Azure Front Door (AFD) with Azure Container Instances (ACI) across multiple regions using Azure Resource Manager (ARM) Templates
In previous posts I showed how we can use Azure Traffic Manager, our global DNS-based load balancing solution, with Azure Container Instances (ACI) via both the Azure CLI and Azure Resource Manager (ARM) templates. The second post goes into further detail on ARM which I won’t duplicate here.
Since then, we released Azure Front Door (AFD), which is Generally Available as of today:
.@Azure Front Door is now generally available. This is one of my favorite services to pair with everything from Azure Container Instances and static content on Blob Storage, to Azure Kubernetes Service. We use it for so many things @ MS. If it speaks HTTP, you should consider it. https://t.co/epfEcjKco1
— Aaron W 🐧 (@as_w) April 5, 2019
Azure Front Door provides Global HTTP load balancing, SSL offload, Application and API acceleration as well as WAF @ Edge capabilities. Our quickstart and docs are great places to begin to explore some of these capabilities further.
Azure Front Door and Azure Container Instances are two of my favorite services and complement each other extremely well. I believe the best way to explore these is hands on with something tangible. Here we will demonstrate how to deploy Azure Front Door and Azure Container Instances across three regions using the following Azure Resource Manager (ARM) template:
This is a significantly simplified version of the template in the earlier Traffic Manager post. There is also a version of the above simplified template azuredeploy-fd-tm.json in the repo that includes both Front Door and Traffic Manager side by side. This is useful for comparison, but also if you happen to need to use DNS-based load balancing to support TCP services in addition to HTTP services which Front Door supports. This template can even be extended to deploy instances in parallel across all of the regions that Azure Container Instances supports – a total of 16 at the time of this post!
The easiest way to deploy an ARM template is via the Azure Portal. Click the following link to deploy the above template directly from the GitHub repo:
You will be given the opportunity to adjust the parameters of the template including instance count per region, container image, listen port, etc. In one click you will have Azure Front Door (AFD), with a default domain, *.azurefd.net
, and the ability to add Custom Domains with free and automatic SSL certificate provisioning, Routing Rules pointing to a Backend Pool of Azure Container Instances. You will see one or more instances across 3 regions, each with their own DNS label, and a simple web server container, aaronmsft/hello-golang
, which will echo its own hostname on the /host
path.
If you prefer to deploy the template via the Azure CLI, you can do so as follows:
RESOURCE_GROUP='190400-afd-aci'
LOCATION='eastus'
az group create -n $RESOURCE_GROUP -l $LOCATION
# deploy azure front door from url
az group deployment create -g $RESOURCE_GROUP --mode Complete --template-uri https://raw.githubusercontent.com/aaronmsft/aaronmsft-com/master/azure-front-door-container-instances-arm/azuredeploy.json
There are more CLI examples the repo.
From here you can open your Front Door in the Azure Portal to explore it and Azure Container Instances further!