You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/api-management/api-management-kubernetes.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: Use API Management with Microservices Deployed in AKS | Microsoft Docs
3
-
description: Learn about using Azure API Management to publish microservices-based architectures that are deployed in AKS as APIs.
3
+
description: Learn about options for using Azure API Management to publish microservices-based architectures that are deployed in AKS as APIs.
4
4
services: api-management
5
5
author: dlepow
6
6
manager: cfowler
@@ -61,7 +61,7 @@ Pros:
61
61
62
62
Cons:
63
63
* Creates potential security risk because of public visibility of endpoints
64
-
*Does not create a single entry point for inbound cluster traffic
64
+
*Doesn't create a single entry point for inbound cluster traffic
65
65
* Complicates microservices with duplicate authentication logic
66
66
67
67
### Option 2: Install an ingress controller
@@ -73,7 +73,7 @@ Mutual TLS authentication is [natively supported](./api-management-howto-mutual-
73
73
:::image type="content" source="./media/api-management-aks/ingress-controller.png" alt-text="Diagram that shows an architecture for publishing via an ingress controller." border="false" lightbox="./media/api-management-aks/ingress-controller.png":::
74
74
75
75
Pros:
76
-
* Enables easy configuration on the API Management side because API Managment doesn't need to be injected into the cluster virtual network and mTLS is natively supported
76
+
* Enables easy configuration on the API Management side because API Management doesn't need to be injected into the cluster virtual network and mTLS is natively supported
77
77
* Centralizes protection for inbound cluster traffic at the ingress controller layer
78
78
* Reduces security risk by minimizing publicly visible cluster endpoints
79
79
@@ -91,7 +91,7 @@ In some cases, customers that have regulatory constraints or strict security req
91
91
92
92
There are two modes of [deploying API Management into a virtual network](./virtual-network-concepts.md): external and internal.
93
93
94
-
If API consumers don't reside in the cluster virtual network, you should use the external mode. (See the following diagram.) In this mode, the API Management gateway is injected into the cluster virtual network but accessible from the public internet via an external load balancer. This architecure helps to hide the cluster completely while still allowing external clients to consume the microservices. Additionally, you can use Azure networking capabilities like Network Security Groups (NSG) to restrict network traffic.
94
+
If API consumers don't reside in the cluster virtual network, you should use the external mode. (See the following diagram.) In this mode, the API Management gateway is injected into the cluster virtual network but accessible from the public internet via an external load balancer. This architecture helps to hide the cluster completely while still allowing external clients to consume the microservices. Additionally, you can use Azure networking capabilities like Network Security Groups (NSG) to restrict network traffic.
95
95
96
96
:::image type="content" source="./media/api-management-aks/vnet-external.png" alt-text="Diagram that shows an architecture that uses external virtual network mode." border="false" lightbox="./media/api-management-aks/vnet-external.png":::
0 commit comments