Azure Function Flex Consumption is a game-changer for scalable serverless apps. It allows you to scale your serverless applications up or down as needed, without having to worry about provisioning or managing servers.
With Azure Function Flex Consumption, you only pay for the compute time your functions use, which can help reduce costs. This is especially useful for applications that experience varying levels of traffic.
You can scale your serverless apps up to 300 instances, making it suitable for large-scale applications. This is a significant increase from the previous limit of 100 instances.
Azure Function Flex Consumption also supports up to 1,000 concurrent executions, giving you the flexibility to handle high traffic scenarios. This is a major advantage over traditional server-based applications.
Flex Consumption
Azure Functions flex consumption plan offers two billing modes: On Demand and Always Ready.
On Demand instances are scaled based on configured per instance concurrency and billed only when instances are executing functions.
This mode has no minimum instance count required, so you only pay for what you use.
Always Ready instances can be configured to be always enabled and assigned to different triggers and functions of the app.
You'll be billed for the total amount of memory provisioned for a baseline while each Always Ready instance is idle.
A free grant of 250,000 executions and 100,000 GB-s of resource consumption per month is included in pay-as-you-go on-demand pricing across all function apps in your subscription.
Here's a breakdown of the free grant and pay-as-you-go pricing for each meter:
Deployment and Management
There are several deployment methods available for Azure Function Flex Consumption, including Tools-based, App Service-managed, and External pipelines.
For Tools-based deployments, you can use Azure CLI, Visual Studio Code publish, Visual Studio publish, or Core Tools publish. This method is best for deployments during development and other improvised deployments.
The One deploy method is the only deployment technology supported for apps on the Flex Consumption plan, resulting in a ready-to-run .zip package.
To use One deploy, you can deploy with the Visual Studio Code publish feature, or from the command line using Azure Functions Core Tools or the Azure CLI.
For One deploy, you'll need to specify a deployment storage (blob) container and an authentication method to it, which can be configured during app create time.
If you need more control over the transition between deployments, you should use deployment slots.
Deployment Methods
Deployment Methods can be a bit overwhelming, but don't worry, I've got you covered. There are three main deployment types to choose from: Tools-based, App Service-managed, and External pipelines.
The Tools-based deployment type is perfect for development and testing, and it allows you to deploy directly from your development tool, such as Visual Studio Code. You can use Azure CLI, Visual Studio Code publish, Visual Studio publish, or Core Tools publish to deploy your code.
The App Service-managed deployment type is ideal for continuous deployment (CI/CD) from source control or from a container registry. It's managed by the App Service platform (Kudu) and includes Deployment Center (CI/CD) and Container deployments.
External pipelines are suitable for production pipelines that include validation, testing, and other actions that must be run as part of an automated deployment. You can use Azure Pipelines or GitHub Actions to manage your deployments.
Here's a summary of the deployment types:
Remote Build
Remote build is an option for deployment, especially for Linux-based function apps. This is because building locally on a Windows computer can result in incorrect libraries being used.
You should request a remote build instead of building locally in these scenarios: deploying an app to a Linux-based function app that was developed on a Windows computer, having dependencies on a custom package index, or wanting to reduce the size of your deployment package.
To request a remote build, you need to set specific application settings, depending on whether your app runs on Windows or Linux. On Linux, you must set ENABLE_ORYX_BUILD=true and SCM_DO_BUILD_DURING_DEPLOYMENT=true.
These settings are automatically created by Azure Functions Core Tools and the Azure Functions Extension for Visual Studio Code when deploying to Linux. By default, both tools perform remote builds when deploying to Linux.
Remote builds are supported for function apps running on Linux in the Consumption plan, but deployment options are limited due to the absence of an scm (Kudu) site.
Docker Container
You can deploy a function app running in a Linux container, which gives you more control over the Linux environment where your function app runs.
This deployment mechanism is only available for functions running on Linux. You can deploy to Azure Functions resources you create in the Azure portal, or from the command line, requiring a Premium or Dedicated plan.
To create a containerized function app, use the Azure Functions Core Tools to create a customized Dockerfile for your project. You can then use this Dockerfile to build a containerized function app.
