Tag: Azure Functions

  • Azure Functions vs Cloud Run: We Ran the Same Worker on Both

    Azure Functions vs Cloud Run: We Ran the Same Worker on Both

    Pick a serverless platform and you’re picking a default for the next five years of your stack. Most comparisons of Azure Functions vs Google Cloud Run are written from the docs. This one isn’t — we deployed the same worker to both, in production, on the free tiers, and watched what happened.

    The worker is simple on purpose: it takes a webhook, does a little work, writes a record, returns JSON. The kind of glue every real system has dozens of. Boring is exactly what you want when you’re measuring the platform and not the app.

    The short answer

    If you just want the verdict: Cloud Run wins for anything containerized and anything where you care about not storing deploy keys. Azure Functions wins when your automation already lives in the Microsoft ecosystem and benefits from Logic Apps, Event Grid, and Entra sitting right next door. Both run our worker for $0/month. The tie-breakers are deploy security and what else is in the neighborhood.

    Now the detail.

    Deploying the same worker

    This is where the two platforms feel most different, and where Google Cloud quietly pulls ahead.

    How we do it

    Azure Functions Google Cloud Run Verdict
    Unit of deploy Function app (code + host) Container image Cloud Run if you’re already containerized
    Deploy auth Publish profile / service principal Workload Identity Federation — no stored keys Cloud Run, decisively
    Cold start Noticeable on Consumption plan Negligible at our scale Cloud Run
    Local dev parity Functions Core Tools (good) “It’s just a container” (great) Cloud Run

    The headline is the deploy auth. Our Cloud Run workers deploy from GitHub Actions using Workload Identity Federation — GitHub proves its identity to Google with a short-lived token, and no service-account key is ever stored in the repo. That’s not a convenience; it’s the single biggest reduction in credential risk you can make in a CI/CD pipeline. Azure Functions can get close with OIDC + a service principal, but the container-native, keyless Cloud Run path was simpler to lock down and is the model we standardized on.

    What the free tier actually gives you

    Both platforms have genuinely generous always-free serverless tiers. The numbers that matter for a glue worker:

    How we do it

    Metric Azure Functions Google Cloud Run Verdict
    Free requests/month 1,000,000 2,000,000 Google — 2× headroom
    Free compute 400,000 GB-s 360,000 GiB-s + 180,000 vCPU-s Roughly even
    Scale to zero Yes (Consumption) Yes Tie
    Max instances control Yes Yes (and per-service concurrency) Cloud Run, slightly
    Our actual bill $0 $0 Tie where it counts

    At our volume — thousands of invocations a month, not millions — both are free and stay free. The 2M-vs-1M request gap only matters if you’re genuinely high-traffic. For most glue workloads, you will never see a bill on either.

    The neighborhood effect

    A serverless function is rarely alone. It fires because something happened and it triggers something else afterward. That’s where the ecosystems diverge — and where Azure earns its keep.

    • Azure Functions sits next to Logic Apps (4,000 free built-in actions/month), Event Grid (100,000 free operations/month), and Entra ID for identity. If your automation is event-driven and Microsoft-centric, the glue around the function is already there and already free.
    • Cloud Run sits next to Eventarc, Cloud Workflows, Pub/Sub, and Cloud Scheduler — the same pattern on Google’s side, equally capable.

    Neither is “better” in the abstract. The right answer is whichever cloud your other services already live in. A function that triggers a Logic App next door beats a function that has to reach across clouds to do the same thing.

    What surprised us

    • Cloud Run cold starts basically disappeared. At our concurrency the container was warm often enough that we stopped thinking about it. Azure Functions on the Consumption plan had more noticeable cold starts for the same workload.
    • Azure’s free side-resources are real. Functions itself is free, but watch the storage account and Application Insights it provisions alongside — those can accrue tiny charges. Set a budget alert on day one.
    • Keyless deploy changed our security posture more than any single config. Once the repo holds zero secrets for deploys, an entire category of “leaked key” incidents just can’t happen.

