From legacy monoliths to [micro]services: design of an API gateway with centralized authentication

This thesis presents the architectural transformation of a legacy hospitality management system: pod.camp. The system was originally implemented as a layered monolithic architecture, organized into three main layers: front-end, back-end, and database. Over the last two years, the team and I have worked to transform the old architecture into a cloud-native microservices platform, deployed on Azure Kubernetes Services. The refactoring process started addressing the growing need for scalability, maintainability, and seamless integration of new and old “satellite” services within the pod.camp ecosystem, which serves campsites. As part of the modernization effort, the legacy application was migrated to .NET Core 8, a long-term supported version of a cross-platform and open-source framework. The two main monolithic components were “containerized” to support consistent and portable deployments across development and production stages. To ease the deployment process within Kubernetes, we developed custom Helm charts encapsulating configuration, resource definitions, and environment-specific parameters. This approach facilitated reproducible and multiple environment deployments, simplified versioning, and enabled integration into Azure DevOps CI/CD pipelines. In the last months, the team and I worked on the idea of decoupling authentication logic from back-end services, deploying an API Gateway. This approach enables centralized identity management, simplifies multi-tenancy management, and enhances security across the platform. Security considerations are deeply integrated into the design, with support for OAuth2, JWT, and OpenID Connect protocols, ensuring robust access control and compliance with industry standards. The evaluation of implementation leverages tools such as Kong, Apache APISIX, and OIDC-compatible IdP, and includes a detailed analysis of authentication flows, token management, and permission handling. The results demonstrate how a legacy system can be effectively modernized to meet the demands of a dynamic, cloud-native environment, laying the foundation for future expansion and innovation within the pod.camp platform.