This folder contains Windows AKS secure baseline private cluster creation process. The architecture of the final deployment will look like the diagram below:
For more information about private clusters and why they are recommended, check out the Private cluster scenario in AKS Landing Zone Accelerator.
Core architecture components
- AKS Private Cluster
- Azure Virtual Networks (hub-spoke)
- Azure Firewall managed egress
- AKS-managed Internal Load Balancer
- Azure CNI
- Azure Keyvault
- Azure Container Registry
- Azure Bastion
- Azure Monitor for Containers
- Azure Firewall
- Azure Front Door
- Azure Application Proxy
- Group managed service accounts (GMSA)
- Secret store CSI driver
Follow the instructions below to deploy the AKS reference implementation.