Microservices on

Azure Kubernetes Services

Explore how we use Microsoft technologies to design, build and deploy Microservices

Overview

Microservices on Azure Kubernetes Services

Microservice is loosely coupled and it can be developed and deployed independently. Microservices typically communicate through services, and it will be identified well-defined service discovery. In this method, we easily define, deploy, debug and upgrade microservices applications and automatically containerize our applications. All the services are separated based on their domains and functionalities and are further allotted to individual microservices.

These microservices have their own load balancer and execution environment to execute their functionalities, at the same time capture data in their own databases. All the microservices communicate with each other through a stateless server which is either REST or Service Bus.

Our Services

Azure Kubernetes Services has its own components which matches these requirements for implementing microservices architecture.

IP address

IP Address are assigned to pods where each micro service will be deployed and which is available all the time.

Load balancing

All the service request traffic sent to load balancing server from there it is sent to the respective API gateway based on the availability of the resources which in term will redirect to the specific services.

Service Discovery

All the microservices are assigned to the DNS entries which will be used by API Gateway to identify the services dynamically based on the request from client and redirect it to the specific services.

API Gateway

API gateway sits between clients and microservices, it is responsible for redirecting the services request from the clients to the services. API Gateway can be implemented using number of different technologies such as Nginx, Azure Application Gateway and Azure API management.

Scalability Considerations

Kubernetes supports two level of scaling PODS and Nodes. Manually we can do the scaling of resources, but recommendation is to automate it since when the resource utilization is high the service will not be available which should not happen in real time.

Our Tool-driven Approach

We provide services for building an application using Microservice patterns with robust Microsoft technologies and frameworks.

Clients

Different users from various devices like mobile app, tab and browsers will access the applications.

Azure Kubernetes Service

AKS cluster is managed container orchestration service available in MS Azure environment to implement microservices architecture application.

Azure Load Balancer

Azure load balancer is created and configured with public IP address and all traffic is redirected to azure load balancer and it’s responsible to redirect to specific API Gateway based on the load.

Azure Active Directory

AKS uses AD Identity to create and manage azure services required while creating Kubernetes clusters. Azure AD can be used to authenticate users for accessing applications installed in POD.

Nodes & Pods

AKS cluster has one or more node whish is an Azure Virtual Machine. AKS pod is responsible for running the application basically it’s an instance of your application.

Authentication Service

We have used OAuth to get authenticated from server and provide valid token which is used across services to have securely accessing data from one service to another service.

Data Storage

As Microservices architecture do not support share storage data between services and work independently, the Data should not be stored in local cluster because it will be lost when we do deployment always, data should be stored in some external services Azure SQL.

Azure Monitor

Collect all data from different azure services like metric and logs. We can user this data to monitor health of application, setting up alerts on any azure service failure and do analytics on data which is collected from different azure services.

Role-Based Access Control

Azure RBAC for accessing azure resources for creating new resources or accessing existing resources. Permissions or rights will be assigned to specific users/groups. Kubernetes RBAC is used to create POD or listing/accessing POD.

Secrets

Application is required to access some of azure services (via Managed Identity) or external services (Azure Key Vault/3rd party integration) for that we need some credentials to access it which has to be kept in confidential.

Azure DevOps CI/CD Pipeline

Azure DevOps pipelines features help our application to get built with Docker containers and deploy them to Azure Kubernetes clusters (AKS). Development teams commit all the source code changes to the Azure repository in VSTS.

Azure continuous will be triggered as soon as code checking is done based on settings in VSTS and it will start building the app as a docker image and push that docker image to Private Azure Container Registry if build successful. Once the image is successfully created and pushed to the Azure container registry release plan will be triggered and based on the config file it will deploy applications from docker images to pod which are running in AKS.