Azure Container Apps

This guide walks you through deploying the Superblocks On-Prem Agent on Azure Container Apps using either the Azure Portal, the Azure CLI or a YAML File.

Prerequisites

• Azure subscription with permissions to create resources
• Superblocks Agent Key (generate one)
• Install Azure CLI (See quickstart for example usage)

Deploy resources

Create Subnet

If your agent needs to talk to internal APIs and databases inside a specific Azure VNet, create a new subnet inside that VNet. The subnet should be dedicated to the Azure Container Apps Environment with no other resources.

Azure Portal

Navigate to your VNet then choose Settings -> Subnets -> + Subnet. Configure the subnet settings, including setting Subnet Delegation to "Microsoft.App/environments".

Azure CLI

Run the following command to create a new subnet delegated to container app environments.

az network vnet subnet create \
  --resource-group MyResourceGroup \
  --vnet-name MyVnet \
  --name MySubnet \
  --address-prefixes 10.0.0.0/24 \
  --delegations Microsoft.App/environments

Create Container Apps Environment

Azure Portal

1. Navigate to Container Apps -> + Create -> Container App
2. Under Container Apps environment, click the link to Create new environment
3. Configure Networking to enable or disable Public Network Access and specify the Virtual network using the VNet / subnet created in the previous section.

Azure CLI

Run the following command, using --infrastructure-subnet-resource-id to specify the Subnet ID for the subnet created in the previous section.

az containerapp env create \
  --name MyContainerappEnvironment \
  --resource-group MyResourceGroup \
  --location eastus \
  --infrastructure-subnet-resource-id SUBNET_ID

For more information on public vs. private endpoints, see Networking in Azure Container Apps environment.

Create Container App

Azure Portal

1. Go to Container Apps → + Create

2. Under Basics tab, specify the subscription, resource group, app name, and container apps environment (see Create container apps environment)

3. Under Container tab:

   Container details

   info

   These are the required container image settings if using the Superblocks hosted image. Update these accordingly if you host your own custom image.

   • Image source: Select Docker Hub or other registries
   • Image type: Select Public
   • Registry login server: ghcr.io
   • Image: superblocksteam/agent:latest

   Container resource allocation

   • Set 2 CPU, 4.0 GiB memory

   Environment variables

   • Add SUPERBLOCKS_AGENT_DATA_DOMAIN = app.superblocks.com
   • Add SUPERBLOCKS_ORCHESTRATOR_AGENT_HOST_URL = https:<container_app_name>.<defaultDomain>
   • Add SUPERBLOCKS_ORCHESTRATOR_AGENT_TAGS = profile:*

4. Under Ingress tab:

   • Enable ingress, configure Ingress traffic settings, and set Target port to 8080

5. Click Create

When creating the container app through the Azure Portal, there are a few additional configuration steps required after the container app is created. Navigate to the container app resource and complete the following:

• Under Application -> Scale, set Min Replicas to 1. To adjust horizontal scaling, optionally configure Max replicas.
• Under Security -> Secrets, create a secret to store the Superblocks agent key, using either a Container Apps Secret or Key Vault reference.
• Under Application -> Containers, select the Environment variables tab and set both SUPERBLOCKS_AGENT_KEY and SUPERBLOCKS_ORCHESTRATOR_SUPERBLOCKS_KEY to the previously created secret reference. Click Save as a new revision.

Azure CLI

First, install the required extensions and providers:

az extension add --name containerapp --upgrade
az provider register --namespace Microsoft.App
az provider register --namespace Microsoft.OperationalInsights

APP_NAME="superblocks-agent"
AGENT_KEY="<YOUR_GENERATED_AGENT_KEY>"
AGENT_URL="<AZURE_APPLICATION_URL>"

az containerapp create \
  --name $APP_NAME \
  --resource-group myresourcegroup \
  --environment superblocks-env \
  --image superblocksteam/agent:latest \
  --cpu 2.0 --memory 4.0Gi \
  --ingress external --target-port 8080 \
  --secrets agent-key=$AGENT_KEY \
  --env-vars SUPERBLOCKS_AGENT_KEY=secretref:agent-key \
             SUPERBLOCKS_ORCHESTRATOR_SUPERBLOCKS_KEY=secretref:agent-key \
             SUPERBLOCKS_AGENT_DATA_DOMAIN="app.superblocks.com" \
             SUPERBLOCKS_ORCHESTRATOR_AGENT_HOST_URL=$AGENT_URL \
             SUPERBLOCKS_ORCHESTRATOR_AGENT_TAGS="profile:*" \
  --min-replicas 1 --max-replicas 1

Note: If using a private registry, provide full image path and configure credentials accordingly.

YAML Template

You can deploy the On-Premise Agent on Azure Container Apps by creating a .yaml file and passing it to the az containerapp create command.

properties:
  environmentId: "/subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.App/managedEnvironments/<environment_name>"
  configuration:
    ingress:
      external: <true/false>
      allowInsecure: <true/false>
      targetPort: 8080
    secrets:
      - name: "agent-key"
        value: "<agent_key_value>"
  template:
    containers:
      - image: ghcr.io/superblocksteam/agent:latest
        name: <container_app_name>
        resources:
          cpu: 2.0
          memory: 4.0Gi
        env:
          - name: "SUPERBLOCKS_ORCHESTRATOR_SUPERBLOCKS_KEY"
            secretRef: "agent-key"
          - name: "SUPERBLOCKS_AGENT_KEY"
            secretRef: "agent-key"
          - name: "SUPERBLOCKS_AGENT_DATA_DOMAIN"
            value: "app.superblocks.com"
          - name: "SUPERBLOCKS_ORCHESTRATOR_AGENT_HOST_URL"
            value: "https:<container_app_name>.<defaultDomain>"
          - name: "SUPERBLOCKS_ORCHESTRATOR_AGENT_TAGS"
            value: "profile:*"
    scale:
      minReplicas: 1
      maxReplicas: 1

Run:

az containerapp create -n ContainerAppName -g MyResourceGroup --environment MyContainerAppEnv --yaml "path/to/yaml/file.yml"

Verify agent is running

Check the application status:

az containerapp show \
  --name superblocks-agent \
  --resource-group myresourcegroup \
  --query properties.configuration.ingress.fqdn -o tsv

View application logs:

az containerapp logs show \
  --name my-container-app \ 
  --resource-group my-container-apps

Visit the On-Premise Agents page in Superblocks to confirm the agent appears as Active.

Billable services

The Superblocks On-Premise Agent may make use of the following Azure services. Be aware of the pricing associated with these.

• Azure Container Apps - Serverless container platform with consumption-based pricing (includes free monthly grants of 180,000 vCPU-seconds, 360,000 GiB-seconds, and 2M requests)
• Azure Monitor & Log Analytics - Logging and monitoring solution for diagnostics (optional)
• Azure Key Vault - Secure secret storage for credentials and configuration (optional)
• Virtual Network - Network infrastructure for private deployments (optional)