Skip to content

Use zone redundant Container App environments#

Reliability · Container App · Rule · 2024_06 · Important

Use Container Apps environments that are zone redundant to improve reliability.

Description#

Container App environments can be configured to be zone redundant in regions that support availability zones. Zone redundancy is supported in both the workload profiles and consumption only environments. When configured, replicas of each Container App are spread across availability zones automatically. A Container App must have multiple replicas to be zone redundant.

For example:

  • If a Container App has three replicas, each replica is placed in a different availability zone.
  • If a Container App has one replica, it is only available in a single zone.

Zone redundancy can only be enabled at initial environment creation. Additionally, the Container App environment must be deployed with an infrastructure subnet configured.

Recommendation#

Consider configuring Container App environments to be zone redundant to improve workload resiliency.

Examples#

Configure with Azure template#

To deploy Container App environments that pass this rule:

  • Set the properties.zoneRedundant property to true.
  • Set the properties.vnetConfiguration.infrastructureSubnetId property to reference a valid subnet.

For example:

Azure Template snippet
{
  "type": "Microsoft.App/managedEnvironments",
  "apiVersion": "2023-05-01",
  "name": "[parameters('envName')]",
  "location": "[parameters('location')]",
  "properties": {
    "appLogsConfiguration": {
      "destination": "log-analytics",
      "logAnalyticsConfiguration": {
        "customerId": "[reference(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceId')), '2022-10-01').customerId]",
        "sharedKey": "[listKeys(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceId')), '2022-10-01').primarySharedKey]"
      }
    },
    "zoneRedundant": true,
    "workloadProfiles": [
      {
        "name": "Consumption",
        "workloadProfileType": "Consumption"
      }
    ],
    "vnetConfiguration": {
      "infrastructureSubnetId": "[parameters('subnetId')]",
      "internal": true
    }
  }
}

Configure with Bicep#

To deploy Container App environments that pass this rule:

  • Set the properties.zoneRedundant property to true.
  • Set the properties.vnetConfiguration.infrastructureSubnetId property to reference a valid subnet.

For example:

Azure Bicep snippet
resource containerEnv 'Microsoft.App/managedEnvironments@2023-05-01' = {
  name: envName
  location: location
  properties: {
    appLogsConfiguration: {
      destination: 'log-analytics'
      logAnalyticsConfiguration: {
        customerId: workspace.properties.customerId
        sharedKey: workspace.listKeys().primarySharedKey
      }
    }
    zoneRedundant: true
    workloadProfiles: [
      {
        name: 'Consumption'
        workloadProfileType: 'Consumption'
      }
    ]
    vnetConfiguration: {
      infrastructureSubnetId: subnetId
      internal: true
    }
  }
}

Configure with Azure Verified Modules

A pre-validated module supported by Microsoft is available from the Azure Bicep public registry. To reference the module, please use the following syntax:

br/public:avm/res/app/managed-environment:<version>

For example:

br/public:avm/res/app/managed-environment:0.8.0

To use the latest version:

br/public:avm/res/app/managed-environment:0.8.1

Comments