You can deploy your containerized function app to various platforms, including Azure Functions resources, Azure Container Apps, Azure Arc (preview), or a Kubernetes cluster. To deploy to a Kubernetes cluster, use the func kubernetes deploy command.
Here are some deployment options for containerized function apps:
- Deploy to Azure Functions resources you create in the Azure portal.
- Deploy to Azure Functions resources you create from the command line.
- Deploy to Azure Container Apps.
- Deploy to Azure Arc (preview).
- Deploy to a Kubernetes cluster.
App content is stored in the specified container registry as a part of the image.
Set Instance Counts
You can set a number of always ready instances for your functions to keep them loaded and ready to execute. There are three special groups: http, durable, and blob, which scale together into their own instances.
To configure always ready counts for these groups, use http, durable, or blob as the name for the name value pair setting. For example, you can set the always ready instance count for all HTTP triggered functions to 5 using the --always-ready-instances parameter with the az functionapp create command.
You can't currently define always ready instances when creating your app in the Azure portal. Instead, use the Azure CLI to create your app and define always ready instances.
You can modify always ready instances on an existing app by adding or removing instance designations or by changing existing instance designation counts. For example, you can change the always ready instance count for the HTTP triggers group to 10 using the az functionapp scale config always-ready set command.
To remove always ready instances, use the az functionapp scale config always-ready delete command. You can remove all always ready instances from both the HTTP triggers group and a function named hello_world using this command.
Here's a summary of how to set instance counts for your functions:
You can also modify always ready instances on an existing app using the Azure portal. To do this, go to your function app page, expand Settings, select Scale and concurrency, and then update the app under Always-ready instance minimum.
Functions Proxies
Functions Proxies are a type of function that's triggered by an HTTP request. They have specific pricing and usage rules to keep in mind.
The same pricing applies to Functions Proxies as it does to regular functions, with a total monthly cost of $17.6. This cost is broken down into monthly resource consumption and executions.
Memory used by a proxy is less than 128 MB, which is a significant limitation. This is because the proxy needs to stay up to keep the HTTP connection alive, limiting its overall memory usage.
Proxy execution time is the round-trip time (request to response), which can be a consideration for high-traffic applications. If a proxy triggers a function, the function execution and memory usage is counted separately.
Here's a breakdown of the costs associated with Functions Proxies:
Pricing and Plans
Azure Functions Flex Consumption plan combines benefits from the Consumption plan and adds features like always-on instances and VNet integration.
The Consumption plan is designed for serverless computing, where you're only billed for the exact amount of resources used. This plan is ideal for scenarios where the function is executed infrequently or has variable usage patterns.
Monthly billing for the Consumption plan is calculated based on memory consumption and execution duration, as demonstrated by a function that executes 3,000,000 times during the month and has an execution duration of one second, resulting in a monthly billing calculation.
Resource Billing Calculation
Resource Billing Calculation is a crucial aspect of understanding how you'll be charged for your Azure Functions usage.
The billing calculation is based on observed resource consumption, measured in gigabyte seconds (GB-s). This is calculated by multiplying the average memory size in gigabytes by the time in milliseconds it takes to execute the function.
Observed resource consumption is measured by rounding up to the nearest 128 MB, up to the maximum memory size of 1,536 MB. This ensures accuracy in the billing calculation.
Execution time is also calculated by rounding up to the nearest 1 ms. This means that even if your function executes for a fraction of a millisecond, it will still be counted as a full millisecond.
Here's a breakdown of the billing calculation process:
The Consumption plan includes a monthly free grant of 400,000 GB-s. This means that if your resource consumption is within this limit, you won't be charged for it.
Azure Pricing
Azure Pricing is a complex and multi-faceted topic, but I'll break it down for you in simple terms.
You can pay for Azure services using a pay-as-you-go model, where you only pay for the resources you use.
There are several pricing models available, including Reserved VM Instances, which can provide significant cost savings for committed usage.
Azure Pricing Calculator is a valuable tool to help you estimate costs and plan your budget.
Reserved VM Instances can offer savings of up to 72% compared to pay-as-you-go pricing.
You can also take advantage of Azure Hybrid Benefit, which allows you to bring your existing Windows Server licenses to Azure and save up to 40% on virtual machine costs.
