You plan to deploy 10 applications to Azure. The applications will be deployed to two Azure Kubernetes Service (AKS) clusters. Each cluster will be deployed to a separate Azure region.
The application deployment must meet the following requirements:
-> Ensure that the applications remain available if a single AKS cluster fails.
-> Ensure that the connection traffic over the internet is encrypted by using SSL without having to configure SSL on each container instance.
Which Azure service should you include in the recommendation?
Click on the arrows to vote for the correct answer
A. B. C. D.A
Azure Front Door enables you to define, manage, and monitor the global routing for your web traffic by optimizing for best performance and instant global failover for high availability. With Front Door, you can transform your global (multi-region) consumer and enterprise applications into robust, high-performance personalized modern applications, APIs, and content that reaches a global audience with Azure.
Front Door works at Layer 7 or HTTP/HTTPS layer and uses anycast protocol with split TCP and Microsoft's global network for improving global connectivity.
Incorrect Answers:
B: Azure Traffic Manager uses DNS (layer 3) to shape traffic. SSL works at Layer 6.
Azure Traffic Manager can direct customers to their closest AKS cluster and application instance. For the best performance and redundancy, direct all application traffic through Traffic Manager before it goes to your AKS cluster.
https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overviewThe recommendation should include AKS ingress controller (Option D).
Explanation:
The AKS ingress controller is a Kubernetes resource that manages external access to the services in a cluster. It allows traffic to be routed to the correct service endpoints and can provide features such as SSL/TLS termination and load balancing.
To meet the requirement of ensuring that the applications remain available if a single AKS cluster fails, the recommendation should include deploying the applications to two AKS clusters in separate Azure regions. Using an ingress controller, such as the AKS ingress controller, allows traffic to be routed to the correct cluster, ensuring that the applications remain available even if one cluster fails.
To meet the requirement of encrypting the connection traffic over the internet using SSL without having to configure SSL on each container instance, the AKS ingress controller can provide SSL/TLS termination. This means that the SSL connection can be terminated at the ingress controller, and the traffic can then be forwarded to the container instances unencrypted. This allows the SSL configuration to be managed centrally, rather than having to configure SSL on each container instance.
Azure Front Door (Option A) is a global load balancer and application delivery network service that can provide features such as SSL/TLS termination and web application firewall. However, it is not specifically designed for managing traffic to Kubernetes clusters and does not provide native integration with AKS.
Azure Traffic Manager (Option B) is a DNS-based traffic load balancer that can distribute traffic across multiple endpoints, such as Azure VMs, Azure App Services, and external endpoints. While it can provide features such as SSL/TLS termination, it does not provide native integration with AKS.
Azure Load Balancer (Option C) is a Layer 4 load balancer that can distribute traffic across multiple VMs or virtual machine scale sets. While it can provide load balancing for AKS clusters, it does not provide features such as SSL/TLS termination or native integration with Kubernetes.