Skip to main content

SMDS-ADR-006

StatusNOT STARTED / IN PROGRESS / COMPLETE
ImpactHIGH / MEDIUM / LOW
DriverUser 7f21c
Date

Decisions

  • Migration of API’s from Azure App Services to Perpetual Kubernetes Cluster

Context

This likely represents a more robustic Infrastructure with High Avaialablity, Auto Scaling, Security Standards, Repository Lifecyle and Less Maintenance Cost.

The focus here is on migrating all the existing Azure App Services to Kubernetes Cluster and usage of the most advance inbuilt Features of K8’s.

Discussion Topics

  1. Overcoming of Existing Challenges.
  2. Github Repostiory Life Cycle Management.
  3. Steps to Onboard an Application to K8’s

Resolving Challenges Due to Migration to Kubernetes

  1. Service Principles expiration affects the Deployment Pipelines and It requires a continues manual intervention on renewal.
  2. Easy of Onboarding and deploying applications in a build in auto scaling multi regions Clusters.
  3. Hashicorp vault is inbuilt with K8's Cluster which allows the simplicity in Secrets Lifecycle Management
  4. Implementation of service mesh adding more secure way of accessing the API’s and adding the performance in Application response.
  5. Better Control of deploying applications with secured pipelines along with Flux Module by Maintaining all config files in single repository.
  6. Quick way Accessing the Logs and connecting to the Pods to troubleshoot the issues
  7. MOP Features are in-built for Monitoring and Alerting along with Loki Logs
  8. Maintenance of K8's Cluster is under Perpetual Platform with Inbuilt Security Standards.
  9. Private Endpoint for Postgres Flexi Servers allows more secure connections from API to backend DB.
  10. Avoiding the Usage Cost of App Service Plan, App Service,Keyvaults, Storage Accounts, Application Insights etc

Github Lifecycle Managemnet

  1. Githib Repository Creation is Pre-Requesite of an Application Onbaord. Which involves the below criteria for the Access Management.

  2. Below are the repository Standards followed to ensure the Peer Review and Approval before deploying an application.

  3. Code Scanning is Mandatory as part of Maersk Security Standards. Secrets should not be exposed in the Application or Github Pipelines.

Steps to Onboard an Application to K8’s

  1. Onboarding Application to the Perpetual K8s Cluster.

  2. Deployment Pre-Requesites

  3. Service Mesh Onboard

  4. Multiregion Deployment

All these steps are explained in Detail in Seperate pages.

Was this page helpful?