This Enterprise-grade Architecture is based on this link:

https://docs.microsoft.com/en-us/samples/azure-samples/private-aks-cluster-terraform-devops/private-aks-cluster-terraform-devops/

o get our hands dirty we need to try it out by provisioning it on our own Azure Account. This Cloud Architecture will be implemented on a Azure: a mono-public cloud provider.

The project is structured by:
1. Discussing the important concepts to get started.
2. Discuss the architecture components.
3. Steps to provision the architecture.
4. Discuss the advantages and disadvantages of the model ~ as per documentation.
5. My personal opinion to the model ~ as per my own observation. (Monitoring, Cost and Improvements).

---

1. Discussing the important concepts to get started.

   A. Tools

   Terraform is a tool used to build architecture on cloud providers in repeatable and efficient way. Same with pulumi and cloudformation. In any case, Terraform is preferred because it has a wider community and several reference architectures that can be deployed.
   (Similar Tools: Pulumi and CloudFormation)

   Kubernetes is a container orchestration tool and sometimes I call it as a "mini vpc running on computing instances." Aside from it managing the lifecycle of containers, it is also a great networking tool to create boundaries for access via the defined rules on each resource. Also, a load balancer itself (when running on cloud providers).
   (Similar Tools: Amazon ECS, Docker Swarm, Hashicorp's Nomad , RedHat Openshift, Apache Mesos)

   Azure DevOps is an Azure-native tool use to engage teams in all-in-one pack agile development. Also it can be easily integrated with native Azure resources. A CI/CD Solution to help deploy solution across multiple or single environments.
   (Similar Tools: Gitlab, Jenkins, TeamCity, AWS CodePipeline, CircleCI and JIRA softwares)

B. Project Use Case

Use Case: Why Use a Private Kubernetes Cluster?
- Data Compliance. Your data will not leak outside of 3rd party services.
- Reducing Attack Surface. Since traffic only remains on your private network, then access to the API Control Plane will be blocked by an outside attacker.

Use Case: Why use a pipeline such as Azure DevOps in provisioning a resource?
- Traceability and Version Control. It would allow an organization to easily rollback in case things go south.

C. Methods to have a Private Kubernetes Cluster.

1. Create an Internal Ingress Controller that maps to a private IP.
2. White List IP Addresses that are allowed to connect via your cluster.
3. In Azure, you can use Azure Private Link.

D. Accessing a Private Kubernetes Cluster.

1. Provision a VM on the same VNET as the AKS Cluster.
2. (We will use this) A VM on a separate network using Virtual Network Peering.
3. Using an express route or a VPN connection.

---

2. Discuss the architecture components.
- Hub VNET
- Spoke VNET

(Read) The architecture is composed of the following elements... (until) Considerations

---

3. Steps to provision the architecture.

- It needs to be deployed via Azure DevOps Pipeline. Not using Manual Method. Check the video below to get started: (Azure DevOps Self-Hosted Agent not MS Hosted Agent)

• Create Azure DevOps Organization

---

1. Discuss the advantages and disadvantages of the model ~ as per documentation.

   (Read) Limitations and Conclusion Section

---

5. My personal opinion to the model ~ as per my own observation. (Monitoring, Cost and Improvements).

The model is easy to understand, with the principles of security on top.