Solution ideas
This article is a solution idea. If you'd like us to expand the content with more information, such as potential use cases, alternative services, implementation considerations, or pricing guidance, let us know by providing GitHub feedback.
Microservice architectures design applications as collections of loosely coupled services. In a microservices architecture, services are fine-grained and protocols are lightweight. Microservices offer benefits such as clear separation of concerns and decoupling of dependencies.
Microservices introduce complexities in the development cycle compared to traditional monolithic applications. Traditionally, development occurs in a local or virtual replica of the application stack, which configures and runs compute and storage components locally in isolation. In a microservice model, developers need to test their services against the existing architecture, catch integration issues early to save on build and deployment time, and keep integrated builds clean over the lifecycle of the application.
Development testing (DevTest) is a software development approach that integrates testing early in the development phase to speed development. DevOps is a set of practices that combine software development and IT operations to shorten the development cycle and provide high-quality continuous delivery. Kubernetes is an open-source container orchestration system for automating application deployments.
This solution architecture models a development and deployment environment that uses DevOps in DevTest for rapid iterative development of an Azure Kubernetes Service (AKS) microservice application.
Potential use cases
- Legacy application modernization
- Solutions requiring real-time processing (banking/finance or data streaming/media)
- RAM or CPU-intensive parts of an application (native language processing)
Architecture
Download a Visio file of this architecture.
Dataflow
Developers use Local Process with Kubernetes to run their local microservice versions within the context of the development Kubernetes cluster. Connecting to the cluster while debugging the service allows quick testing and development in the full application context.
Each microservice codebase uses a separate GitHub code repository for source control.
GitHub Actions builds the microservice container images and pushes them to Azure Container Registries. GitHub Actions also update the latest tag of repositories for continuous integration (CI), or tags repositories for release.
GitHub Actions automated testing generates work items for Azure Boards, making all work items manageable in one place.
Visual Studio Code extensions support Azure Boards and GitHub integration. Associating Azure Boards work items with GitHub repos ties requirements to code, driving the development loop forward.
Commits merged into the integration branch trigger GitHub Actions builds and Docker pushes to the DevTest container registries. Each microservice has its own repository in Container Registries, paralleling the GitHub repositories. CI builds are tagged with latest, representing the most recent successful microservice builds.
Azure Pipelines runs the Kubernetes
applycommand to trigger deployment of the updated Container Registry images to the DevTest Kubernetes clusters. Azure can authenticate AKS to run unattended Container Registry pulls, simplifying the continuous deployment (CD) process.Azure Pipelines uses Azure Key Vault to securely consume secrets like credentials and connection strings required for release and deployment configurations.
When a version of the application is ready for quality assurance (QA) testing, Azure Pipelines triggers a QA release. The pipeline tags all appropriate images with the next incremental version, updates the Kubernetes manifest to reflect the image tags, and runs the
applycommand. In this example, while a developer may be iterating on a service in isolation, only builds integrated via CI/CD are moved over to deployment.After testing has approved a version of the service for deployment, GitHub Actions promotes a release from the DevTest Container Registry to a Production Container Registry. GitHub Actions tag the images with the appropriate version and pushes them into the Production Container Registry, following container registry best practices.
Azure Pipelines creates a release to Production. The pipeline imposes approval gates and pre-stage and post-stage conditions to protect the Production environment from inadvertent or incorrect deployment.
The application uses Azure Cosmos DB for its globally distributed database tier.
All services and environments report metrics to Azure Monitor.
In this solution, a single Azure Active Directory (Azure AD) manages identity for both the DevTest and Production subscriptions. Azure role-based access control (Azure RBAC) restricts access to protected resources, preventing unauthorized or inadvertent modification of Production resources. Developers don't have the same access control levels in Production as in their DevTest sandboxes.
Components
Azure DevTest Labs provides labs that have all the necessary tools and software to create environments. Developers can efficiently self-manage resources without waiting for approvals. With DevTest Labs, teams can control costs and regulate resources per lab, granting developers permission and flexibility to operate their sandboxes within cost constraints.
GitHub is a code hosting platform for version control and collaboration. A GitHub source-control repository contains all project files and their revision history. Developers can work together to contribute, discuss, and manage code in the repository.
GitHub Actions provides a suite of build and release workflows, covering CI, automated testing, and container deployments.
Azure Boards is a service for managing work for software projects. Azure Boards brings a rich set of capabilities including native support for Scrum and Kanban methodologies, customizable dashboards, and integrated reporting.
Azure Pipelines is a fully featured CI/CD service that can automatically deploy updated Container Registry images to Kubernetes clusters.
Azure Key Vault securely stores and tightly controls access to secrets like API keys, passwords, and certificates. For more information about Key Vault in DevOps scenarios, see DevSecOps on AKS and DevSecOps in GitHub.
Azure Container Registry supports building, storing, and managing container images and artifacts in private registries for all types of container deployments.
Azure Kubernetes Service makes it simple to deploy managed Kubernetes clusters by offloading much of the complexity, responsibility, and operational overhead to Azure.
Azure Active Directory (Azure AD) enterprise identity platform provides single sign-on and multifactor authentication to govern user access. A single Azure AD can manage identity for all environments across subscriptions. Azure role-based access control (Azure RBAC) restricts access to protected resources, preventing unauthorized or inadvertent modification of production resources.
Azure Cosmos DB is a fully managed, widely distributed database-as-a-service that supports high availability, multi-region applications, and both SQL and NoSQL APIs. Azure Cosmos DB includes DevTest features like a local Azure Cosmos DB emulator that integrates with Azure DevOps, and low-cost tiers for managing costs in DevTest sandboxes.
Azure Monitor can monitor both Production and DevTest environments. Azure Monitor collects log data from VM operating systems and crash dump files, and aggregates them for viewing in Microsoft Defender for Cloud.
Alternatives
Azure Repos is an alternative to GitHub for Git repository hosting. With Azure Repos, Azure Boards, and Azure Pipelines, all Azure DevOps Services use the same portal and user interface, consolidating the services developers need for DevOps activities.
Some integrations available in Azure Pipelines, such as service connection or authentication directly into the Azure backbone, don't currently exist in GitHub Actions. For these needs, consider using Azure Pipelines instead of GitHub Actions for CI and build activities.
In a widely distributed system, there are benefits to separating microservices into individual repositories. Separation of ownership and permission is simpler, and projects in different languages are easier to maintain than with a single repository. However, in solutions with fewer microservices all in the same language or runtime, maintaining a single Git repository for the project may be easier.