With Prefect 2, prefect agents can run in Azure Container Instances. This has a number of benefits:
- Less infrastructure to manage. No VMs, no AKS clusters, just your flow. Running.
- Request the resources you need for each job. Up to 6 Cores, 56 Gb RAM and 4 GPUs if you need. 1 CPU and 1 Gb RAM is fine too.
- Better security - because everything other than the container is managed by Azure, there is less for you to keep safe.
- In many cases cheaper than the alternatives.
There are a few drawbacks though, that you need to keep in mind:
- Running a flow requires you to create a new Azure Container group, which takes longer than starting a job either on a VM or on AKS.
- If you are used to AKS, you might have many systems running and communicating seamlessly using k8s services. ACI has no such feature. Every instance gets an IP address, but no service name that can be used.
Because ACIs are ephemeral, you might need to think about authentication differently. If you are used to VMs in Azure, and you use RBAC, you might be familiar with how the VM gets assigned a managed identity which makes it easy for it to authenticate with other resources. But first, it needs to be given that access, which isn't that big of a problem.
But with an ACI that lives just a few seconds, you need the container to have its access rights right from the start. This is where user-managed identities help. They are explicitly designed identities, that are given the permissions it needs, and can be attached to VMs, containers and more.
All of this can be set up with ARM template, plus a few scripts to create the necessary Prefect blocks. A full example deployment (both in the Azure ARM sense and the Prefect sense) is located at https://github.com/radbrt/prefect_aci.
Top comments (0)