Microservice HA deployment using multiple availability zones

Hi all,
I received the question if if is possible to deploy a custom microservice in a way, that it runs highly available in multiple hyperscaler availability zones. From my knowledge, the standard deployment uses only one instance which will lead to a temporary outage in case the underling K8S worker becomes unavailable.

Any advice on how to run critical services HA in c8y?

image906×332 8.94 KB

Control over separate availability zones is not possible currently. However we do recommend using replicas to run multiple instances of a single service. General aspects - Cumulocity documentation

Correct. Customers are advised to configure at least two replicas of Microservices. In case only one replica is configured, availability service-level agreements do not apply and Microservices outages may occur.

Maybe to clarify your question more in detail, because there are two aspects in it:

1. Availability zones

• Micro service instances/replicas are automatically scheduled to worker nodes. Worker nodes are automatically distributed over availability zones.
• If a worker node resp. an entire availability zone goes down, the micro services are rescheduled to an available node.
• You don’t have control over the process, but the requirement behind your question is fulfilled.

2. High availability

• As indicated in the other comments, your micro service should preferably be stateless and configured to use multiple replicas, so that they can be scheduled (see below) and upgraded without service impact.
• The examples in the documentation show this. You do have control over that part

Cheers,
André

Hi, I understood. One worker is running on a certain AZ. All replicas of a microservice are running on that worker. Meaning if the AZ goes down all replicas are down and have to be restarted together wir the worker on another AZ. Right?