Azure Pricing is updated regularly, so it's essential to check the latest pricing information to ensure you're getting the best deal.
Microsoft offers a free Azure account, which is perfect for testing and learning, and also includes a free credit of $200 to get you started.
Understanding Azure Functions Plans
Azure Functions offers multiple plans to suit different needs. The Consumption plan bills based on observed resource consumption measured in gigabyte seconds (GB-s), calculated by multiplying average memory size in gigabytes by the time in milliseconds it takes to execute the function.
There are three main plans available: Consumption, Premium, and Dedicated. Each plan has its own pricing model and features. The Consumption plan includes a monthly free grant of 400,000 GB-s.
To deploy a Function App in the Consumption plan, you need to set up a Service Plan with a Flex Consumption SKU, a Storage account, and the Function App itself. This is the same for the other plans, but the Flex Consumption plan adds additional features like always-already instances and VNet integration.
The Flex Consumption plan allows you to deploy your application package to a blob container, and your function app runs from this package. This requires creating a Managed Identity for the Function App, a Blob Container to contain the deployment package, and assigning the storage blob data contributor role to the Function App managed identity.
Here's a quick overview of the Azure resources you need to provision:
- A Service Plan (with a Flex Consumption SKU)
- A Storage account
- The Function App itself
Azure Functions also offers a Premium plan, which provides a fixed number of instances and pricing based on instance hours. The Dedicated plan, on the other hand, offers a fixed number of instances and pricing based on instance hours and storage.
Infrastructure and Security
With Azure Function Flex Consumption, you get a highly available and scalable infrastructure that automatically scales to meet your needs, ensuring your functions are always running and accessible.
This infrastructure is built on a robust platform that provides a high level of security, including encryption at rest and in transit.
Azure Function Flex Consumption also supports hybrid connections, allowing you to connect to on-premises resources securely.
Implement Infrastructure Code
Implementing infrastructure code is a crucial step in setting up a secure infrastructure. This involves using tools like Ansible, Terraform, and CloudFormation to automate the deployment and management of resources.
Ansible, for instance, allows you to define infrastructure as code, making it easy to version and track changes. This is especially useful for large-scale deployments where manual configuration can be error-prone and time-consuming.
Terraform, on the other hand, provides a more structured approach to infrastructure as code, using a human-readable configuration language called HCL. This makes it easier to manage complex infrastructure setups and collaborate with team members.
CloudFormation, a service provided by AWS, allows you to define infrastructure in a JSON or YAML file, providing a high degree of flexibility and customizability. This is particularly useful for AWS-based infrastructure deployments.
By using infrastructure code, you can ensure that your infrastructure is consistent, reproducible, and secure. This is especially important for security, as inconsistent or poorly configured infrastructure can be a major vulnerability.
Entra ID Authentication for Storage
Using Entra ID authentication for storage is a crucial step in securing your Azure environment. In most Azure environments, shared key authentication is either frowned upon or explicitly denied.
To upgrade your Azure Function to use Entra ID authentication, you'll need to update the Storage Account to disable shared key access. This is done by setting 'allowSharedKeyAccess' to false.
App Settings need to be updated to use azurewebjobsstorage__accountname, which is the name of the storage account. This setting is used in place of AzureWebJobsStorage to enable managed identity access to storage.
You'll also need to reconfigure the storage section within functionAppConfig to use SystemAssignedIdentity for authentication.
A Role Assignment resource must be added to the deployment to give the System Managed Id for the Function App access to the data plane of the storage account.
Here are the specific steps to follow:
- Update the Storage Account to disable shared key access.
- Update App Settings to use azurewebjobsstorage__accountname.
- Reconfigure the storage section within functionAppConfig to use SystemAssignedIdentity.
- Add a Role Assignment resource to grant access to the data plane of the storage account.
Sources
- https://azure.microsoft.com/en-us/pricing/details/functions/
- https://learn.microsoft.com/en-us/azure/azure-functions/functions-deployment-technologies
- https://learn.microsoft.com/en-us/azure/azure-functions/flex-consumption-how-to
- https://techwatching.dev/posts/flex-consumption-plan
- https://www.automagical.eu/posts/using-azure-functions-flex-consumption-plan/
Featured Images: pexels.com