Containers Azure Container Apps premium top250-pre130-priority field-manual-complete

Container Apps traffic split

Container Apps traffic split means a percentage-based routing rule that divides Container Apps ingress traffic across active revisions or labels. Teams use it to ship safer releases by exposing a new revision to limited traffic, comparing evidence, and rolling back without redeploying the whole application. In Azure operations, it appears in revision management pages, ingress traffic rules, labels, deployment pipelines, canary runbooks, blue-green release plans, and Application Insights dashboards. The practical question is which app, revision, image, identity, network path, or cost boundary it changes, and what live evidence proves the setting is healthy.

Back to glossary browser Open Microsoft Learn source
Aliases
No aliases mapped yet
Difficulty
intermediate
CLI mappings
5
Last verified
2026-05-12

Microsoft Learn

A Container Apps traffic split is a set of ingress routing weights that divides requests across active revisions or labels in multiple revision mode.

Microsoft Learn: Traffic splitting in Azure Container Apps2026-05-12

Technical context

Technically, Container Apps traffic split is an application-scope ingress configuration that works in multiple revision mode and assigns traffic weights totaling 100 percent. Engineers verify it through revision names, labels, weight percentages, ingress status, request metrics, deployment approvals, rollback records, and health gates. Important configuration includes revision mode, active revisions, labels, ingress, revision weights, label weights, health probes, monitoring, and rollback target. Production reviews should capture owner, resource group, region, environment, resource IDs, deployment version, diagnostics, limits, and rollback notes before changing it.

Why it matters

Container Apps traffic split matters because traffic splitting determines how much real customer load reaches a new version and how quickly teams can reverse a bad rollout. The business impact is practical: users may see failed requests, delayed processing, leaked traffic, stale credentials, slow starts, or unexpected charges when teams misunderstand it. A strong glossary entry gives architects, developers, security reviewers, and operators the same language for design reviews and incident handoffs. It connects the Azure setting to ownership, measurable objectives, dashboards, rollback paths, and audit evidence. That shared understanding helps teams make safer production changes under pressure instead of treating the setting as a portal detail.

Where you see it

Signals, screens, and Azure surfaces where this term usually becomes operational.

Signal 01

You see Container Apps traffic split in Container Apps revisions, ingress configuration, deployment gates, and metrics when confirming revision weights, labels, active status, and request distribution for release, audit, or incident evidence.

Signal 02

You see Container Apps traffic split during troubleshooting when canary traffic hits the wrong version or rollback is unclear and operators must connect portal state, CLI output, logs, metrics, owners, and rollback notes.

Signal 03

You see Container Apps traffic split in architecture reviews when teams decide how traffic moves between deployed revisions, how evidence is gathered, and how it affects security, reliability, operations, cost, and performance.

When this becomes relevant

Specific situations where this term helps solve real Azure design, operations, migration, security, reliability, cost, or governance problems.

  • Route a small percentage of production requests to a new Container Apps revision for canary validation.
  • Run blue-green deployments by keeping stable and candidate revisions active while shifting traffic gradually.
  • Roll traffic back to the known-good revision after metrics, probes, or support signals cross a release gate.
  • Compare revision labels, traffic weights, logs, and Application Insights metrics during incident or release review.
  • Document release ownership, health gates, and traffic-split evidence so support teams know which revision served users.

Real-world case studies

Different enterprise-style examples that show the term being used to hit measurable objectives.

Case study 01

Canary traffic split for subscription checkout

Scenario, objectives, solution, measured impact, and takeaway.

Scenario

Litware Media, a subscription streaming company, needed to test a new checkout page with real customers while limiting revenue risk.

Business/Technical Objectives
  • Send only 10 percent of traffic to the new revision first
  • Compare conversion, latency, and payment failures by revision
  • Rollback immediately if payment errors exceeded threshold
  • Promote gradually after approved health gates
Solution Using Container Apps traffic split

The application team enabled multiple revision mode and deployed the new checkout image as a separate Container Apps revision. They used traffic splitting to send 10 percent of ingress traffic to the candidate revision and 90 percent to stable. Application Insights dashboards compared conversion, payment dependency latency, HTTP errors, and cart abandonment for both revisions. The release runbook recorded the stable revision, candidate revision, weights, and rollback command. When the first window passed, traffic moved to 25 percent, then 50 percent, then full promotion. The runbook also recorded owner, scope, resource IDs, monitoring window, rollback trigger, and review date so support, security, and finance could make decisions from the same evidence.

