Accelerate migration from Pivotal Cloud Foundry to Azure Kubernetes
Feb 15, 2023 • 7 min read
Modern cloud providers offer compelling opportunities to modernize IT infrastructure and gain operational efficiency through DevOps, containers, and cloud-native design practices. However, migration to the cloud can be quite challenging.
Those who join the cloud movement soon realize that there are a lot of moving parts that have to be managed separately and then coordinated to achieve the desired results. This eventually leads to the understanding that although the cloud allows the implementation of a lot of interesting techniques, it is merely a tool, not a solution. And as with any other instrument that leverages new technologies, the key to success lies in the careful planning and design of your future platform.
In this blog, we describe the steps you can take to migrate from Cloud Foundry to Microsoft Azure in a matter of days using the Pivotal Cloud Foundry to Azure Kubernetes Migration Starter Kit we have developed.
Step 1: Building a strong foundation with a microservices platform
If you want to accomplish the goal of going mainstream by running containerized applications in the cloud, the most popular platform for doing so is Kubernetes. It comes in many flavors and is available as a managed service offering from all major cloud providers.
However, it is often jokingly stated that “one cannot simply put a container in Kubernetes and expect it to work”. As soon as you try to carry out such a “container drop”, you will find yourself facing dozens of questions that need to be addressed at once. Answering them one by one will help you define the target state of your cloud environment before you even start deploying any applications with business logic.
The interesting fact about a microservices platform is the fact that technology-wise there is no “holy grail” for every placeholder. The market offers multiple solutions that can be matched to different workload specifics, required external integrations, adoption complexity, or even team preferences.
Yet, the general architecture always stays the same. It can be implemented on top of any modern cloud, or even on-premise infrastructure. With a focused selection of DevOps and operational technologies, it can even be made portable enough to fit the concept of a true multi-cloud solution, although in practice this is rarely required.
Cloud migration starter kit vs. custom solution
The process of cloud migration encompasses a lot of steps, including the creation and implementation of a platform blueprint, along with determining the technology for each box. This typically takes anywhere between one and three months, depending on a particular toolset, as well as the capacity of the development team. Only after you are done with this preliminary step can you finally start to move applications over.
Repeating this process from scratch is neither exciting nor efficient. Especially when it isn’t even factored into the plan for the platform to become a live system, which requires additional features like IaC and CI/CD pipelines, deployment orchestration, etc.
Fortunately, there is a better way. The reusable reference implementation we have developed allows you to focus on business applications from day one.
The Pivotal Cloud Foundry to Azure Kubernetes Migration Starter Kit comprises a set of “plumbing” snippets aimed at accelerating cloud ecosystem buildout. It comes with the ability to revisit, fine-tune, or even replace some components later on to meet operational requirements. This results in accelerated time-to-market with little to no disruption on the way to a wider business ecosystem, and much simpler change management control.
Step 2: Facilitating migration from PCF
To illustrate a practical use case for our microservices platform, we developed the idea of using it for particular migration scenarios. Here we are going to talk about migration from Pivotal Cloud Foundry (PCF) to Azure Kubernetes Services (AKS).
PCF, which is also known as VMware Tanzu Application Service, is one of the top choices for our clients. It offers a wide range of pre-configured components which contributes to its popularity.
At the same time, some customers find it quite restrictive in terms of customizability and scalability. Since they don’t want to start from the ground up, they look for ways to future-proof their business by leveraging modern-day technologies for their legacy workloads, and cutting down on licensing costs.
Accepting Azure
Those of our customers who seek guidance during their digital transformation journey often choose Azure as a primary platform for building their business. Here are the main drivers behind this decision:
-
Azure Active Directory
This is a built-in feature that enables tenant management for your organization at every level, from on-premise to namespace-restricted access in AKS or access to VDI. It makes the cloud look like a tree with all branches in full view, providing complete control over governance and security. -
Resource management abstractions
This feature offers a unique way of resource management, providing organization-wide visibility and separation of concerns based on the current workload. With three layers of resources supporting inheritance, you get full control over who can do what, regardless of whether you are trying to authorize a user or application. -
Wide range of options
Many solutions provided by Azure are not only easy to deploy, but also enable a high level of flexibility. They are made in such a way as not to bother engineers with unnecessary levels of abstraction. -
Evolving best practices
“How we should manage our IT infrastructure” is a big question in the tech world. It’s much easier to deal with it when you can get assistance from people who are developing, implementing, supporting, and improving many large enterprise solutions daily. These include experienced tech professionals who have Azure certifications in different areas and levels, as well as Azure engineers who work on cloud evolution every day and can share their vision of these tools supplemented by a plethora of additional materials, best practices, courses, and more.
