This article shows how to conceptualize, architect, build, and deploy an application that uses projects from the Cloud Native Computing Foundation (CNCF) after you deploy Azure Kubernetes Service (AKS). The architecture describes the CNCF Projects App on GitHub. The setup instructions in the repo provide steps for deploying the architecture.
You can deploy this architecture on any Kubernetes cluster, not just AKS. It provides one example of the flexibility of the AKS platform. AKS makes it simple to deploy a managed Kubernetes cluster in Azure.
After you review this article, you'll have a good understanding of how to deploy a typical application that's made up mostly of CNCF projects.
Potential use cases
These other uses cases have similar design patterns:
- Creating a CI/CD pipeline for container-based workloads
- Using GitOps for AKS
Architecture
Download a Visio file of this architecture.
The workload is a simple web application that employees can use to submit and view expense reports. When an employee submits an expense report, the employee's manager receives an email.
Application flow
1. The employee accesses a web app via NGINX Ingress to submit expenses.
2. The web app calls an API app to retrieve the employee's manager.
3. The web app pushes a message that's generated for the creation of the expense report to a NATS queue.
4. The expense report is saved in MySQL.
5. NATS Connector invokes the Email Dispatcher OpenFaaS function with the expense message as the payload.
6. Email Dispatcher creates a SendGrid message.
7. SendGrid sends an email to the retrieved manager for review.
DevOps flow
a. Developers write or update the code in Visual Studio Code.
b. Developers push the code to GitHub from their local workspace in Visual Studio Code.
c. Tekton pipelines pull in the GitHub code.
d. Pipelines push and pull a container image from a Harbor registry.
e. Tekton deploys the web app, API app, and Email Dispatcher applications.
f. Prometheus captures application metrics.
g. Engineers monitor metrics on a Grafana Dashboard.
h. DevOps engineers monitor the Grafana Dashboard.
Infrastructure
i. AKS cluster that's based on the infrastructure presented in the AKS baseline.
ii. Rook Ceph that's used for cluster storage.
iii. Linkerd service mesh.
iv. Jaeger for overall application tracing on the Kubernetes cluster.
Cluster operations
You might find it beneficial to manage clusters and cluster bootstrapping by using GitOps management. Flux is a popular GitOps operator. It's often paired with GitHub Actions to enable validation on updated manifests and Helm charts.
Components
Azure
- Azure Kubernetes Service (AKS). Provides the managed cluster infrastructure.
- Azure App Service. Used to build the web app and API app.
Open-source software (OSS)
- Kubernetes. CNCF. Automates deployment, scaling, and management of containerized applications.
- Rook. CNCF. Provides storage management for the clusters.
- Harbor. CNCF. Container registry for the images.
- NATS. CNCF. Provides publish/subscribe messaging for messages that are generated to create the expense report.
- Linkerd. CNCF. Service mesh that integrates with OpenFaaS, NGINX, Prometheus, and Jaeger.
- Prometheus. CNCF. Captures application metrics.
- Jaeger. CNCF. Provides overall application tracking on the Kubernetes cluster.
- OpenFaaS. Used to deploy the Email Dispatcher function.
- MySQL. Database that stores the expense reports.
- NGINX. Kubernetes ingress controller that employees use to access the web app to submit expense reports.
- Tekton. Continuous Delivery Foundation project that's used for continuous integration / continuous deployment (CI/CD). Deploys the web app, API app, and Email Dispatcher applications.
- Grafana. Dashboard for application metrics.
- SendGrid. External email service that sends mail to the manager for expense report review.
- GitHub. Code repository. Tekton pipelines use GitHub code.
- .NET Core. Used for the web front end and the web API.
- Flux. Provides GitOps management.
Alternatives
This project uses CNCF graduated and incubated projects. There could be multiple alternatives for the services used. See the CNCF website for alternatives. Here are some resources that describe some of them:
- Comparison of service mesh options
- Function as a service (serverless) alternatives
- Vitess: sharded MySQL on Kubernetes
- Monitoring your microservices by using Zipkin and OpenTracing
- GitOps with a developer-centric experience
You can consider various Azure services as alternatives. For example, Application Gateway Ingress Controller, Azure Container Registry, and Azure Monitor.
Microsoft also supports OSS projects, including Open Service Mesh.
Considerations
- For the Kubernetes cluster, you need at least a 3-node user-node pool with virtual machine (VM) SKU DS2_v2 or larger.
- Volumes that use Azure managed disks can't be attached across zones. They must be located in the same zone.
- Rook installation can take between 20 and 25 minutes. Be sure the Ceph cluster is completely provisioned before you move on to the next step.
- The Jaeger setup takes about 5 minutes.
- It takes about 12 minutes for Linkerd to appear in the dashboard.
Deploy this scenario
Deploy this scenario from the Azure/cloud-native-app GitHub repo. Follow the setup instructions in the provided sequence to deploy the CNCF Projects App in your environment.
This repo is a community project. It accepts and approves pull requests (PRs) for enhancements and modifications from the community.
Pricing
You can use the Azure pricing calculator to estimate costs. Following are some pricing considerations for running this project in Azure. A negligible bandwidth cost applies.
Virtual Machine Scale Sets
VMs that are used in Azure Virtual Machine Scale Sets for the AKS cluster incur a charge. For more information, see Virtual Machine Scale Sets pricing.
Storage
Storage costs apply for each data disk that's required by the Rook installation. For this 3-node AKS cluster, the Rook configuration uses two data disks per node: a 1-GB disk and a 200-GB disk. For more information, see Storage cost pricing.
Load balancer
The load balancer that's associated with this AKS cluster incurs a charge. For more information, see Load Balancer pricing.
Virtual network
The virtual network that's used by the AKS cluster incurs a charge. For more information, see Virtual Network pricing.