5 Azure Container Apps Features Made Generally Available And What You Can Do With Them

Secrets Volume Mounts

As we've been doing this in Kubernetes for a long time, we can now mount the secret values to our containers as files in a volume. This gets very useful when trying to avoid environment variables but also don't want to call a third-party API during startup and make your application key store aware. Your app depends on a file containing secrets in a folder it expects to be there.

If you're interested in where this comes from, read the official Kubernetes documentation on Secrets. Jeff Geerling also has a short blog post explaining how it is done in Kubernetes.

The announcement is here.

Azure Key Vault References For Secrets

Finally, in GA, this is a very big one. This has been a feature of Azure App Configs for a long time and other Azure services. Great to see that it makes GA.

How does this benefit you? You don't need to connect to Azure Key Vault directly from your app (or Dapr sidecar) to retrieve the secrets. That would make your app dependent on Key Vault, which is not a bad thing, but also not ideal. Now the platform does it for you and injects it as a secret. This is part of the Secrets platform and uses the Container App's Managed Identity to go and fetch the secrets. You just need to reference the KV path in your secret store.

Here's the link for the announcement.

Init Containers

Init containers are mainly used as bootstrappers: When you want to accomplish a few things but you don't want your replica to wake up yet, you have an init container that wakes up and does it for you. Rather than doing this within every container image, you do the initialisation in your init container. It's very useful. It not just reduces clutter but also allows you to make sure it runs before any of your containers. It isn't easy to accomplish this across many containers in the replica and keep it in sync without init containers.

Check out the announcement for more details.

I have to admit; I didn't know this wasn't supported. It was a surprise for me to see it's now in GA.

Now you can define more CORS rules to allow other URLs to access your Web Apps or APIs. This comes in handy in most situations and is also one of the most hated security measures of modern web/app development. Nonetheless, it's necessary, and now we have the means to accomplish this in Container Apps.

Here's the link for more details.

Session Affinity

When you can't avoid making Stateful apps despite your best efforts, you'll quickly realise what a bliss it was when we made all the apps that way (just kidding). Back in the day, you could do it via F5 load balancers (yes, I'm that old) and make the same user's requests end up at the same server because you kept the state there. You could do this on Azure App Gateways and Front Doors for a long time, and App Services and Functions also supported this.

Now also Container Apps do. Check out the announcement.