Support for Azure function Apps to run in a container app environment

[Phiph]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

Hi there!

With the new https://github.com/Azure/azure-functions-dapr-extension I'd like to be able to deploy an azure function container to be able to target a container app environment.

The current implementation is in preview, but sounds very promising for those using the Dapr Runtime.

see https://github.com/Azure/azure-functions-dapr-extension/pull/165/files for bicep examples of how the AzureRm handles this at the moment.

New or Affected Resource(s)/Data Source(s)

azurerm_linux_function_app

Potential Terraform Configuration

resource "azurerm_linux_function_app" "example" {
  name                = "example-linux-function-app"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location

  storage_account_name       = azurerm_storage_account.example.name
  storage_account_access_key = azurerm_storage_account.example.primary_access_key
  container_app_environment            = azurerm_container_app_environment.example.id

  site_config {}
}

References

https://github.com/Azure/azure-functions-dapr-extension/pull/165/

[xiaxyi]

Thanks @Phiph for raising this issue, I'm working on this task, will update the progress once the PR is ready.

[nathanblair]

Is this PR related? #25072

[TechnicallyJoe]

Thanks @Phiph for raising this issue, I'm working on this task, will update the progress once the PR is ready.

Any news here? This is actively keeping us from using container app environments

[xiaxyi]

@TechnicallyJoe Currently, the api team is working on updating their api, once the updates are merged, I can continue to get the work done.

[leolorenzoluis]

@xiaxyi Any ETA?

[xiaxyi]

@leolorenzoluis The Terraform progress is still being blocked by the api issue, I'll let you know once TF is unblocked.

[codylittle]

Hey @xiaxyi, is there anywhere we can follow the API team's progress? Given Functions on ACA team is releasing a number of API changes soon and around MS build, I'd have to assume they'd be approaching some kind of stable release.

[oniskanen]

@xiaxyi, note that Azure Functions on Azure Container Apps went GA 2 weeks ago: https://azure.microsoft.com/en-us/updates/generally-available-azure-functions-can-now-run-on-azure-container-apps/

Terraform support missing is not good for wider adoption.

[cosminseclaman-hc]

Any updates regarding this ? Like the rest, I'm also wondering whether to wait for this, or start implementing it with AzApi provider.

[gsouf]

Is there any alternative way to deploy programmatically function app to a container environment until this is supported in the terraform provider?

[karol-pieciukiewicz]

@gsouf @cosminseclaman-hc as there is not option to create Azure Function with Container Apps Enviroment usage, there is a way to run Azure Acuntion in ACA :) you simply create Azure Container App and run there docker image with AZF. Sample code you can find in my repo: https://github.com/azure-way/azure-function-container-apps

[ryanshirley-flipdish]

@gsouf @cosminseclaman-hc as there is not option to create Azure Function with Container Apps Enviroment usage, there is a way to run Azure Acuntion in ACA :) you simply create Azure Container App and run there docker image with AZF. Sample code you can find in my repo: https://github.com/azure-way/azure-function-container-apps

How does scaling rules work as I see you didn't define any? These are some of the issues I am facing using an Azure function deployed this way.

1. How does it scale from 0 to 1 when a new message in on Service Bus?
2. What happens is Service Bus has thousands of messages? If max replicas are set to 10 how will it know to scale out?

I noticed the addition of Flex Consumption plan (preview) for Azure functions which looks quite appealing now that it supports virtual networking

[yavuzkaymak]

it can work, if the app pulls the message when triggered by KEDA scaled object. But then what is the point of ...

[karol-pieciukiewicz]

I think you cen define scale rules exactly the same way as for standard deployment. Example of Service Bus scale rule you can find here: https://azureway.cloud/azure-container-apps-service-bus-part-6/

Keepe in mind that scale rules work only for below services:

• HTTP
• Azure Queue Storage
• Azure Service Bus
• Azure Event Hubs
• Kafka
• Timer

[rliberoff]

Hey guys, any update on this?

[xiaxyi]

Hi Guys, the PR is currently under internal review, I will let you know if we have any further progress. Thanks for your understanding.

[tgoodlock-ai]

Any updates on this? Or a workaround until it's merged?

