Deploy enterprise grade AKS environments
In this article, I will present an example of an enterprise grade Azure infrastructure, based on the hub and spoke model, with multiple AKS environments.
There is a lot of examples on Internet to learn how quickly build an AKS cluster on Azure but it is often without worrying about security or corporate integration concerns. It’s good for making some tests but not really made for production or usage at scale.
With this example, I propose to build an infrastructure with a dedicated AKS cluster for each of the environments while controlling service exposition and using a unique and secured public endpoint.
The public endpoint is implemented by an Azure Application Gateway which is a L7 load balancer, in this example it is also protected with a Web Application Firewall (WAF). The Vnet to which it belongs is also secured with DDOS protection.
Last thing before starting:
- Clone the project from github, the whole article will be based on it
- I use Terraform to provision resources. I work with different infrastructure providers and I really appreciate this tool because of its agnosticity.
- Commands are made for a Linux/MacOS execution platform
