| Name | Version |
|---|---|
| terraform | 0.13.4 |
No providers.
| Name | Source | Version |
|---|---|---|
| aks | ./modules/aks | n/a |
| helm | ./modules/helm | n/a |
| networking | ./modules/networking | n/a |
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | name variable for all naming resources | string |
n/a | yes |
No outputs.
ARCHITECTURE DIAGRAM:
Architecture Summary:
To host the microsites and integration pipelines, we will deploy the following components using Terraform:
- Compute: we'll set up the Azure Kubernetes Cluster (AKS) in the AKSsubnet without exposing it to the public. This decision was made because Kubernetes clusters are cloud-agnostic and can be used to run workloads on any public cloud and future proof architecture.
- Database: I have chosen PAAS Private Azure PostgreSQL leverage the maintenance overhead like update and patching and it also available in all public cloud provider.
- Load Balancer: I have architected with azure front door as load balancer since the requirement. employees are from global. AFD supports Web Application Firewall to prevent it from vulnerability like SQL injection etc.,
- Security: Architected with private AKS cluster, Private Azure Postgressql and will have NSG on AKSSubnet level to deny the insecure traffic and Azure firewall to control the egress traffic both layer 4 and Layer 7.
- Security II: I have architected with site 2 site connected to office onprem network. It will became the private site, it can only be accessed by employees who are connected to the office network
- CI: I will choose the Jenkins as CI & CD solution. The Jenkins can be hosted in same AKS cluster and also, it's cost optimized and cloud agnostic solution.