Results & Business Impact
  • Initial canary exposed the new page to 9.8 percent of requests
  • Payment failure rate stayed below the 0.5 percent gate
  • Full promotion completed with no emergency rollback
  • Release evidence shortened post-change review by two hours
Key Takeaway for Glossary Readers

Traffic splitting makes production rollout measurable instead of a single high-risk switch.

Case study 02

Blue-green rollout for municipal services

Scenario, objectives, solution, measured impact, and takeaway.

Scenario

MetroHelp, a city services provider, had to modernize a public request portal used for pothole, sanitation, and permit inquiries.

Business/Technical Objectives
  • Keep the old portal live while validating the new revision
  • Route internal testers to the candidate before public users
  • Switch public traffic only after accessibility tests passed
  • Return to stable quickly if citizen reports increased
Solution Using Container Apps traffic split

Engineers deployed the new portal as a green Container Apps revision and kept the blue revision active. A label routed city testers to the green revision before public traffic changed. After accessibility, latency, and form-submission checks passed, the team used traffic splitting to move public traffic in stages. The operations center monitored citizen-service errors, failed form posts, and page response time. The rollback plan set all weights back to the blue revision and preserved the green logs for review. The runbook also recorded owner, scope, resource IDs, monitoring window, rollback trigger, and review date so support, security, and finance could make decisions from the same evidence.

Results & Business Impact
  • Internal testers validated the green revision for three days
  • Public traffic moved in 25 percent increments
  • Average form response time improved by 22 percent
  • Rollback command was tested before public promotion
Key Takeaway for Glossary Readers

Traffic split and labels work together when teams need both private validation and controlled public rollout.

Case study 03

A/B routing for pharmacy refill workflow

Scenario, objectives, solution, measured impact, and takeaway.

Scenario

Humongous Health Pharmacy wanted to compare two refill-reminder experiences without forcing all patients into the new workflow.

Business/Technical Objectives
  • Expose the candidate workflow to a measured patient segment
  • Keep clinical safety checks identical across revisions
  • Compare completion rate and support calls by revision
  • Promote only if the new workflow improved outcomes
Solution Using Container Apps traffic split

The platform team ran two active Container Apps revisions and split traffic evenly for eligible refill-reminder users. Both revisions used the same identity, secrets, and backend safety checks, and the team verified those controls before routing. Telemetry tagged each request with revision name so product and compliance teams could compare completion rate, support calls, errors, and latency. After two weeks, the candidate revision showed better completion with no safety regression, so operators shifted traffic gradually to 100 percent. The runbook also recorded owner, scope, resource IDs, monitoring window, rollback trigger, and review date so support, security, and finance could make decisions from the same evidence. Operators attached before-and-after metrics to the change record and reviewed them with the service owner before closing the release.

Results & Business Impact
  • Refill completion improved by 14 percent for the candidate revision
  • Support calls dropped by 11 percent in the tested segment
  • No clinical safety-control differences were found
  • Traffic promotion completed without redeploying the app
Key Takeaway for Glossary Readers

A traffic split can test user outcomes while preserving a controlled rollback path.

Why use Azure CLI for this?

Use CLI checks to set and verify revision or label traffic weights during canary, blue-green, and rollback operations.

CLI use cases

  • Set revision weights for a controlled canary release.
  • Verify all traffic split weights total 100 percent before promotion.
  • Move traffic back to the stable revision after a failed health gate.

Before you run CLI

  • Confirm tenant, subscription, resource group, environment, region, and app name before collecting or changing production Container Apps evidence.
  • Use least-privileged access and avoid exposing tokens, registry credentials, connection strings, or customer data in CLI output.
  • Know whether the command is read-only, mutating, cost-impacting, traffic-impacting, or security-impacting before running it in production.

What output tells you

  • Output confirms whether live Azure configuration exists at the expected scope and matches the approved deployment design.
  • Returned names, IDs, revision states, traffic weights, replica counts, or image references help separate drift from application behavior.
  • Differences between expected and actual state create evidence for rollback, owner follow-up, audit review, or support escalation.

