Search code examples
azurenetwork-programmingazure-api-managementazure-container-service

Is it possible to use Azure API Management and Azure ACS (kubernetes) as frontend and backend?

I would like to create a simple architecture on Azure. My high level design is very similar to the picture below (source: https://www.import.io/post/using-amazon-lambda-and-api-gateway/)

enter image description here

I do want to access the internal services via the Azure API Management. What I can see on Microfos documentation page is that this simple and secure architecture is not mentioned as a reference:

https://learn.microsoft.com/en-us/azure/container-service/container-service-kubernetes-walkthrough

enter image description here

I have the following issues:

  1. API Management cannot be assigned to a Virtual Network if there is at least one NIC is using the same network (why?)
  2. Even with peered Virtual Networks I cannot access 10.244.X.0/24 network (pods' network) because only 10.240.0.0/16 is owned by the k8s Virtual Network. How can I access cluster ips (10.0.0.0/16) and pod ips (10.244.0.0/16)?
Solution

  • Well, you don't need an Extra VNET, but just an extra Subnet. That Subnet could lie within your existing VNET. The Size of Subnet can be the smallest /29 which Azure supports.

    The Extra Subnet requirement for API Management comes from the fact, that it is built on PAAS V1 (Classic) technology. While we can deploy into a Resource Manager VNET (V2 layer), there are consequences to that. The Classic deployment model in Azure are not tightly coupled with Resource Manager model and so if you create a resource in V2 stuff, the V1 doesn't know about it and problems can happen such as API Management trying to use an IP that is already allocated to a NIC (built on V2).

    To learn more about difference of Classic and Resource Manager models in Azure refer to blog difference between Classic and ResourceManager models