I’ve read a fair bit about Kubernetes over the last couple of years but never got around to having a proper hands on go at running applications in a Kubernetes cluster. Most of my cloud development has been on AWS however my workplace for the past almost 2 years has been on Azure so decided to give AKS a go.
My approach to getting a proper feel was to have a couple of very simple applications hosted on AKS with typical application requirements such as exposing an API to the public internet with custom DNS, TLS termination, some type of application secret management, pub/sub via an API call and a worker subscribing to the published message etc.
You can find the source code here on Github with complete steps on getting the solution running on AKS.
The solution includes two .NET Core 3.0 applications, an API and a background worker process, intentionally kept very simple.
The ASP.NET Core 3.0 API provides a few endpoints:
1. GET /env which returns the machine / pod name that the API is running on.
2. GET /secrets which returns all the applications secrets
3. POST /command which sends a message to Azure Service Bus using NServiceBus
The .NET Core 3.0 worker process subscribes to the message sent by the /command API endpoint and simply does a console.writeline on the message body.
The solution uses Azure Active Directory Pod Identity to assign User Managed Identities to pods allowing access to Azure resources. The application’s in the solution use two different types of Azure resources, Azure KeyVault and Azure Service Bus. The reason why I chose KeyVault for secret management was that it by default provides encryption at rest and is easily configured to provide auditing and soft deletes.