    The takeaway

    For a containerized, security-conscious, GitHub-Actions-driven stack, Cloud Run is our default — the keyless deploy and the request headroom settle it. But “default” isn’t “only”: when a workload belongs in the Microsoft ecosystem — triggered by Microsoft events, feeding Microsoft services, governed by Entra — Azure Functions is the right tool, and it runs for the same $0.

    Run the same worker on both for a week. The platform stops being a religious debate and becomes a placement decision: put the work where its neighbors already are.

    This is part of our “Two Clouds, One Site” series — we run the same media property on both Azure and Google Cloud, on the free tiers, and write up what we learn. The lab lives on tygart.media; the findings publish here.

    Frequently asked questions

    Is Azure Functions or Cloud Run cheaper?
    For typical glue workloads, both are free and stay free. Cloud Run offers more free requests per month (2M vs 1M) and Azure offers 400,000 GB-seconds of free compute. At thousands of invocations a month you will not see a bill on either; the cost difference only appears at high traffic.

    Which is more secure to deploy?
    Cloud Run, because it supports keyless deploys via Workload Identity Federation — GitHub Actions authenticates with a short-lived token and no service-account key is stored in the repo. Azure Functions can approximate this with OIDC and a service principal, but the container-native keyless path is simpler to secure.

    Can I run the same code on both Azure Functions and Cloud Run?
    Yes. If you package the worker as a container, Cloud Run runs it directly and Azure Functions can run it via a custom handler or containerized function. We deploy the same worker logic to both; the differences are in deploy tooling and the surrounding event services, not the code.

    When should I choose Azure Functions over Cloud Run?
    Choose Azure Functions when your automation already lives in the Microsoft ecosystem — triggered by Event Grid, orchestrated by Logic Apps, or governed by Entra ID. Co-locating the function with the services it talks to beats reaching across clouds.

    Do serverless cold starts matter on either platform?
    At moderate concurrency, Cloud Run cold starts were negligible in our testing because the container stayed warm. Azure Functions on the Consumption plan showed more noticeable cold starts for the same workload. For latency-sensitive endpoints, test under your real traffic before deciding.

  • The $0 Cloud Stack: Running a Real Media Site on Azure and Google Cloud Free Tiers

    The $0 Cloud Stack: Running a Real Media Site on Azure and Google Cloud Free Tiers

    Most “Azure vs Google Cloud” articles are written by people who run neither in production. They paraphrase the pricing pages and call it a comparison.

    We do something different: we run the same media property on both clouds at the same time — and the entire thing costs $0/month. Google Cloud is the live operational stack. Azure is a parallel “newsroom” of always-free services running on a dedicated lab domain, tygart.media, mirroring each capability of the live site. Two clouds, one operation, both AI ecosystems watching it work.

    This is the desk-by-desk breakdown — what each cloud actually does for us, where the free tier runs out, and which one wins each specific job. No theory. This is the running system.

    Why run on both clouds at once

    There’s a strategic reason beyond “free is fun.” Search and AI assistants don’t share a brain. Google’s models optimize for Google’s index; Microsoft’s Copilot and Bing optimize for Microsoft’s graph. When ~84% of your organic traffic comes from Bing, having your stack only inside Google’s telemetry is a blind spot.

    Running enrichment through Azure puts the same content inside Microsoft’s service graph the same way Google Cloud puts it inside Google’s. You stop guessing how each ecosystem sees you, because you’re operating inside both.

    The serverless compute plane

    The heart of the stack: code that runs after you push a file and close the laptop.

    How we do it

    Azure Google Cloud Verdict
    Service Azure Functions Cloud Run Cloud Run for containers; Functions for glue
    Free ceiling 1M requests/month 2M requests/month Google, on raw headroom
    Deploy model Functions Core Tools / GitHub Actions Keyless deploy via Workload Identity Federation Google — no stored keys is a real security win
    What surprised us Generous, but watch billable side resources Cold starts negligible at our scale
    Our bill $0 $0 Tie where it counts

    Pick Cloud Run if you’re already containerized and want keyless CI/CD. Pick Azure Functions if your automation lives in the Microsoft ecosystem and you want Logic Apps next door.

