Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
How to Achieve Isolation of Namespaced Actors in Azure Container Apps Environment
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 59%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBK%3C/text%3E%3C/svg%3E)
Benjamin Kappel
0
Reputation points
We created a multi-tenant application that is deployed to a single container apps environment. We have Dapr enabled and using it. Each customer has its own set of container apps, which communicate with separate configured components like state stores and pub/sub. That mimics the procedure described here.
One of the container apps within each tenant uses actors. All is working well.
When the second tenant is deployed, the dapr components are isolated from each other - as desired. However, the actors are not. For instance, the actor-enabled container app from tenant A will try to reach an actor from tenant B, which is successful, but tenant B doesn't have access to the data store of tenant A, and the operation fails.
I wasn't able to find a way to use namespaced Dapr actors (https://docs.dapr.io/developing-applications/building-blocks/actors/namespaced-actors/) in Azure Container Apps.
Since the dapr sidecar is fully managed, I don't see a way to set the NAMESPACE environment variable.
Any idea how we can accomplish isolating actors from each tenant when the container apps environment is shared?
Azure Container Apps
Sign in to answer