The ARM template provided in this folder can be used to create new AKS clusters into the online landing zones (i.e., no requirement for hybrid connectivity, nor connectivity to corp network).
The user/developer who's deploying this ARM template must be an Owner - or have Microsoft.Authorization/roleAssignments/write permission on landing zone subscription since a managed identity is being created and granted permission to the resources.
One of the design principles of Enterprise-Scale is to use Policy Driven Governance to ensure autonomy and a secure, compliant goal state for the Azure platform and the landing zones (subscriptions). When AKS and requisite resources are being deployed, these policies will ensure a compliant, secure, and governed AKS cluster.
By default, all recommendations are enabled and you must explicitly disable them if you don't want it to be deployed and configured.
- A new AKS cluster into a new or existing Resource Group in the online landing zone subscription
- Azure Policies that will enable autonomy for the platform and the landing zones.
- Azure Container Registry
- Kubenet default virtual network components (the cluster will not be able to connect to corp network)
- Container Monitoring enabled by Azure Monitor and Log Analytics. Create a new - or use an existing Log Analytics workspace for application observability. Note that platform related logs should be captured centrally and be enabled via Azure Policy.
| Landing zone | ARM Template |
|---|---|
| Online |  |