A tried-and-tested monolith or microservices—that is the question. And it is a perfectly valid one. A monolith is tempting because of its simplicity—one application, one codebase, fewer moving parts. It is easier to deploy, easier to monitor, and, at the beginning at least, easier to maintain. But what happens when the system starts to grow? Every change requires caution, and extending a monolith often leads to a complex, difficult-to-maintain codebase.
On the other hand, microservices offer flexibility, independent scalability, and the ability to evolve in several directions at once. It sounds like an ideal solution, doesn’t it? The challenge, however, lies in the implementation. You must carefully consider inter-service communication, high availability, monitoring, and deployment automation. All of this can be overwhelming, particularly if you do not have a large DevOps team and do not want to spend weeks configuring infrastructure.
Are microservices a solution reserved only for large enterprises? Or is there a way to simplify their management and make them accessible to smaller teams and projects as well? Microsoft provides an answer in the form of Azure Container Apps, which significantly streamlines the deployment and management of microservices and eliminates many issues associated with traditional microservices approaches. How does it work? That is exactly what this article explores.
Microservices—an opportunity or a pitfall?
Microservices are one of the hottest topics in modern software architecture. Technology companies, industry blogs, and IT conferences have for years presented them as the future of scalable application development. But are they really the right choice for everyone? We have already discussed the advantages of this approach here: https://www.infinity-group.pl/blog/en/2024/09/04/exploring-microservices-their-functionality-benefits-and-business-impact/.
Despite their strengths, microservices also introduce several challenges:
- System complexity: instead of a single application, we now have dozens (or even hundreds) of services that must work together. This brings significant challenges related to communication, API versioning, and data consistency.
- Infrastructure management: every service must be deployed, monitored, and secured. This typically requires a robust container orchestration platform (e.g., Kubernetes)—which can be difficult for smaller teams.
- Service dependencies: in a monolith, communication between components happens locally within the same application. In microservices, communication occurs via the network (HTTP, gRPC, message brokers), leading to latency, availability issues, and the need for built-in fault-handling mechanisms.
- Cost and time to implement: although microservices provide flexibility, their implementation and maintenance require significantly more effort and resources.
Are microservices suitable for everyone?
Fortunately, you do not need to abandon microservices simply because they are complex. Modern platforms such as Azure Container Apps help simplify the process of managing and deploying microservices by removing much of the infrastructure burden. In the next section, we will take a closer look at how this solution works.
Azure Container Apps: what it is and why it matters
Azure Container Apps is a fully managed serverless container platform that:
- Hides infrastructure: there is no need to manually configure Kubernetes clusters, virtual machines, or load balancers.
- Runs Docker containers: deploy any Docker image built locally or stored in Azure Container Registry (ACR).
- Uses KEDA (Kubernetes Event-Driven Autoscaling): automatically scales based on HTTP traffic, queue length, or any other trigger.
- Provides built-in service-to-service communication: internal routing within an application environment without additional configuration.
Azure Container Apps (ACA) offers two main deployment and billing models:
- Consumption plan: a serverless mode where you pay only for actual CPU/RAM usage. Services can scale down to zero.
- Dedicated plan: a model with a dedicated Kubernetes cluster, reserved capacity, and full VNet integration. Designed for organisational requirements around security and compliance.
While the Consumption plan offers rapid deployment and cost savings, many organisations today require more: network isolation, compliance with security policies, and full control over infrastructure. For such cases, the ACA Dedicated plan is the optimal choice, supporting advanced enterprise scenarios. Thus the remainder of this article focuses primarily on this approach.
Dedicated plan in ACA
The Dedicated plan is based on a fully managed Kubernetes cluster deployed within your Azure subscription. Compared to the Consumption plan, it offers:
- Reserved resources: fixed cluster capacity (nodes, vCPU, RAM) ensures predictable performance.
- VNet integration: attach the cluster to your virtual network to enable private endpoints and network peering, ensuring full traffic isolation.
- Private Link: services communicate exclusively through your private network, aligned with enterprise security requirements.
- Compliance and policy enforcement: full support for Azure Policy, Azure Defender, and other Azure Security services.
This table highlights key benefits of the Dedicated plan
| Feature | Corporate-grade Benefits |
| VNet Integration | Network isolation and private IP access only |
| Private Link / Endpoints | All traffic to container registries and ACA remains private |
| Reserved capacity | Guaranteed performance and enterprise-level SLAs |
| Azure Policy | Enforced tagging, audit rules, and security constraints |
| Cost based on allocation | Stable, predictable billing |
Security and compliance
1. Network isolation
- A dedicated cluster inside your VNet, with no direct exposure to the public Internet and access restricted to private endpoints.
- Network control can be further enhanced through Azure Firewall or Network Security Groups (NSG).
2. Identity control
- Azure Active Directory, Managed Identities, and RBAC can be applied both at the environment and application level.
- This allows assigning different roles and permissions to teams working on separate applications within the same environment.
3. Audit and policy enforcement
Azure Policy enables automated governance such as:
- Mandatory container image scanning (Defender for Containers)
- Enforced tagging and naming conventions
- IP allow/deny rules
Full integration with Azure DevOps
Azure Container Apps integrates seamlessly with Azure DevOps, enabling repeatable, secure, fully automated microservices deployments. Leveraging Infrastructure as Code (IaC) and robust CI/CD pipelines provides:
- Fully automated deployments: changes in code or Bicep files trigger pipelines that build container images, push them to ACR, and deploy them to ACA.
