Cloud Migration Case Study
Cloud Migration Case Study: From On-Premise Rancher Kubernetes to Azure AKS with APIM, ZeroTrust & GitOps
Project Overview
We successfully migrated the customer’s applications and services from an on-premise Rancher-based Kubernetes environment to Azure Kubernetes Service (AKS), while also modernising their deployment pipelines, adopting Helm and GitOps, introducing Azure API Management (APIM), and implementing Zero Trust security for API workloads.
Key Components of the Migration
1. Infrastructure Transformation
Migrated from on-premise Rancher to Azure Kubernetes Service (AKS).
Delivered scalable, resilient, and fully managed container orchestration on Azure.
2. Pipeline Modernisation
Rebuilt CI/CD pipelines using Azure DevOps.
Adopted Helm for Kubernetes deployment automation and configuration management.
Integrated with the customer’s existing Octopus Deploy to maintain continuity while enhancing capabilities.
3. GitOps Adoption
Moved to GitOps practices:
All deployments are now driven by changes in version-controlled repositories.
This provided improved traceability, change management, and rollback capabilities.
4. API Governance & Management with Azure APIM
Why Azure API Management (APIM)?
The customer required a unified, secure way to manage, expose, and govern internal and external APIs across multiple environments.
What We Delivered:
Designed and deployed Azure APIM with:
Multi-environment setup (dev, test, production).
Centralised API publishing with consistent governance policies.
Developer portal for internal and third-party consumers.
Enabled CI/CD-driven API management with automated promotion of API definitions and policies via Azure DevOps.
5. Zero Trust Security for API Workloads
Zero Trust Implementation Highlights:
Private Access to Azure APIM: We ensured that Azure APIM was deployed in internal mode with Private Link, making it inaccessible from the public internet.
Azure Application Gateway (App Gateway):
APIM was secured behind an Azure App Gateway with Web Application Firewall (WAF) capabilities.
This provided an additional layer of security, centralised SSL/TLS termination, and path-based routing.
Zero Trust Principles Applied:
No implicit trust: Only authenticated and authorised traffic could reach the APIs.
Least privilege: Access controls enforced at every layer—network, application, and identity.
End-to-end encryption was maintained throughout.
Integrated Azure AD-based authentication and managed identities for microservices where appropriate.
Security Benefits Delivered:
✅ APIs are no longer directly exposed to the internet.
✅ Consistent API policies including rate limiting, IP filtering, and threat protection.
✅ Central visibility over API access and telemetry via Azure Monitor and APIM Analytics.
Strategic Business & Technical Outcomes
Area | Before Migration | After Migration |
Infrastructure | On-prem Rancher Kubernetes | Azure AKS (Managed) |
Deployments | Basic templates, manual steps | Helm + GitOps + Azure DevOps |
Release Management | Octopus Deploy | Octopus integrated with Helm & CI/CD |
API Management | Ad-hoc, ungoverned | Centralised with Azure APIM |
Security | Perimeter-based security | Zero Trust model: Private APIM + App Gateway WAF |
Developer Experience | Limited automation | Full self-service via CI/CD and APIM developer portal |
Business Impact
✅ Agility & Speed: Faster feature delivery through modern pipelines.
✅ Security & Compliance: Robust Zero Trust architecture for APIs, addressing regulatory demands.
✅ Operational Efficiency: Reduced manual processes and improved consistency.
✅ Cost Optimisation: Cloud-native infrastructure with right-sized resources.
Next Steps & Opportunities
API Productisation: Expand external partner access with APIM-backed security.
Continuous Security Testing: Integrate DAST/SAST into the CI/CD pipelines.
Zero Trust Expansion: Apply the same principles to additional workloads (e.g., identity and data layers).
Our customers highly rate us.
