We are deploying kind of micros services developed in .Net core and will be deployed in Azure WebApp
There will be numerous communications between these WebApps.
Now as WebApp is internet facing, all calls between them will go through internet which will have impact on performance.
Apart from ASE (App Service Enviornment), is there any way we can achieve this?
Yes you can do that with Access Restriction:
az webapp config access-restriction add --resource-group ResourceGroup --name AppName \
--rule-name 'IP example rule' --action Allow --ip-address 122.133.144.0/24 --priority 100
https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#adding-and-editing-access-restriction-rules-in-the-portal
ps. AKS would probably be a better option for microservices ;)
There are two ways to have communication over private IP between two web app.
Configure regional VNET integration on either or both web app.
Think of having Azure Application gateway before web app one and configure access restriction to allow access to only application gateway subnet.
https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions#set-a-service-endpoint-based-rule
Some other use cases
Use Service fabric if you don't want to expose web application to internet.
You can also think of putting both application as backend to API management.
https://learn.microsoft.com/en-us/azure/api-management/api-management-using-with-internal-vnet?tabs=stv2#routing
whenever you have application gateway enabled that time app gateway act as interceptor and forwards the traffic hence both of your web app can communicate over a private IP.
Related
When developing backend microservices that sit behind an API Gateway how do you develop locally, ensuring that client requests to a single endpoint (the API gateway) and request path are routed to the right local service?
The Microsoft eShopOnContainers architecture example uses Envoy as a local API Gateway (it used to be Ocelot) but how would you then deploy a stack like this to the cloud, keeping your local and cloud API Gateways in sync with the right request routing, resource descriptions, etc? Do you essentially need to manage two API gateway configurations?
I'm aware of SAM and sam local start-api but I'm referring to other backend services that aren't serverless, e.g. using VpcLink.
We're planning to develop some microservices based on the play framework. They will provide rest apis and lots of them will be using akka cluster/cluster-sharding under the hood.
We would like to have an api gateway that exposes the apis of our internal services, but we're facing one big issue:
- Multiple instances of each service will be running under some ip and port.
- How will the api gateway know where the services instances are running?
- Is there maybe something load-balancer-like for play that keeps track of all running services?
Which solution(s) could possibly fill the spot for the "API Gateway"/"Load Balancer"?
The question you're asking is not really related to play framework. And there is no single answer that would solve what you need.
You could start by reading akka Service Discovery and then make your choice based what fits you more.
We're building services with akka-http and use akka-cluster but use unrelated technologies to expose and run the services.
Check out
Kong for API Gateway
Consul for DNS based service discovery
docker swarm for running containers with mesh network for load balancing
You are looking for following components,
Service Registry : The whole point of this component is to keep track of "what service are running on what addresses". This can be as simple as a simple database which keeps entries for all the running services and their instances. Generally the orchestration service is responsible to register new service instances with Service Registry. Other choice can be to have instances themselves notify the service registry about their existence.
Service Health Checker : This component is mostly responsible for doing periodic runtime checks on the registered service instances and tell service registry if any of them is not working. The service registry implementation can then either mark these instances as "inactive" till they are found to be working by Service Health Checker in future (if ever).
Service Resolution : This is the conceptual component responsible for enabling a client to somehow get to the running service instances.
The whole of above components is called Service Discovery.
In your case, you have load-balancers which can act as a form of ServiceDiscovery.
I don't think load-balancers are going to change much over time unless you require a very advanced architecture, so your API gateway can simply "know" the url's to load-balancers for all your services. So, you don't really need service registry layer.
Now, your load-balancers inherently provide a health-check and quarantine mechanism for instances. So, you don't need an extra health check layer.
So, the only piece missing is to register your instances with the load balancer. This part you will have to figure out based on what your load-balancers are and what ecosystem they live in.
If you live in AWS ecosystem and your load balancers are ELB, then you should have things sorted out in that respect.
Based on Ivan's and Sarvesh's answers we did some research and discovered the netflix OSS projects.
Eureka can be used as service locator that integrates well with the Zuul api gateway. Sadly there's not much documentation on the configuration, so we looked further...