Azure is one of the best cloud providers and we can talk endlessly about its features; however, let’s jump into the details of PCF to AKS migration and see how it helps starter kit adopters to achieve their goals.
Installing and implementing the starter kit
Implementation of the starter kit is a threefold process centered around the platform, continuous integration, continuous delivery (CI/CD), and migration.
One of the important parts of PCF migration is to choose the type of journey you will take:
-
Lift and shift
Out-of-the-box support with tools that don’t require additional actions with application code. Your application build is simply extended with a pre-defined set of actions, making the build of containers easy. The CD part is managed separately, so no interference with the current flow is necessary. -
Retire
New applications are built in place of old ones with the implementation of best security and code practices to ensure that they are more resilient, fast, and ready for enhancements. Because this set of applications is new and can be created using a larger variety of modern tools, it is necessary to ensure that they are built, delivered, and examined using best practices.
Platform
The platform is your target environment. It’s a place where all workloads are running, and all objects should coexist together, making security the top priority. For this reason, several important Azure => Kubernetes integrations are leveraged:
-
Managed identities
This feature provides an automatically managed identity in Azure Active Directory (Azure AD). Applications can use them to connect to resources, support Azure AD authentication, or to obtain Azure AD tokens. -
PrivateLink
This function grants access to Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure-hosted customer-owned/partner services, without exposing your service to the public internet. Azure Key Vault is one of the major management solutions in Azure. It helps to tackle the issues related to secrets management, key management, and certificate management. -
Azure AD migration
Integrating all your software with Azure AD offers fine-grained access to cloud and Kubernetes resources based on groups created and managed in Azure AD, with complete control over APIs available to users or groups when they traverse through the platform.
CI/CD
Managing continuous integration (CI) tools is a tough challenge. There may be some roadblocks related to the vague definition of responsibilities, inaccurate estimation of needs, and even lack of expertise required for the successful implementation of CI.
The CI/CD component of the accelerator can be adopted from our library or custom-made using a set of curated libraries and flows. It offers a plethora of tools that can help you further your digital transformation journey.
When paired with our expertise, these tools will maximize your efficiency, facilitating the efficient delivery of the entire application to your customers. To achieve that, our starter kit includes:
- Generation of charts and manifests for CD applications;
- Pipelines as Code using shared libraries for all teams;
- Library of pipelines for different CI tools;
- Best practices in CI/CD usage.
Migration
The migration process can be distilled into the following steps:
- The Cloud Foundry (PCF) organization is analyzed using conversion tools. These tools leverage PCF API to detect all microservices and/or parts that the target application stack comprises. They also look up all CF-native services that the application is connected to. The two lists created in the process, with application parts and CF-native services, are then converted into configuration files for further usage.
-
The generated configuration files can be enriched with external data, like additional role mappings for AD users, mapping between CF and AD users, or Git repositories with application source code.
This stage also includes replacing PCF’s organization and spaces with Kubernetes namespaces. The transition is done with the persistence of the same user access level based on pre-defined sets of namespace roles, which are fully adjustable to higher or lower user access to APIs.
Here you can also define cloud access to allow enough time for all responsible teams to learn how to operate the new platform. - Then the Kubernetes manifests for the detected applications are generated so that ArgoCD knows what features have to be deployed. This allows us to get all additional application configuration options, variables, and settings ready to go with one script run.
- Next, infrastructure deployment starts. The starter kit’s automation mechanism maps CF-native services to corresponding Azure-based counterparts (unless new features are required). At the same time, secrets are replaced with new Azure-based service credentials using Azure Key Vault.
- During the provision stage, our starter kit uses its own ExternalSecretes add-on. This software leverages information on bounded services from Cloud Foundry and data on Azure-based services from Azure Key Vault to create Kubernetes secrets. Since these secrets look like the VCAP_SERVICES variable to Cloud Foundry applications, you won’t need to change the application code.
- The applications are up and running in AKS!
At this point, all applications become part of lift and shift migration, available for traffic and ready for any kind of enhancements.
Migrating from PCF to Azure: Conclusion
While migration is a complicated and tedious process, the results can turn out to be a game changer for you, your teams, and your customers.
Are you ready to go down this route? Feel free to contact us and we will guide you through your digital transformation journey.