This project contains sources to build an hub and spoke infrastructure on Azure with multiple AKS environments.
The archirecture is built upon an hub and spoke network topology.
These tools must be present in your environment to execute the different stacks of the project:
You can build a Docker base image including all these requirements in order to guarantee that all team members and your CI tool use exactly the same environment to work with the project.
In this example project each stack get its own dedicated Resource Group.
Depends on your way of working, you may prefer having the backend Account Storage and Key Vault in a same
Common
resource group, or in thehub
resource group. Maybe you haven't enough permissions to create Resource Group in your subscription and someone else from IT team will provide them to you. In these different use cases you will have to adapt the code a little bit to feet your needs.
Setup Service Principal for Terraform
Terraform needs a shared storage to store state files. In Azure, stores the state as a Blob with the given Key within the Blob Container within the Blob Storage Account. This backend also supports state locking and consistency checking via native capabilities of Azure Blob Storage.
Create the terraform backend if it doesn't already exists
Infrastructure stacks often need a secret manager and this corresponds to good practices tu use one. So we will provision an Azure Key Vault before building the hub and spoke infrastructure.
This stack create the Key Vault itself but will also be responsible for maintaining permission delegations to users, groups and applications of the company to consume or manage secrets, keys and certificates.
Deploy the Key Vault if it doesn't already exists
The infrastructure is divided in two different terraform stacks containing resources which will have different lifecycle:
aks
- implements an AKS environment
- use terraform workspace to manage multiple environments with their specificities
hub
- implements the hub containing cross environment components like:
- connectivity with Internet or DC
- eventually a Bastion
- DNS resources
- implements the hub containing cross environment components like:
Follow these instruction to create an AKS environment
Follow these instruction to create the hub
Get the public IP of the Application Gateway. Access the demo app deployed in the dev environment from your host by requesting the public IP of the Application Gateway:
$ curl -H "Host: dev.linkbynet.com" 20.74.8.233
<title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style>
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to
nginx.org.
Commercial support is available at
nginx.com.
Thank you for using nginx.
---You have built a first version of an hub and spoke infrastructure for your AKS environements. Obviously there are still things to add and maybe some things need to be adapted to your specific context, but this is a first basis for work.