Azure anywhere: Arc adds App Service, Function apps, Event Grid and more to on-premises Kubernetes

Build At its virtual Build 2021 event, Microsoft has introduced features in Arc, its hybrid-cloud system for centralized management of Kubernetes clusters and other services, that will now run selected Azure services on-premises, including App Service, Logic Apps, and Function Apps.

Azure Arc is not exclusively about Kubernetes. As the docs explain, Arc is about "projecting your existing non-Azure, on-premises, or other cloud resources into Azure Resource Manager." This means that the Azure portal becomes a dashboard for IT resources wherever they happen to be running. Currently this includes servers (physical and virtual), Kubernetes clusters, and Azure data services (Azure SQL or PostgreSQL).

Kubernetes plays a special role in this respect, because it is infrastructure on which other services run. The biggest Arc news is that App Services will now run (in preview) on Kubernetes via Arc, as will selected other services: function apps, logic apps, Event Grid, and API Management.

App Services are one of Azure's oldest and most useful offerings. A web app, for example, can run a Docker container, or code on a managed runtime stack with options including .NET, Java, Node, PHP, Python, or Ruby in various versions.

An App Service can scale from free tier (60 minutes per day) to high-spec virtual machines, and scale manually or automatically to up to 30 instances, or up to 100 instances in a premium "isolated plan." If the goal is to deploy an application with scaleable performance and a minimum of infrastructure management, App Services is Microsoft's solution.

"We're announcing the preview of Azure Arc-enabled application services," Microsoft's Azure General Manager Arpan Shah told The Register, "that run in any hybrid or multi-cloud environment. A developer can take advantage of Azure PaaS (platform as a service) services and have them run anywhere." There are more details in VP Gabe Monroy's official blog post.

Getting into a Kubernetes cluster

The way this works at a high level is that a customer will install a Kubernetes cluster, whether on-premises or at a hosting provider or non-Azure cloud, ensure ports 443 and 9418 are open outbound, and install the Azure CLI and an extension called connectedk8s.

It is then possible to register Microsoft providers, aka agents, which enables an Azure CLI command that will Arc-enable the Kubernetes cluster. Once connected, the cluster appears in the Azure portal as if it were an Azure region, and administrators can select it and install services on it in the normal way.

"It works on any CNCF-conforming Kubernetes," Shah told us, CNCF being the foundation that hosts the Kubernetes project. That said, at Build, Microsoft also stated that Azure Kubernetes Service (AKS) is now generally available on-premises via Azure Stack HCI (its hyperconverged infrastructure), or on Windows Server 2019 Datacenter. The choice then, for users going this route, is either to manage Kubernetes independently or have Microsoft manage it as an AKS cluster.

• Infrastructure cloud market $11bn higher than a year ago as AWS and Microsoft get fatter and fatter
• Bumper third quarter for Microsoft as Azure revenue grows 50% year on year
• Microsoft previews Windows Server 2022: Someone took a spanner to core plumbing features
• The ghosts of Microsoft SQL Server past, present, and yet to come: The Reg chats to Azure Data man Rohan Kumar

The pricing is not altogether finalized, but broadly the idea is that users pay for the Azure services they run on Arc. The Azure control plane is free, except for a small charge for Azure automation change tracking, and per-vCPU charge for configuration using GitOps, if this is used.

Azure services, such as App Services, will be billed according to the selected service plan in the same way as Microsoft's cloud, though with lower prices to reflect the fact that the customer is paying for the infrastructure. AKS on Azure Stack HCI on the other hand is billed per vCPU of running worker nodes, currently at $1.33 per vCPU per day, but with no extra charges for Arc or for configuration using GitOps.

One intriguing aspect of this is that it makes sense for Microsoft to use Kubernetes on its cloud as well as in these hybrid scenarios, in order to minimize the differences for things like App Services.

"In the case of Azure, in the case of these applications services, that is what they're doing," Shah told us. "You don't have to pick between, do I use Kubernetes and get the portability, or do I use Azure PaaS services. They're one and the same."

You can depend on us

Does an Azure service running on-premises retain a dependency on Azure, such that if Microsoft's cloud had an outage, the service on-premises would stop running?

"The most important thing is that in the case of either an outage or a broken internet connection, the customer's workload continues to run," a Microsoft spokesperson told us.

"The Azure management services that are delivered from Azure, such as Azure Monitor or Azure Policy, are built to withstand a disruption and will continue to work once the service or connectivity is restored. Additionally, Azure Stack HCI is built with an onboard management context through Windows Admin Center that can be used locally in these circumstances."

In the case of either an outage or a broken internet connection, the customer's workload continues to run

We also asked for clarification of the GitOps workflow. "Azure Arc enabled Kubernetes leverages Flux, a popular open-source tool (CNCF incubation project) in the GitOps space," we were told.

"The Kubernetes manifests that declare the applications and cluster configurations for a Kubernetes cluster come directly from the Git repository and are applied by Flux to the cluster. The Flux operator deployed on the cluster monitors the repo for any changes and then automatically updates the cluster with the changes."

Enabling this starts with creating a source control configuration resource in Azure Resource Manger for an Arc-connected cluster. "The source control configuration resource properties are used to deploy the Flux operator on the cluster with the appropriate parameters, such as the Git repo from which to pull manifests and the polling interval to check for changes in the repo," we were told.

According to analyst Nick McQuire at CCS Insight: "We expect that in the next few years, over 40 per cent of large firms will continue to run more than 40 per cent of their IT workloads on premises which means that the role of Azure Arc continues to be fundamental for Microsoft’s future in addressing this complexity and its long term fortunes in cloud computing as well." He sees the Arc enhancements as meeting "the demand for greater integrations between its investments in Kubernetes along with its Azure services." ®