I am planning to deploy multiple applications on Azure kubernetes and each application will have multiple services.
I will have Azure API management in front of the kubernetes services.
As each application will have multiple services, how do I register those services in Azure API management? Would it be one by one? Is there a way to generate swagger document for the kubernetes services and register at once?
If you want to register them as a different services, yes you need to do one by one. But there is a way You can create a single API in API Management that points to multiple different backend APIs. Use the set-backend-service policy to change the backend API for certain operations.
Related
Follow up to other question posted here:
Azure microservices: authenticating downstream APIs from B2C to Azure AD, how to configure AD?
All our apps and microservices are hosted in a AKS cluster.
Want to have a single webapp decoupled from other services: using a message broker seems a good approach.
How should a public-facing portal be setup to be able to push data down into a queue or endpoint
How can calls to specific API endpoints and microservices to and from the webapp be secured from the public FE?
How would this be configured in terms of authentication, app reg etc.?
Lets answer your questions one after another which you have.
The first question
How should a public-facing portal be setup to be able to push data down into a queue or endpoint ?
For this first we need to use a Web API to push data to Azure Service Bus Queue. You can create a new ASP.NET Core Web API project and install Azure Service Bus NuGet package. Check this document for the way to do it.
Then we can use Service Bus Queue trigger Azure function to read the message from the queue and the process it or store it depending on the requirement. Check Azure Service Bus trigger for Azure Functions for more information.
The second question
How can calls to specific API endpoints and microservices to and from the webapp be secured from the public FE ?
We can achieve this requirement by securing the front end using Application Gateway. We need to configure Application Gateway in front of the Web API.
Check this Configure App Service with Application Gateway document from Microsoft for more information.
Lastly, the third question
How would this be configured in terms of authentication, app reg etc.?
In this case we can use Azure Managed Identity. Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.
So, we can use Azure Managed Identities with the Azure Resources like AKS. Check this Use managed identities in Azure Kubernetes Service for more information.
I have deployed multiple apps on azure kubernetes and have azure API management in front.
As I have deployed multiple apps that spans across various portfolios, would it be possible to configure the Azure API management with multiple URLs, ideally per application?
Yes you can add multiple custom domains to APIM.
Reference : https://learn.microsoft.com/en-us/azure/api-management/configure-custom-domain
This feature also depends on the Tier of your APIM. Consumption, Basic and Standard Tier do not have this feature.
Reference : https://learn.microsoft.com/en-us/azure/api-management/api-management-features
I am looking for scalable hosting for an API but I am getting a little confused with Azure. Ideally I want something that means I don't have to manage OS updates and security, just deploy my API code.
Is this possible with Azure? What do I need to sign up for?
In general, you are looking for the Platform as a service offer. Check What is PaaS?. For the API deployment you should check the Azure App Services. Azure API Management is for advanced API management or when you want to expose multiple APIs using a single gateway.
My understanding so far on PaaS deployment using WebRoles or Worker Roles-
Spinning Web roles or Worker roles will create Cloud service to manage it.
However, in ARM resource group, their is no concept of Cloud service, then how are web & worker roles managed in ARM resource group?
Also I tried adding the webroles via JSON Outline in VS 2015, but no option to add webroles. So not sure if you can deploy webroles via JSON template?
Any information will be of great help.
Cloud Services have been around since the beginning of Azure.
To the deploy or manage them, you have to use the old APIs (Azure Service Management).
As far as I know, they won't be migrated to the new APIs (Azure Resource Manager), but you could use Virtual Machine Scale Sets instead.
Azure Resource Manager Web apps rely on the concept of App Service Plans, rather than cloud services. Basically this is the underlying VM(s) that the service runs on. You can specify the size and number of servers that make up the App Service plan, and then deploy on to those as a single unit.
You create an App service plan, then run web / worker roles inside that (as well as Logic, API, Functions)
As far as Web / Worker roles are concerned, App Service Plans do not draw a distinction between the two. You simply deploy code to it and it will run it however it is packaged. See here
The concept of cloud services simply don't exist within the Azure Resource Management model.
You can find a template for deploying a Web App here
I am trying to integrate my azure solution with different cloud providers. I need to pull data from different cloud providers. They will expose the data via Rest services. I need to pull the data and publish it to my Azure platform. I am thinking of using the Azure Service Bus to pull the data and publish to an Azure Event Hub. Do you think this is better approach or any other good way to connect to a different cloud from Azure.
If the cloud providers you're trying to integrate with made data available via a RESTful API, I don't think Service Bus is going to help you. To make use of Service Bus, the third party cloud providers would need to enqueue data to a Service Bus Queue or Topic.
If you're trying to consume data periodically from RESTful APIs, how about using an Azure WebJob that calls those third party RESTful APIs on an interval, then processes the data?