[alefteris]

@tgoodlock-ai A workout I'm using currently is to use the azapi provider instead of azurerm to create the function.

[krzysztof-madej]

I think you cen define scale rules exactly the same way as for standard deployment. Example of Service Bus scale rule you can find here: https://azureway.cloud/azure-container-apps-service-bus-part-6/

Keepe in mind that scale rules work only for below services:

• HTTP
• Azure Queue Storage
• Azure Service Bus
• Azure Event Hubs
• Kafka
• Timer

But in this case when you have several functions inside you need to repeat all scalers at terraform level.

it is better to use bicep or azapi provider

Example of bicep:

resource azfunctionapp 'Microsoft.Web/sites@2022-09-01' = {
  name: 'funcapp-${take(resourceToken,4)}'
  location: location
  kind: 'functionapp'
  properties: {
    managedEnvironmentId: environment.id
    //name: '${prefix}-funcapp'
    siteConfig: {
      linuxFxVersion: 'DOCKER|${apiImageName}'
      appSettings: [
        {
          name: 'AzureWebJobsStorage'
          value: azStorageConnectionString
        }
        {
          name: 'APPINSIGHTS_INSTRUMENTATIONKEY'
          value: applicationInsightsResources.properties.InstrumentationKey
        }
      ]
    }
  }
}

[sylm-premiertech]

For anyone looking for a workaround until it is ready in the AzureRM provider, here's what I've finally come up with. It's worth mentionning that I had a couple of issues.

I don't usually use the registry's username and password in app_settings like that, I prefer managed identities. But in this case with AzApi, it looks like it was trying to fetch the image before anything else. I've never had that problem with a standard Web App where I can use "container_registry_use_managed_identity" without a problem.

AzApi provider also seems to have problem when updating values. I had errors when trying to apply a final config because it was an update but had no problem after deleting the resource first.

resource "azurerm_resource_group" "group" {
  name     = "name"
  location = "location"
}

resource "azurerm_container_app_environment" "environment" {
  name                = "name"
  location            = azurerm_resource_group.group.location
  resource_group_name = azurerm_resource_group.group.name

  workload_profile {
    name                  = "Consumption"
    workload_profile_type = "Consumption"
  }
}

resource "azapi_resource" "function_app_name" {
  name      = "name"
  type      = "Microsoft.Web/sites@2023-12-01"
  parent_id = azurerm_resource_group.group.id
  location  = azurerm_resource_group.group.location

  body = {
    properties = {
      managedEnvironmentId   = azurerm_container_app_environment.environment.id
      storageAccountRequired = false
      workloadProfileName    = "Consumption"

      resourceConfig = {
        cpu    = 0.5
        memory = "1Gi"
      }

      siteConfig = {
        linuxFxVersion              = "DOCKER|myregistry.azurecr.io/image:tag"
        functionAppScaleLimit       = 10
        minimumElasticInstanceCount = 0

        appSettings = [
          {
            name  = "DOCKER_REGISTRY_SERVER_URL"
            value = "myregistry.azurecr.io"
          },
          {
            name  = "DOCKER_REGISTRY_SERVER_USERNAME"
            value = "username"
          },
          {
            name  = "DOCKER_REGISTRY_SERVER_PASSWORD"
            value = "password"
          },
          {
            name  = "APPINSIGHTS_INSTRUMENTATIONKEY"
            value = azurerm_application_insights.appinsight.instrumentation_key
          }
        ]
      }
    }
  }
}

[TechnicallyJoe]

@TechnicallyJoe Currently, the api team is working on updating their api, once the updates are merged, I can continue to get the work done.

Any news here?

[NapalmCodes]

Looks like this is impacted by the new hosting model: https://techcommunity.microsoft.com/blog/AppsonAzureBlog/announcing-native-azure-functions-support-in-azure-container-apps/4414039

[Krusty93]

As a org, we want to invest in Function App running on Container Apps due to AppService Plans scaling limitations. However, the lack of support in azurerm is definitely an issue

[luisve1427]

any updates to support the new hosting model? It seems we just need to be able to set the kind property as that is how it works in azapi?

[maheshtv-WoW]

Any updates on this please?