Transforming Enterprise AKS: Multi-Tenancy at Scale with Agentic AI and Semantic Kernel
In this post, I’ll show how you can deploy an AI Agent on Azure Kubernetes Service (AKS) using a multi-tenant approach that maximizes both security and cost efficiency. By isolating each tenant’s agent instance within the cluster and ensuring that every agent has access only to its designated Azure Blob Storage container, cross-tenant data leakage risks are eliminated. This model allows you to allocate compute and storage resources per tenant, optimizing usage and spending while maintaining strong data segregation and operational flexibility—key requirements for scalable, enterprise-grade AI applications.Azure Kubernetes Service Baseline - The Hard Way
Are you ready to tackle Kubernetes on Azure like a pro? Embark on the “AKS Baseline - The Hard Way” and prepare for a journey that’s likely to be a mix of command line, detective work and revelations. This is a serious endeavour that will equip you with deep insights and substantial knowledge. As you navigate through the intricacies of Azure, you’ll not only face challenges but also accumulate a wealth of learning that will sharpen your skills and broaden your understanding of cloud infrastructure. Get set for an enriching experience that’s all about mastering the ins and outs of Azure Kubernetes Service!
How to remove secrets from Container Apps linked to ACR
Azure Container Apps allows your application to securely store sensitive configuration values. Once secrets are defined at the application level, secured values are available to revisions in your container apps. Additionally, you can reference secured values inside scale rules. This blog provides a detailed, step-by-step procedure for removing secrets associated with an Azure Container Registry (ACR). In this example, we will walk through the process of creating a Container App with an image reference from the ACR, which automatically generates a secret. We will then attempt to remove this secret and observe its behaviour throughout the process. Secrets are scoped to an application, outside of any specific revision of an application. Adding, removing, or changing secrets doesn't generate new revisions. Each application revision can reference one or more secrets. Multiple revisions can reference the same secret(s). An updated or deleted secret doesn't automatically affect existing revisions in your app. When a secret is updated or deleted, you can respond to changes in one of two ways: Deploy a new revision. Restart an existing revision. Before you delete a secret, deploy a new revision that no longer references the old secret. Then deactivate all revisions that reference the secret. Create an Azure Container Registry: az acr create \ --name "$CONTAINER_REGISTRY_NAME"\ --resource-group "$RESOURCE_GROUP"\ --location "$LOCATION"\ --sku Basic \ --admin-enabled true Explanation: This command creates an Azure Container Registry (ACR) with the specified name, resource group and location. The --sku Basic specifies the pricing tier for the registry, and --admin-enabled true enables admin access to the registry. Build and push image from a Dockerfile. Now use Azure Container Registry to build and push an image. First, create a local working directory and then create a Dockerfile named Dockerfile with the single line: FROM mcr.microsoft.com/hello-world. This is a simple example to build a Linux container image from the hello-world image hosted at Microsoft Container Registry. You can create your own standard Dockerfile and build images for other platforms. If you are working at a bash shell, create the Dockerfile with the following command: echo "FROM mcr.microsoft.com/hello-world" > Dockerfile Run the az acr build command, which builds the image and, after the image is successfully built, pushes it to your registry. The following example builds and pushes the sample/hello-world:v1 image. The . at the end of the command sets the location of the Dockerfile, in this case the current directory. az acr build --image sample/hello-world:v1 \ --registry myContainerRegistry008 \ --file Dockerfile . Create and Deploy the Container App from ACR Create and deploy your container app with the containerapp up command. This command will: Create the resource group Create the Container Apps environment Create the Log Analytics workspace Create and deploy the container app using a public container image Note that if any of these resources already exist, the command will use them instead of creating new ones. az containerapp up \ --name my-container-app \ --resource-group my-container-apps \ --location centralus \ --environment 'my-container-apps' \ --image azuredockerregistry.azurecr.io/image:latest \ --target-port 80 \ --ingress external \ --query properties.configuration.ingress.fqdn 1. Once the Container App gets created , check if there are any secrets added to your container app. 2. If you attempt to delete an existing secret and encounter an error, it's because there is a running revision that still references the secret. 3. In this case, ensure you deactivate all existing revisions that reference the secret and create a new revision that references an image from a public repository (e.g., docker.io). 4. After verifying that there are no references to secrets in existing revisions, you can use the `az containerapp registry remove` command to remove a registry associated with your container app. az containerapp registry remove -n MyContainerapp -g MyResourceGroup --server MyContainerappRegistry.azurecr.io If successful, the command will return "Registry Successfully Removed." 5. Upon checking the "Secrets" section in the portal you should see the secret removed. 6. If you continue to see secrets in the portal UI even after following the above steps, now try deleting the secrets directly using the delete option in the portal. It's crucial to manage secrets carefully to maintain the security and integrity of your Azure Container Apps and associated resources. !!HAPPY LEARNING !!
Leveraging Azure Container Apps Labels for Environment-based Routing and Feature Testing
Azure Container Apps offers a powerful feature through labels and traffic splitting that can help developers easily manage multiple versions of an app, route traffic based on different environments, and enable controlled feature testing without disrupting live users. In this blog, we'll walk through a practical scenario where we deploy an experimental feature in a staging revision, test it with internal developers, and then switch the feature to production once it’s validated. We'll use Azure Container Apps labels and traffic splitting to achieve this seamless deployment process.Azure Container Apps Jobs in a secure Landing Zone
Are you looking for deploying your microservices containerized workloads with short run tasks triggered by events or based on a schedule or by other service with a production grade infrastructure? Then, look no further and dive deep into this article about Azure Container Apps Landing Zone Accelerator that helps to build and deploy containerized workloads faster to production. The new scenario covers about the ACA Jobs feature with a sample application demonstrating all the three different trigger types.Announcing support of OCI v1.1 specification in Azure Container Registry
Azure Container Registry announces support for the latest stable release v1.1.0, which provides a production-ready support for OCI artifacts in addition to container images. By supporting the new version of OCI, ACR can store, distribute, and discover non-container content as OCI artifacts in addition to container images, which expands the possibilities of what can be stored in a container registry.Announcing Notation Azure Key Vault plugin v1.0 for signing container images
As container adoption continues to grow, there is more scrutiny than ever on container supply chains. A container image from an unknown source could include vulnerabilities and malicious code injected by bad actors. To mitigate container supply chain threats, enterprises and open-source communities are exploring safeguards. Signing container images enables software consumers to detect tampering and ensure the authenticity of the containerized workloads.
Building a SaaS Application on Azure AKS with Github Actions
AKS is key to building multi-tenant SaaS solutions on Azure. On this blog we will explain SaaS infrastructure requirements and see how AKS can help address these requirements. Finally we will demonstrate how a SaaS tenant onboarding can be automated with configuration with GitHub actions.
