Container groups in Azure Container Instances
The top-level resource in Azure Container Instances is the container group. This article describes what container groups are and the types of scenarios they enable.
How a container group works
A container group is a collection of containers that get scheduled on the same host machine. The containers in a container group share a lifecycle, resources, local network, and storage volumes. It's similar in concept to a pod in Kubernetes.
The following diagram shows an example of a container group that includes multiple containers:
This example container group:
- Is scheduled on a single host machine.
- Is assigned a DNS name label.
- Exposes a single public IP address, with one exposed port.
- Consists of two containers. One container listens on port 80, while the other listens on port 5000.
- Includes two Azure file shares as volume mounts, and each container mounts one of the shares locally.
Multi-container groups currently support only Linux containers. For Windows containers, Azure Container Instances only supports deployment of a single instance. While we are working to bring all features to Windows containers, you can find current platform differences in the service Overview.
Here are two common ways to deploy a multi-container group: use a Resource Manager template or a YAML file. A Resource Manager template is recommended when you need to deploy additional Azure service resources (for example, an Azure Files share) when you deploy the container instances. Due to the YAML format's more concise nature, a YAML file is recommended when your deployment includes only container instances.
To preserve a container group's configuration, you can export the configuration to a YAML file by using the Azure CLI command az container export. Export allows you to store your container group configurations in version control for "configuration as code." Or, use the exported file as a starting point when developing a new configuration in YAML.
Azure Container Instances allocates resources such as CPUs, memory, and optionally GPUs (preview) to a container group by adding the resource requests of the instances in the group. Taking CPU resources as an example, if you create a container group with two instances, each requesting 1 CPU, then the container group is allocated 2 CPUs.
The maximum resources available for a container group depend on the Azure region used for the deployment.
Container resource requests and limits
By default, container instances in a group share the requested resources of the group. In a group with two instances each requesting 1 CPU, the group as whole has access to 2 CPUs. Each instance can use up to the 2 CPUs and the instances may compete for CPU resource while they are running.
To limit resource usage by an instance in a group, optionally set a resource limit for the instance. In a group with two instances requesting 1 CPU, one of your containers might require more CPUs to run than the other.
In this scenario, you could set a resource limit of 0.5 CPU for one instance, and a limit of 2 CPUs for the second. This configuration limits the first container's resource usage to 0.5 CPU, allowing the second container to use up to the full 2 CPUs if available.
For more information, see the ResourceRequirements property in the container groups REST API.
Minimum and maximum allocation
Allocate a minimum of 1 CPU and 1 GB of memory to a container group. Individual container instances within a group can be provisioned with less than 1 CPU and 1 GB of memory.
For the maximum resources in a container group, see the resource availability for Azure Container Instances in the deployment region.
Container groups share an IP address and a port namespace on that IP address. To enable external clients to reach a container within the group, you must expose the port on the IP address and from the container. Because containers within the group share a port namespace, port mapping isn't supported. Containers within a group can reach each other via localhost on the ports that they have exposed, even if those ports aren't exposed externally on the group's IP address.
Optionally deploy container groups into an Azure virtual network (preview) to allow containers to communicate securely with other resources in the virtual network.
You can specify external volumes to mount within a container group. You can map those volumes into specific paths within the individual containers in a group.
Multi-container groups are useful in cases where you want to divide a single functional task into a small number of container images. These images can then be delivered by different teams and have separate resource requirements.
Example usage could include:
- A container serving a web application and a container pulling the latest content from source control.
- An application container and a logging container. The logging container collects the logs and metrics output by the main application and writes them to long-term storage.
- An application container and a monitoring container. The monitoring container periodically makes a request to the application to ensure that it's running and responding correctly, and raises an alert if it's not.
- A front-end container and a back-end container. The front end might serve a web application, with the back end running a service to retrieve data.
Learn how to deploy a multi-container container group with an Azure Resource Manager template: