Blog Post

Startups at Microsoft
4 MIN READ

ACA vs AKS: Which Azure Service Is Better for Running Containers?

Rohit_Turambekar's avatar
May 10, 2023

In this blog post, we'll explore two of the most popular Azure services for running containerized applications: Azure Container Apps (ACA) and Azure Kubernetes Service (AKS). 

If you're a beginner or intermediate developer or IT professional looking to learn more about these services and how they compare, then you're in the right place. We'll be diving into the key differences between ACA and AKS, exploring their unique features, and discussing when it's best to use each one. 

 

As managed services, both ACA and AKS offer powerful tools for deploying and running containers on Azure. But as we'll see, they each have their own strengths and use cases. So, whether you're just starting out or looking to deepen your understanding of containerization on Azure, keep reading for our expert insights. 

 

 

 Here is a table that summarizes some key differences: 

 

Feature 

ACA 

AKS 

Kubernetes API access 

No 

Yes 

Cluster management 

Fully managed by Azure 

Partially managed by Azure 

Scaling 

Event-driven and automatic 

Manual or Automatic with autoscaler

Load balancing 

with Azure Load Balancer 

Available with Azure Load Balancer

Service discovery 

Available with Azure DNS

Available with Kubernetes DNS

Certificates 

Configurable

Configurable

Long-running processes 

Supported 

Supported 

Scale to zero 

Yes 

No (Yes with KEDA) 

Pricing model 

Per vCPU and memory per second 

Per node per hour  

 

As you can see, ACA is more app-centric and provides a simpler and more serverless experience than AKS. It is powered by Kubernetes and other open-source technologies like Dapr(Distributed Application Runtime ), KEDA(Kubernetes-based Event Driven Autoscaling), and Envoy, but it doesn't expose the underlying Kubernetes APIs or cluster management. It also supports event-driven architecture and scaling to zero. 

 

AKS, on the other hand, is more cluster-centric and provides more control and flexibility than ACA. It supports direct access to the Kubernetes API and runs any Kubernetes workload. The full cluster resides in your subscription, with the cluster configurations and operations within your control and responsibility. It also supports advanced scenarios like hybrid and multi-cloud deployments. 

 

One of the distinctive features of the AKS is using Virtual Nodes. The Virtual Node mechanism is a feature of Azure Kubernetes Service (AKS) that allows you to use Azure Container Instances (ACI) as a virtual node in an AKS cluster. This feature enables you to rapidly scale application workloads in an AKS cluster by providing quick provisioning of pods and only paying per second for their execution time. You don’t need to wait for Kubernetes cluster autoscaler to deploy VM compute nodes to run more pods. To support communication between pods that run in ACI and the AKS cluster, a virtual network subnet is created and delegated permissions are assigned. Virtual nodes only work with AKS clusters created using advanced networking (Azure CNI). By default, AKS clusters are created with basic networking (kubenet). 

 

Scale to zero 

 

Azure Container Apps automatically scales HTTP traffic to zero. However, to scale non-HTTP traffic (like Dapr pub/sub and bindings), you can use KEDA scalers to scale your application and its Dapr sidecar up and down, based on the number of pending inbound events and messages. 

 

On the other hand, Azure Kubernetes Service (AKS) does not support scaling to zero natively. You can manually scale your application or use metric-based scaling. However, with using KEDA (Kubernetes-based Event Driven Autoscaling)   with AKS can scale the deployment to zero when no messages are pending processing. When a message arrives, KEDA detects this event and activates the deployment. 

 

How to choose between ACA and AKS 

 

The choice between ACA and AKS depends on several factors, such as: 

- The complexity of your application 

- The level of customization you need 

- The scalability requirements 

- The budget constraints 

- The skill level of your team 

 

Here are some general guidelines to help you decide: 

 

- Use ACA if you want a simple, serverless, and event-driven way to run containers on Azure. ACA is ideal for stateless applications that can scale up and down quickly based on demand, but also you can run stateful apps as well. You don't need to worry about managing clusters or configuring load balancers, service discovery, or certificates. You can also leverage various event sources like HTTP triggers, Azure Event Grid, Azure Service Bus, or Kafka to trigger your containers. 

 

- Starting with brand-new development - Dapr (Distributed Application Runtime) can be integrated with ACA to provide additional capabilities for building cloud-native applications. For example, Dapr offers an approach for solving common problems more easily by providing its core capabilities as a set of building blocks for example Service-to-service invocation, State management, Pub/sub, Observability etc. 

 

- Use AKS if you want a full-fledged Kubernetes platform that gives you more control and flexibility over your containerized applications. AKS is ideal for complex applications that require stateful components, custom networking, or advanced security features. You can also run any Kubernetes workload on AKS, such as microservices, batch jobs, machine learning models, or serverless functions. 

 

Of course, these are not hard-and-fast rules. You can also use both ACA and AKS together for different parts of your application. For example, you can use ACA for the front-end web app that scales dynamically based on user traffic and use AKS for the back end microservices that require persistent storage and custom networking. 

 

Conclusion 

 

ACA and AKS are two powerful Azure services for running containerized applications. They have different features and use cases that suit different scenarios. In this blog post, I compared them based on several criteria and gave some tips on how to choose between them. 

 

For more information about ACA and AKS, you can check out these links: 

 

- [Azure Container Apps documentation]( https://docs.microsoft.com/azure/container-apps/) 

- [Azure Kubernetes Service documentation]( https://docs.microsoft.com/azure/aks/) 

- [Comparing Container Apps with other Azure container options]( https://learn.microsoft.com/azure/container-apps/compare-options) 

- [Choose an Azure compute service]( https://docs.microsoft.com/azure/architecture/guide/technology-choices/compute-decision-tree) 

 

 

 

 

Updated May 18, 2023
Version 3.0
  • sunil925's avatar
    sunil925
    Copper Contributor

    Thank you for the detailed explanation Rohit_Turambekar 

     

    I have question, with Azure Container Apps(ACA), is the networking going to Public? I mean in AKS we have a concept of Private Cluster, in ACA do we have such a feature to make it private?

     

    In my organisation we always follow Private network approach, AKS Private Cluster with Private endpoints for connecting to the other services, While the ACA is extremely interesting, we just have this one thing mind before we proceed.

     

    Please help me understand.

  • Raju_RH's avatar
    Raju_RH
    Copper Contributor

    sunil925 you can configure your container apps with the accessibility level of the Internal which sets the environment has no public endpoint. Internal environments are deployed with a virtual IP (VIP) mapped to an internal IP address. 

  • KFahmy's avatar
    KFahmy
    Copper Contributor

    Thanks for this great article , but about the security comparison between both .. I would be interested to know from the isolation perspective.