The advice always had the same shape. Your auth traffic is spiky. Your Kubernetes cluster sits mostly quiet. Azure Container Apps scales to zero and bills you for what you use. You are paying around the clock for a cluster that spends most of its life waiting.

We took it seriously enough to cost the migration properly. Then we killed it. Not because of the price of the cutover, and not because of cold starts, although cold starts alone should have been enough. We killed it because the platform's vocabulary is missing a number, and it's the only number our auth core actually cares about.

Serverless counts to zero and to N

Scale-to-zero runtimes know two numbers. Zero, when nobody is calling. N, when they are, with N floating on demand. For stateless request handling that vocabulary is perfect, which is why the advice sounds so right. Most web backends really are that shape: every request independent, every instance disposable, zero traffic deserving a zero bill.

An auth system's public face looks like that too. Token endpoints, login pages, JWKS. Stateless, spiky, cache-friendly.