A demo project to deploy an AKS cluster, ACR, build and deploy sample Nodejs Express web application for a multi-tenant environment.

• Complete prerequisites for enabling Microsoft Defender for Containers
• Complete prerequisites for enabling KEDA

git clone <URL of this repo>

Create a service principal with the az ad sp create-for-rbac command in the Azure CLI. More details

az ad sp create-for-rbac --name "<sp_name>" --role contributor --scopes /subscriptions/<subscription_id> --sdk-auth

Copy the jason output similar to below and paste in GitHub Actions secret with the name AZURE_CREDENTIALS

 {
    "clientId": "<GUID>",
    "clientSecret": "<GUID>",
    "subscriptionId": "<GUID>",
    "tenantId": "<GUID>",
    (...)
  }

Make customizations in workflows, ARM templates or app code if necessary.

Run this workflow once to provision AKS, ACR, and build/push the application container image. Tis workflow:

• Deploys AKS with
  • Public api server endpoint
  • Enable rbac
  • Enable load balancer "standard" for public services
  • Enable "azure" cni and network policy
  • Enable container insights
  • Enable Microsoft Defender for Containers.
  • Enable Open Service Mesh
• Deploys ACR
• Builds and pushes the image to ACR

Run this workflow as many times as needed whenever an new tenant is onboarded. This workflow:

• Creates a kubernetes namespace for the tenant
• Applies namespace based resource quota for the tenant
• Applies network policy to isolate namespace from other tenant namespaces
• Pull the application from ACR and deploy to tenant namespace

No SLA. Continuous development. Use at your own risk. Please read License.

Contribution are welcome.

Copyright © 2023.

This document is open source software licensed under the Apache License 2.0 license.