1# Kubernetes to Azure Container Apps Migration
2 
3Detailed guidance for migrating containerized workloads from Kubernetes (GKE, EKS, self-hosted) to Azure Container Apps.
4 
5## Overview
6 
7| Kubernetes Source | Azure Equivalent |
8|-------------------|------------------|
9| GKE / EKS / Self-hosted Kubernetes | Azure Container Apps |
10| Docker Registry / GCR / ECR | Azure Container Registry (ACR) |
11| ConfigMap | Container Apps Environment Variables / Secrets |
12| Secret | Azure Key Vault + Key Vault references |
13| Ingress | Container Apps Ingress |
14| Service (LoadBalancer/ClusterIP) | Container Apps Ingress (external/internal) |
15| HPA (Horizontal Pod Autoscaler) | Container Apps Scaling Rules |
16| Namespace | Container Apps Environment |
17| Persistent Volume | Azure Files / Blob Storage (via volume mounts) |
18 
19## Resource Mapping
20 
21| Kubernetes Resource | Container Apps Equivalent | Notes |
22|--------------|---------------------------|-------|
23| Deployment | Container App | One deployment → one Container App |
24| Service (type: LoadBalancer) | Ingress (external: true) | Public endpoint |
25| Service (type: ClusterIP) | Ingress (external: false) | Internal only |
26| ConfigMap | `env` with plaintext values | Use Key Vault for sensitive data |
27| Secret | `secretRef` + Key Vault | Managed identity for access |
28| HPA | `scale` rules (http, cpu, memory, custom) | HTTP concurrency, queue depth, etc. |
29| Ingress | Ingress configuration | Automatic HTTPS, custom domains |
30| Liveness/Readiness Probe | Health probes | HTTP, TCP, or startup probes |
31 
32## Configuration Mapping
33 
34| Kubernetes Manifest | Container Apps CLI/Bicep | Example |
35|--------------|--------------------------|---------|
36| `replicas: 3` | `--min-replicas 3 --max-replicas 3` | Static scaling |
37| `resources.requests.cpu` | `--cpu 0.5` | CPU cores (0.25-4.0) |
38| `resources.requests.memory` | `--memory 1Gi` | Memory (0.5Gi-8Gi) |
39| `image: gcr.io/my-registry/app:v1` | `--image myacr.azurecr.io/app:v1` | After ACR import |
40| `env: - name: KEY, value: val` | `--env-vars KEY=val` | Environment variables |
41| `env: - name: SECRET, valueFrom: secretKeyRef` | `--secrets SECRET=keyvaultref:...` | Key Vault reference |
42| `ports: - containerPort: 8080` | `--target-port 8080` | Container port |
43| `livenessProbe.httpGet.path: /health` | YAML/Bicep `probes` config | Health probes not configurable via CLI |
44 
45## Migration Workflow
46 
47Follow these phases sequentially:
48 
49### Phase 1: Export Kubernetes Resources
50- Use `kubectl get deployment,service,configmap,secret -o yaml` to export manifests
51- Document current configuration (replicas, resources, env vars)
52- Identify external dependencies (databases, message queues, storage)
53 
54### Phase 2: Assess Compatibility
55- Verify workloads are stateless (Container Apps doesn't support StatefulSets)
56- Check for unsupported features (DaemonSets, custom CRDs, Operators)
57- Plan Jobs/CronJobs migration to Container Apps Jobs
58- Identify ConfigMaps/Secrets requiring Key Vault migration
59- Review persistent storage needs (migrate to Azure Files/Blob)
60 
61See [assessment-guide.md](assessment-guide.md) for detailed checklist.
62 
63### Phase 3: Migrate Container Images
64- Create Azure Container Registry: `az acr create`
65- Import images from GCR/ECR/Docker Hub: `az acr import`
66- Or rebuild and push: `docker build` → `docker push`
67- Enable managed identity access: `az containerapp registry set`
68 
69### Phase 4: Deploy to Container Apps
70- Create Container Apps Environment
71- Deploy Container Apps with converted configuration
72- Configure ingress, scaling rules, and health probes
73- Set up Key Vault references for secrets
74 
75See [deployment-guide.md](deployment-guide.md) for step-by-step deployment.
76 
77### Phase 5: Verify and Test
78- Test external endpoints (HTTP/HTTPS ingress)
79- Test internal service-to-service communication
80- Verify environment variables and secrets
81- Validate scaling behavior
82- Check health probes and logs
83 
84## Unsupported Features
85 
86Container Apps **does NOT support**:
87- StatefulSets (use Azure Database services instead)
88- DaemonSets (not applicable in serverless model)
89- Kubernetes PV/PVC objects (use Azure Files/Blob Storage via Container Apps volume mounts instead)
90- Custom CNI networking
91- Node affinity / pod affinity
92 
93For batch and scheduled workloads, migrate Kubernetes **Jobs / CronJobs** to **Azure Container Apps Jobs** instead of long-running Container Apps.
94 
95For unsupported Kubernetes platform features, consider **Azure Kubernetes Service (AKS)** instead.
96 
97## Best Practices
98 
991. **Use Managed Identity** for ACR and Key Vault access (no passwords)
1002. **Store secrets in Key Vault**, reference them in Container Apps
1013. **Use Container Apps Environments** to group related microservices
1024. **Enable Dapr** for service-to-service communication, state management, pub/sub
1035. **Configure health probes** to ensure reliability
1046. **Use scaling rules** based on HTTP concurrency or custom metrics
1057. **Never modify source Kubernetes cluster** during migration
106