We've now finally choosen Kubernetes as Orchestator.
Kubernetes knows about all running containers, so there's no need for an external service locator like Eureka.
Traefik is an api gateway that utilizes the kuberentes api to discover all running microservices instances and does load balancing
Akka management finds all nodes via the kubernetes api and does the bootstrapping of the cluster for us.
Currently I'm working on a real-time online game. First I implemented a go server with socket.io for handling messages between client and my game world and it works fine. Now for user data managing I need a http api for some functionality like login. I want to use awesome http/net package for that purpose. Should I serve the http server on different Port?
My next question is for deploying I want to use google container engine. Can I use pods with two ports open?
As far as I understood from your explanation, you need two ports open for two different APIs running in your application. Regarding Exposing two ports in Google Container Engine, you can read the discussion here that describes ways to expose ports in a pod.
Moreover, I invite you read this tutorial that involves deploying an API in a GKE cluster with a containerPort in a pod, Creating a Kubernetes service to allow internal cluster traffic to your pods (routing requests on an incoming port to your API targetPort), and creating an Ingress service to define what traffic is allowed into your cluster and where it goes. You can define different APIs with different targetPorts and run them on different pods. You can try it as an alternative. For more documentation on Exposing Applications using Services, you can read this GKE doc.
I'm building a small web application for a personal project. It will be an Angular web application which will talk to a Spring-Boot service layer which in turn will read/write stuff to MongoDb.
I hope to host all this on a single EC2 instance in AWS. My question is how to configure a web server (like Apache but doesn't have to be) to 'beautify' the URLs a bit. Example, without touching anything angular will run at something like host:4200 and the service layer at host:8080. I will then have to map a proper domain to host in AWS, but the hiding of ports etc is where it gets murky for me.
I want to be able to hit my web app at domain.com (no ports etc) and I also want my service layer to ideally have a similar setup e.g. domain.com/service (no ports etc).
How do I configure a webservice to do this for me? Examples or pointers to specific examples would be ideal, but even a pointer to the right documentation will be helpful.
This thread is kind of similar to what I want but not too helpful: How to deploy Spring framework backend and Angular 2 frontend application in any online server?
You can use a setup with AWS CloudFront as reverse proxy and CDN cache. You can map the Domain Name and SSL Certificates(You can use AWS issued free SSL Certificates through AWS Certificate Manager) to CloudFront while the EC2 instance is plugged as an origin behind CloudFront as shown in the following diagram.
In the diagram I have optionally added, which is a common practice in designing applications in AWS.
Hosting the Angular App in S3
Using Autoscaling & Loadbalancing for EC2 instances.
You need to use Apache or other web server as a reverse proxy. Start here -
https://devops.profitbricks.com/tutorials/configure-apache-as-a-reverse-proxy-using-mod_proxy-on-ubuntu/
You then will need to setup a custom domain name. The easiest option is to just use an ELB (now called Classic Load Balancer). More details are here -
http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/using-domain-names-with-elb.html
Please find our application configuration.
Deployment server : Azure web role
Architecture : Multi-Tier
Presentation & Service Tier : Azure VM - MVC application & Asp.Net Web API
Database Tier : Azure VM - SQL server 2012
Both presentation and service running in same VM but separate application in IIS. This is working fine.
When scalability is concern, we have migrated our application into azure web role.
We have bought two cloud services and created two web role for each one(Presentation & Service)
And found application performance is too slow when comparing with previous implementation.
And we found the cause is,
Previously both presentation and Service in same VM and shared data using Internal IP address with in the machine itself.
But now, since both application in different cloud service, sharing information over internet using Public IP address(sharing between cloud service) took time.
Can multiple website(both presentation & service) hosted in single web role and information will be shared using internal IP? Can anyone advice?
Yes you can add more then a single web role to a cloud service and you will avoid the public IP problem you described.
In your CloudService project find the “Roles” node
Right click on it and add another web role
Regarding the IP communication between machines on the same cloud service, you will need to set a static IP to your instance if you don’t the IP address might change if a the machine restarts for some reason