The following articles uses APIM + Server less function apps to expose functionality. Not covering any sercurity aspects. But very simple step by step implementation details for using azure APIM and hooking funtion apps.
-------------------------------------------------------------------------------
Azure Functions provide us with greater flexibility in our application architecture. Let’s see how we can build a serverless microservices architecture with Azure Functions and Azure API Management.
These days, adopting a Microservices architecture seems to be commonly implemented through the use of containers. Microservices can be deployed in a number of ways and ultimately the best choice is the one that suits your needs.
In a previous article in this series, I gave a quickstart tutorial for Azure Functions. Today let’s see how one can build out microservices with Azure Functions and some help from Azure API Management (APIM).
1| Getting Started
Azure Functions allow us to leverage trigger-based serverless capabilities to fulfill our development goals without the traditional overhead associated with, hosting, management, scaling, etc.
Azure API Management is a cloud service that allows developers to manage, secure, and maintain their APIs in-depth including relevant configurations (API gateways, rate-limiting, versioning, and more…) regardless of where the servers are hosted.
To attempt this walkthrough you will need to have:
- An active Azure account and subscription. You can create an account for free and obtain a free Azure trial subscription.
2| Architecture Design
In this walkthrough, we will be going serverless and leveraging APIM to build a simple Microservices architecture building off of the quotes Azure Function we built in this previous article. If you would like to follow along reference that article first!
Our Microservices
The focus of this walkthrough is to get a hands-on introduction to APIM and Azure Functions. We will build a very simple microservices architecture.
We will have two services our client applications can access.
Quotes Service — supplies clients with randomly served quotes.
Author Service — allows clients to look up information about an Author.
3| Create Author Service Function
From the Azure portal, create a new function app and fill out the following basic settings:
You can keep all other settings the same. Select Review + create and then select Create.
Next, open the newly created Function App which I have named author-quite-service (you will come up with your own unique name), select Functions from the side menu, and then +Create.
You will be prompted with the Create function menu. To expedite things, select Develop in portal for the Development environment option and HTTP trigger for the template, and fill out the rest of the prompts like so:
Once in the portal of the author-lookup-function, select Code + Test from the side menu so we can implement the service functionality.
Copy the following code into the function body:
Don’t forget to hit save! feel free to select Test/Run to try out the implementation.
Next, modify and visit the following URL to ensure that it is working
https://{Your Author Function App Name}.azurewebsites.net/api/author-lookup-function?authorName=Maya%20Angelou
Note the addition of the query parameter authorName which we can set to one of our authors.
4| Create Quotes Service Function
If you haven’t already, check out this previous article where we run through creating the Quotes Azure Function which we will be using as one of our microservices.
5| Creating Azure API Management Resource
In your Azure Portal, select API Management Services and click +Create.
Then proceed to create an API Management Resource with an appropriate set of Basic configuration settings. Here is mine for reference:
Note, I am using the Consumption pricing tier as it is perfect for a microservices-based architecture. It runs on shared infrastructures, is billed on a per-execution-basis, and can scale up or down with demand.
We can leave all other settings as they are. Select Review + create and then select Create.
6| Add Function Apps to API Management Resource
Now that we have created both our Author and Quotes services, we will connect them with our APIM in Azure so that we can leverage them through a shared gateway as microservices.
In the Azure portal, open up your quote app APIM. From the side menu, select APIs, and then from the blade select Function App to add our services.
From here we can search for our Function Apps and follow the prompts to add them. Make sure to repeat this process for both Function Apps.
Once completed you should be able to access both functions via your APIM gateway.
7| The Result 🎉
We now have two endpoints accessible through a single APIM gateway that provide client access to our microservices.
Quote Service Endpoint Running
Author Service Endpoint Running
You can easily leverage your new services in a client application
In my last article, I showcased an Android app I put together that used our quote Azure Function. I have now expanded the app model to include our newly created author service!
Our quotes application now has two microservices, one to randomly generate quotes, and another to look up information about the quote author.
This is a simple example that serves as a basic introduction to leveraging Azure Functions in a microservices model and as additional usage and complexity are introduced to the application the model should prove more useful especially when aided by Azure API Management.
I hope this was a helpful introduction to using APIM with Azure Functions. Feel free to reach out if you have any questions or suggestions regarding this article.
Other components required along with above :
Authentication - Azure AD based authentication would be used to secure the SPA application REST API calls
Azure Front Door - Act as a global entry point for the requests and will leverage the WAF capability to protect the application from hacking.
Azure Application Gateway – Is a Layer7 load balancer, enabling path-based routing of traffic of static content & API calls. Will apply rule to accept traffic only from Azure Front door using X-Forwarded-Host and X-Azure-FDID headers values.
APIM – Will act as a gateway and proxy for all API requests. Will be deployed in internal mode, so that traffic is only coming from Application Gateway deployed subnet. The API gateway is the endpoint that:
• Verifies API calls to have valid JWT tokens, certificates, and other credentials.
• Enforces authentication of API calls.
• Forward the requests to backends app with proper authorization code.
• Enforces security using policy to limit using usage quota, rate limits and other OWASP security headers.
• Provides inbuilt caching for API responses and external cache with Redis.
• Allows implementation of gateway aggregation pattern, strangler patterns, queue-based load leveling using event Hubs.
• Logs call metadata for analytics purposes.
Azure Functions - All microservices will be deployed in azure function app. Function apps will use Elastic Premium plan to run and scale based on demand and avoid cold start with minimum pre-warmed instances. Will accept traffic only from private VNET of APIM by using Private EndPoints. Have VNET integration enabled to send outbound traffic via Private VNET to connect to backing services.
Static Content – Azure Storage V2 provides option to store static website-content and host SPA applications at very low cost. One can choose Geo-Redundant-Storage options to ensure high availability.
Private End Point - Azure Private Link enables to access Azure PaaS Services (e.g., Azure Storage, Cosmos DB and SQL Database) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network. Traffic between your virtual network and the service travels the Microsoft backbone network.
KeyVault – To store any secret information and certificates, which can be accessed by Azure Functions and APIM using Managed Identities (MSI).
Cosmos DB – A fully managed NoSQL database for modern app development. Single-digit millisecond response times, and automatic and instant scalability, guarantee speed at any scale. Business continuity is assured with SLA-backed availability and enterprise-grade security.
Redis Cache - Azure Cache for Redis provides fully managed open-source Redis within Azure. One can start with an Azure Cache for Redis instance of any tier (Basic, Standard, or Premium) and size, and scale it to meet your application's performance needs.
Azure Cognitive Search - Is a cognitive search service on azure that gives developers an architecture, APIs, and tools for building a rich search experience over private, heterogeneous content in web, mobile, and enterprise applications.
Log Analytics – All services in the architecture will have diagnostic logging configured which will be written to Azure log analytics Logs. Queries can be executed on the logs to sort, filter, and analyze them & perform statistical analysis and visualize the results in a chart to identify a trend.
Azure Application Insight - An extensible Application Performance Management (APM) service for developers and DevOps professionals. Can be used to monitor your live applications, gain insight into failure. It automatically detects performance anomalies, and includes powerful analytics tools to help diagnose issues and to understand what users’ behavior of the app.
Ref: https://serverless-architecture.io/blog/serverless-microservices-using-azure-examples/
No comments:
Post a Comment