Mapped Azure CLI commands

Containerapp operations

direct
az containerapp list --resource-group <resource-group>
az containerappdiscoverContainers
read-only Microsoft docs
az containerapp show --name <container-app> --resource-group <resource-group>
az containerappdiscoverContainers
read-only Microsoft docs
az containerapp up --name <container-app> --image <image>
az containerappprovisionContainers
cost-impacting Microsoft docs
az containerapp update --name <container-app> --resource-group <resource-group> --image <image>
az containerappconfigureContainers
mutating Microsoft docs
az containerapp logs show --name <container-app> --resource-group <resource-group>
az containerapp logsdiscoverContainers
read-only Microsoft docs

Architecture context

A Container Apps traffic split is the release-control surface I expect teams to use instead of replacing production all at once. It assigns percentages across active revisions, which makes canaries, phased rollouts, A/B tests, and quick rollbacks possible without rebuilding the app. Architecturally, the split must be tied to health checks, telemetry, deployment gates, and a rollback threshold, not treated as a manual slider. I review whether sticky sessions, identity, downstream schema changes, and cache behavior make split traffic safe. Operators should capture old and new weights, revision names, error rates, latency, and business metrics. A good split gives the team evidence before promotion and a clean route back when a release misbehaves.

Security

Security for Container Apps traffic split focuses on ensuring every traffic target has approved authentication, authorization, identity, secrets, image provenance, and logging before receiving users. Review managed identity, RBAC, registry permissions, secrets, ingress, network rules, image provenance, audit logs, and who can change the resource. Prefer private endpoints or internal ingress where appropriate, Key Vault backed secrets, least privilege, and explicit approval for public exposure. Watch for broad contributor access, plaintext environment variables, untrusted images, stale revisions, and logs that reveal tokens or customer data. Production use should include owner, rotation path, emergency rollback, and evidence that security controls apply to every active revision.

Cost

Cost for Container Apps traffic split comes from running multiple active revisions, extra telemetry, duplicated dependencies, test traffic, minimum replicas, and cleanup after promotion. Direct charges may be visible in billing, but indirect costs appear as incident response, excessive telemetry, duplicate capacity, failed retries, slow deployments, or support time. Review budgets, tags, workload profile placement, replica limits, retention policies, build frequency, and log ingestion before scaling or automating it. Tie every cost increase to an owner, business reason, expected duration, and measurement window. This helps finance distinguish intentional capacity from waste and helps engineers avoid small configuration choices becoming monthly variance.

Reliability

Reliability for Container Apps traffic split depends on health gates, rollback routing, active revision readiness, label correctness, metrics comparison, and stable behavior while two versions run together. Operators should know expected scale behavior, startup path, dependencies, probes, retry rules, image pull path, and the rollback target. Monitor replica state, revision health, ingress errors, dependency failures, queue depth, latency, and quota. Test the failure path before production change, including image pull failure, secret rotation, downstream outage, and traffic rollback. Keep a known-good revision or image available when possible. This prevents a small configuration mistake from becoming a user-visible outage during a busy release window. Review the evidence after every release.

Performance

Performance for Container Apps traffic split is about latency comparison between revisions, sample size, cache behavior, cold starts, dependency timing, and saturation during gradual promotion. Measure signals that reflect workload experience, such as latency, throughput, queue depth, replica readiness, image pull duration, CPU, memory, connection counts, or dependency response time. Avoid tuning one setting in isolation when identity, network path, registry location, cache state, partitioning, image size, or downstream services also influence results. Keep baseline measurements before and after changes so regressions are visible. That evidence helps teams optimize the actual bottleneck instead of the most obvious Container Apps setting. Use the same measurement window across stable and candidate versions.

Operations

Operationally, Container Apps traffic split needs clear ownership, naming, tagging, change records, and repeatable verification. Teams should know which portal blade, CLI command, metric, log query, deployment file, and runbook prove current state. Capture before-and-after evidence for production changes, including resource IDs, revision names, image digests, traffic weights, replica counts, secrets, region, and monitoring window. Keep rollback steps near the change record, not in personal notes. For support, define who can approve changes, who monitors impact, and when old revisions, images, or sessions should be cleaned up. Also document alert recipients, emergency approvers, evidence owners, and the post-rollout review date for audits.

Common mistakes

  • Using traffic splitting while the app remains in single revision mode.
  • Promoting a revision without predefined metrics and rollback criteria.
  • Forgetting that label routing and percentage routing are different paths.