    The content enrichment desks

    This is where Azure’s always-free tier quietly outclasses expectations — a full newsroom of AI services that never bill at our volume.

    How we do it

    Job Azure Google Cloud Verdict
    Translation Translator — 2M chars/mo free (~300 articles) Cloud Translation Azure — bigger perpetual free ceiling
    Article audio Neural TTS — 500K chars/mo Cloud Text-to-Speech Toss-up; both natural
    Entity extraction (for GEO) AI Language — 5K records/mo Cloud Natural Language Azure — likely the same signal family Bing uses
    Site search Azure AI Search — 3 indexes free Vertex AI Search Azure — it’s the engine behind Bing

    The entity-extraction line matters most. We feed articles through Azure AI Language to pull named entities and key phrases, then saturate the content with them. We’re optimizing for the same entity signals Microsoft’s own systems use to select content — which is the whole game when Bing drives most of your traffic.

    The storage and front-end layer

    How we do it

    Job Azure Google Cloud Verdict
    Document store Cosmos DB — 1,000 RU/s + 25GB free Firestore Azure — Cosmos free tier is generous (one per subscription)
    Relational Azure SQL — serverless free Cloud SQL (no perpetual free) Azure, clearly
    Static hosting Static Web Apps — 100GB bandwidth Firebase Hosting Tie; both excellent

    For a small operations ledger or a knowledge base, Azure’s always-free Cosmos DB and serverless SQL are the standout — Google Cloud has no equivalent perpetual-free relational tier.

    What it actually costs: nothing (if you’re disciplined)

    The honest caveat: free compute can still trigger billable side resources. A “free” VM drags along disks, public IPs, and monitoring logs that bill immediately with no throttling. The discipline that keeps the bill at zero:

    1. Deploy from the free-services blade, not the general catalog.
    2. Set a budget alert on day one — before you provision anything.
    3. Prefer serverless over VMs — the consumption tiers reset monthly and don’t drag side resources.
    4. One Cosmos DB free tier per subscription — plan around it.

    Do that, and a real, AI-enriched media property runs across two clouds for $0.

    The takeaway

    Single-cloud is a bet that one ecosystem’s view of your content is the only one that matters. When the traffic data says otherwise — when most of your readers arrive through the other company’s search and AI — bilateral cloud stops being a novelty and becomes the obvious posture. The free tiers make it cost nothing but discipline.

    Frequently asked questions

    Is it really free to run on both Azure and Google Cloud?
    Yes, at small-site scale. Both clouds offer always-free serverless tiers (Azure Functions 1M requests/month, Cloud Run 2M requests/month) plus free AI, storage, and hosting services. The cost risk is billable side resources like VM disks and public IPs — avoidable by staying serverless and setting a budget alert.

    Which is better for serverless, Azure or Google Cloud?
    Cloud Run wins on raw request headroom (2M vs 1M/month) and keyless deploys via Workload Identity Federation. Azure Functions wins if your automation already lives in the Microsoft ecosystem and benefits from Logic Apps and Event Grid next door.

    Why would you run the same site on two clouds?
    AI ecosystems don’t share telemetry. Google’s models favor Google’s index; Bing and Copilot favor Microsoft’s graph. If a large share of your traffic comes from Bing, running enrichment through Azure puts your content inside Microsoft’s service graph instead of leaving it a blind spot.

    Does Azure have a better free tier than Google Cloud?
    For perpetual always-free services, Azure is broader — 65+ always-free services including Cosmos DB (1,000 RU/s + 25GB) and serverless Azure SQL, which Google Cloud has no direct perpetual-free equivalent for. Google Cloud wins on serverless request volume and keyless security.

    What’s the catch with Azure’s always-free tier?
    Limits reset monthly and overages bill immediately with no throttling. Free VMs also trigger billable disks, public IPs, and monitoring logs. Deploy from the free-services blade, prefer serverless, and set a budget alert before provisioning.