A demo project to deploy an AKS cluster, ACR, build and deploy sample Nodejs Express web application for a multi-tenant environment.
- Complete prerequisites for enabling Microsoft Defender for Containers
- Complete prerequisites for enabling KEDA
git clone <URL of this repo>
Create a service principal with the az ad sp create-for-rbac command in the Azure CLI. More details
az ad sp create-for-rbac --name "<sp_name>" --role contributor --scopes /subscriptions/<subscription_id> --sdk-auth
Copy the jason output similar to below and paste in GitHub Actions secret with the name AZURE_CREDENTIALS
{
"clientId": "<GUID>",
"clientSecret": "<GUID>",
"subscriptionId": "<GUID>",
"tenantId": "<GUID>",
(...)
}
Make customizations in workflows, ARM templates or app code if necessary.
Run this workflow once to provision AKS, ACR, and build/push the application container image. Tis workflow:
- Deploys AKS with
- Public api server endpoint
- Enable rbac
- Enable load balancer "standard" for public services
- Enable "azure" cni and network policy
- Enable container insights
- Enable Microsoft Defender for Containers.
- Enable Open Service Mesh
- Deploys ACR
- Builds and pushes the image to ACR
Run this workflow as many times as needed whenever an new tenant is onboarded. This workflow:
- Creates a kubernetes namespace for the tenant
- Applies namespace based resource quota for the tenant
- Applies network policy to isolate namespace from other tenant namespaces
- Pull the application from ACR and deploy to tenant namespace
No SLA. Continuous development. Use at your own risk. Please read License.
Contribution are welcome.
Copyright © 2023.
This document is open source software licensed under the Apache License 2.0 license.