory and named main.bicep. This, besides deploying the Service Bus namespace, deploys:

The Manual Container Apps Job

To deploy a manual triggered job in bicep you need to define a manualTriggerConfig at the configuration section of the container app and set the triggerType to 'Manual'.

The Scheduled Container Apps Job

Similar to the manual triggered job to deploy a scheduled one you need to define a scheduleTriggerConfig at the configuration section of the container app and set the triggerType to 'Schedule'

The Event triggered Container Apps Job

To deploy an event triggered job in bicep you need to define an eventTriggerConfig at the configuration section of the container app and set the triggerType to 'Event'.


To deploy the sample jobs apps into the Azure container apps in a secure landing zone, follow the below steps

  1. Deploy the secure baseline following the pre-requisites documentation.
  2. Since the Container Apps Environment is completely internal and the container registry is not available through the internet, you will need to perform the deployment steps for the container image steps through the VM jumphost at the spoke virtual network for which the ACR is available.
  3. Follow the deployment steps to build and push the container to ACR, deploy the jobs and when the deployment completes 4 additional resources namely 3 jobs and 1 service bus would be seen in the portal view.


To continuously monitor and observe the state of your app, you can utilize the built-in observability features like Log Streaming, Container Console, Azure Monitor metrics, Application logging, Azure Monitor Log Analytics and Azure Monitor alerts

In the landing zone accelerator, the receiver job in the sample app will poll the result queue for new messages. Once the processor has processed the incoming messages it will post them there.

To get the results, navigate to the execution logs and run the following query.





| where ContainerGroupName startswith 'lzaacajobs-receiver'

| project TimeGenerated, Log







ACA Landing Zone simplifies the process of running jobs at scale in a serverless containers environment. With the secure baseline, it provides a secure and compliant environment for running jobs.

To learn more, visit our official GitHub repository here with detailed step by step guidance to deploy the Jobs in a landing zone. We welcome your feedback and do submit an issue with your ideas.


A big thank you goes to @Konstantinos Pantos for contributing to the Jobs scenario in landing zone. 


If you like this blog post, be sure to share it with other people who may be interested to learn more about landing zone accelerators.


Version history
Last update:
‎Dec 21 2023 11:13 AM
Updated by: