Introduction
Azure Kubernetes Service (AKS) makes it simple to deploy a managed Kubernetes cluster in Azure. AKS reduces the complexity and operational overhead of managing Kubernetes by offloading much of that responsibility to Azure. This landing zone has Infra and Pipelines as Code templates to configure an AKS cluster for the enterprise.
Download the PowerPoint presentation covering the key topics of the AKS Landing zone by Sogeti community.
- AKS Cluster provisioning in a Vnet.
- Configured with Ingress for routing and optional Envoy for Mesh capabilities.
- When needed more AKS Node pools are provisioned
- AKS VNet configuration with NSG and Service Endpoints for connectivity.
- External connectivity via Azure App Gateway and Azure DNS.
- Optional an Azure Firewall can be added for additional security.
- Team has access via Kub proxy over SSH.
- RBAC via AAD configured on all access needs (roles).
- Azure portal and resources,
- ACR,
- Kub dashboard
- Storage resources, connectivity via Service Endpoints
- Azure resources for operational needs.
- Azure Automation for daily update check of Kub nodes.
- Azure Key Vault for secret management
- Monitoring and logging via OSS tools deployed and configured in a share service namespace
- Azure Container Registry for deployments.
- Sogeti CloudBoost library with reusable scripts, templates, pipelines and containers.
Related Azure Resources
| Resource | Description | Automation |
|---|---|---|
| Terraform AKS Advanced Landing zone | Setup an advanced AKS Landing zone on Azure by the AKS Sogeti community. | TerraformRoot |
| Terraform AKS Basic Landing zone | Setup a basic AKS Landing zone on Azure by the AKS Sogeti community. | TerraformRoot |
| Azure Simple Network Terraform module | Azure Network with a Subnet and NSG Terraform module by the AKS Sogeti community. | TerraformRoot |
| Terraform Remote State Storage | Setup a storage account on Azure and prep it for use as remote state storage by the AKS Sogeti community. | TerraformRoot |
| Azure Container Registry (ACR) with Terraform | Azure Container Registry (ACR) by the AKS Sogeti community. | TerraformModule |
| Azure Kubernetes Cluster with Terraform | Azure Kubernetes Service (AKS) by the AKS Sogeti community. | TerraformModule |
| Azure Application Gateway with Terraform | Azure Application Gateway by the AKS Sogeti community. | TerraformModule |
| Azure Firewall Terraform module | Azure Firewall Terraform module by Sogeti community. | TerraformModule |
| Azure NSG with Terraform | Azure NSG by the AKS Sogeti community. | TerraformModule |
| Azure NetworkWatcher with Terraform | Azure NetworkWatcher by the AKS Sogeti community. | TerraformModule |
| Azure PublicIP Terraform module | Azure PublicIP Terraform module by Sogeti community. | TerraformModule |
| Azure Resource Group Terraform module | Azure Azure Resource Group Terraform module by the AKS Sogeti community. | TerraformModule |
| Azure Route with Terraform | Azure Route by the AKS Sogeti community. | TerraformModule |
| Azure RouteTable with Terraform | Azure RouteTable by the AKS Sogeti community. | TerraformModule |
| Azure Service Principal name Terraform module | Create an Azure Service Principal Name by the AKS Sogeti community. | TerraformModule |
| Azure Storage Account Terraform module | Azure Storage Account Terraform module by the AKS Sogeti community. | TerraformModule |
| Azure Storage Container Terraform module | Azure Storage Container Terraform module by the AKS Sogeti community. | TerraformModule |
| Azure subnet with Terraform | Azure subnet by the AKS Sogeti community. | TerraformModule |
| Azure Subnet RouteTable Association with Terraform | Azure Subnet RouteTable Association by the AKS Sogeti community. | TerraformModule |
| Azure VNet with Terraform | Azure Subnet RouteTable Association by the AKS Sogeti community. | TerraformModule |
| Azure virtual-network-gateway with Terraform | Azure virtual-network-gateway by the AKS Sogeti community. | TerraformModule |
| Azure VNet Peering with Terraform | Azure VNet Peering by the AKS Sogeti community. | TerraformModule |
| Azure VNet Peering with Terraform | Azure VNet Peering by the AKS Sogeti community. | TerraformModule |
Related Pipelines
| Resource | Description | Type |
|---|---|---|
| Azure Kubernetes landing zone provisioning by AKS community | Provisioning AKS Landing zone. |
Components
TO DO
Container Registry
Identity
Virtual network
Monitor
Security
Load balancer
Storage
Automation
TO DO
Deploy and update AKS cluster
Deploy and update Container
Implementation differences per use case
TODO
Financial
Retail
Manufacture
Industry references
- Azure Kubernetes Service (AKS)
- Building microservices on Azure
- Microservices architecture on Azure Kubernetes Service (AKS)
- Azure solution architectures
- Microsoft patterns & practices
Community resources
- Capgemini Yammer: Docker, Kubernetes, Openshift/OKD, Fabric8
- Capgemini Yammer: Kubernatives
- Capgemini Yammer: Container Platform Community
- Azure Advisors Yammer: Kubernetes Advisors
Learning resources
- Kubernetes Learning Path
- AKS Expert Team learning resources page
- Considerations when running private AKS cluster
- Kubernetes - The hard way
Handy Tools
- Kuberang - A command-line utility for smoke testing a Kubernetes install
- Kuberctx and Kubens - Command-line utilities for switching clusters and namespaces. Handy when you manage multiple clusters