The following schema represent the architecture wanted to deploy the Azure voting app on a production workload.
When you deployed an AKS, by default Azure will add a new resource group on our subscription composed with:
- Network Security Group
- Managed Identities
- Virtual Machine Scale Set
- Public IP
- Load Balancer
Keyvault will be used to store Redis secrets, such as the redis_passwd
Container Registry will be used to store the Docker Image built
The managed identities will be used to allow instances running under the VMSS to have rights to get secrets from Keyvault and being allowed to pull an image from the ACR
| Name | Version |
|---|---|
| terraform | >=1.3.9 |
| azurerm | >=3.47.0 |
| helm | >=2.9.0 |
| Name | Version |
|---|---|
| azurerm | 3.50.0 |
| helm | 2.9.0 |
| Name | Source | Version |
|---|---|---|
| network | /Users/joffrey.dupire/Documents/Terraform/Modules/azure_resource_group | n/a |
| Name | Type |
|---|---|
| azurerm_kubernetes_cluster.aks | resource |
| helm_release.cert_manager | resource |
| helm_release.nginx_ingress | resource |
| helm_release.redis | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| aks_node_pool_config | n/a | map |
{ |
no |
| location | Azure Region name | string |
"westeurope" |
no |
| name | Generic name, enter your name to identify your resources | string |
n/a | yes |
| subnet_config | Multi az deployment for subnets | map |
{ |
no |
| tags | Tags to identify resources in billing mostly | map(any) |
{} |
no |
| Name | Description |
|---|---|
| client_certificate | n/a |
| kube_config | n/a |
az ad sp create-for-rbac --name "Joff-sp" --role contributor \
--scopes "/subscriptions/a1f74e2d-ec58-4f9a-a112-088e3469febb/resourceGroups/terraform" \
--sdk-auth