- Consistency and policy compliance: infrastructure and environment configurations are defined as code, deployed identically across environments.
- Private VNet support: Azure DevOps can use private agents hosted inside the same VNet as the ACA Dedicated environment.
- Infrastructure versioning: Bicep files and pipeline configurations stored in Git provide traceability and easy rollbacks.
- Integrated tests and validation: pipelines can include Bicep validation (what-if), application smoke tests, or security scanning.
- Access control: Azure AD and RBAC ensure precise permissions for approvals, pipeline execution, and infrastructure configuration changes.
Monitoring Applications with Azure tools
Reliability and rapid incident response are essential in enterprise environments. Azure Container Apps integrates deeply with Azure observability tools, making it easy to track application health, detect errors, and respond in real time.
Azure Monitor and log analytics
- Centralised logs and metrics: ACA applications can send diagnostics directly to Azure Monitor and Log Analytics.
- Kusto Query Language (KQL): create complex queries to analyse behaviours such as HTTP 500 errors or service response times.
- Data visualisation: dashboards provide real-time operational insights.
Alerts and automation
- Metric and log-based alerts: e.g. CPU > 80% for 5 minutes or specific exceptions in logs.
- Integration with ITSM tools: alerts can be routed to Microsoft Teams, ServiceNow, Jira, and others, hastening project teams’ reactions.
- Automated actions: trigger Logic Apps, runbooks, or webhooks to restart containers, scale services, or notify administrators.
Example architecture using Azure Container Apps
Having covered the fundamentals, let’s look at an example. The following conceptual architecture illustrates a microservices-based system deployed in an ACA Dedicated environment.
In this model, key components—the frontend (React), API services (Customers, Products), integrations (DB Service, Integration Service), and content management—are packaged as separate containerised applications and deployed within a single ACA environment. The whole thing runs on a Dedicated plan, with full integration with a private VNet network.
User traffic flows through Azure Front Door with WAF/CDN enabled, ensuring security and high availability. The system leverages various Azure services:
- Azure SQL Database for application data
- Azure Key Vault for secure secret storage via Managed Identities
- Azure Cache for Redis for application caching
- Azure Log Analytics for centralised logging and monitoring
- Azure Storage as file storage, scanned by Microsoft Defender for Cloud
The system also integrates with external services such as SendGrid and SMS API for email and SMS delivery. Administrative access is provided through a secure VPN connection.
This is just one example of how Azure Container Apps can be used in a microservices architecture. The above application architecture built on Azure Container Apps can be efficiently integrated with Azure DevOps, which makes it possible to fully automate the processes of building, testing, and deploying both code and infrastructure. The simplified DevOps flow for this architecture is shown in the diagram below:
Source code repositories (Azure Repos) store the frontend and backend applications (e.g., React, .NET) as well as infrastructure-as-code definitions (e.g., in Bicep files). Azure Pipelines enables the creation of CI/CD pipelines that:
- build the application and containers,
- publish artefacts and images to Azure Container Registry,
- deploy the environment based on Bicep files.
The process can be further extended with Bicep template validation, security scanning, artefact signing, or automatic rollbacks. Deployments can be carried out using a self-hosted agent operating within the same VNet as the ACA environment, which ensures full network isolation and compliance with security policies. This approach guarantees complete control over the entire application lifecycle—from source code through testing to automatic, secure, and repeatable deployments across individual environments.
When should you choose Azure Container Apps?
Adopting microservices is a major architectural decision. Beyond defining service boundaries, you must also choose the right deployment and management model. Azure Container Apps is a powerful alternative to traditional Kubernetes—especially for organisations that prefer to focus on application development rather than infrastructure.
Situations when Azure Container Apps is an excellent choice
- You want to deploy microservices quickly without running your own Kubernetes cluster.
- You need to run containers in a secure, isolated environment aligned with corporate policies (VNet, RBAC, Azure Policy).
- Your applications experience dynamic workloads—ACA supports autoscaling, including scale-to-zero.
- You are building CI/CD workflows with Azure DevOps and want to use IaC (e.g. Bicep).
- You already rely on Azure services and want a consistent ecosystem.
But sometimes it is better to consider alternatives
Especially when:
- You require full control over cluster configuration and orchestration.
- You depend on highly advanced networking scenarios beyond ACA’s capabilities.
- Your applications are not container-based and fit better in VM-based or Azure App Services environments.
Summary
Azure Container Apps is a mature platform that, combined with Azure DevOps, Bicep, and the Azure ecosystem, enables the creation of modern, scalable, secure microservices environments—without requiring a full-time DevOps team. With the Dedicated plan, ACA becomes a compelling alternative to Kubernetes in environments with stringent security requirements, where VNet integration, compliance, monitoring, cost control and automation play a critical role. It relieves project teams of infrastructure complexity, allowing them to focus on delivering business value.
Our experts specialise in many areas—including microservices architecture implementations. If you would like to see this solution in your organisation, please complete the form below.
