Basic components configuration
Specific resources used in the infrastructure:
1. Kubernetes Services (AKS):
- Description: Kubernetes Services in Azure provide managed Kubernetes clusters for deploying and managing Aos applications.
- Amount of resources: 1
- Purpose: Aos applications environment
- Configuration:
- Version: v1.23.15
- Kubernetes node virtual machines size: Standard_DS2_v2, 2 CPU, 7GB RAM
- Kubernetes node OS disks size: 120GB
- Private Kubernetes Cluster API server: Enabled
- The maximum number of pods that can run on each agent: 200
- Network plugin to use for networking: azure
- Sets up network policy to be used with Azure CNI: azure
- Availability Zones across which the Node Pool should be spread: ["1", "2", "3"]
- Kubernetes Auto Scaler be enabled: true
- OMS Agent Enabled: true
- Integrated with container registry: true
2. Azure Database for PostgreSQL Servers:
- Description: Azure Database for PostgreSQL is a fully managed, scalable, and secure database service for PostgreSQL in Azure.
- Amount of resources: 1
- Purpose: Aos applications database
- Configuration:
- Version: 11
- PostgreSQL server size: GP_Gen5_2, General Purpose, 2 vCore(s), 10 GB
- The backup retention period in days: 7 days
- GEO redundancy backup: true
- PostgreSQL Servers auto grow: true
4. Storage Accounts:
- Description: Azure Storage Accounts provide a secure and scalable cloud storage solution for various types of data, including files, blobs, tables, and queues.
- Amount of resources: 3
- Purpose:
- Terraform tfstate files storage
- Kubernetes Velero backups storage
- Aos application storage:
- Services and layers (SOTA)
- Updates (FOTA)
- Logs
- Configuration:
- Account tier: Standard
- Access tier: Hot
- Replication type: Geo-redundant storage (GRS)
- Blob public access: Disabled
- Network rules: defined in Terraform script IP addresses and networks
5. Virtual Machines:
- Description: Azure Virtual Machines offer scalable computing resources in the cloud, allowing you to run various operating systems and applications.
- Amount of resources:
- Static Virtual Machines: 2 (Optional)
- Dynamic Virtual Machines: 1+Purpose:
- Static Virtual Machines intended for CI/CD and OpenVPN cluster private access
- Dynamic Virtual Machines intended for the units queue management
- Configuration:
- CI/CD Virtual Machine:
- Virtual Machine size: Standard D2s v3 (2 vcpus, 8 GiB memory)
- Public IP: none
- OS: Linux (ubuntu 20.04)
- OS disk:
- Size: 30GB Premium SSD LRS
- Encryption: SSE with CMK
- OpenVPN Virtual Machine:
- Virtual Machine size: Standard B1ms (1 vcpus, 2 GiB memory)
- Public IP: dynamic
- OS: Linux (ubuntu 20.04)
- OS disk:
- Size: 30GB Standard HDD LRS
- Encryption: SSE with CMK
- Message queue Virtual Machine:
- Virtual Machine size: Standard DS1 v2 (1 vcpus, 3.5 GiB memory)
- Public IP: dynamic
- OS: Linux (ubuntu 20.04)
- OS disk:
- Size: 30GB Premium SSD LRS
- Encryption: SSE with CMK
- The trigger for deploying the new VM: RabbitMQ queues limit reached (Default: 30K queues)
- CI/CD Virtual Machine:
6. Key Vaults:
- Description: Azure Key Vaults provide a secure and centralized location for storing and managing cryptographic keys, secrets, and certificates.
- Purpose: Securely store and manage cryptographic keys, secrets, certificates, and other sensitive information used in Azure and Aos applications.
- Amount of resources: 16
- Configuration:
- Key Vaults SKU (Pricing tier): Standard
- Soft-delete: Enabled, 90 days retention
- Purge Protection: Enabled
- Public access: Allowed access from specific virtual networks and IP addresses
- Private endpoint connection: Connected with "Base" network
7. Front Door and CDN Profiles:
- Description: Azure Front Door and CDN Profiles provide global load balancing and content delivery network capabilities for improved performance and availability.
- Amount of resources: 1
- Purpose: Improved content delivery of Aos resources to the client
- Configuration:
- CDN SKU: Premium Verizon (Token-based configuration)
8. Container Registries:
- Description: Azure Container Registries provide a secure and private registry for storing and managing container images.
- Purpose: Store Aos and Kubernetes auxiliary Docker containers
- Amount of resources: 1
- Configuration:
- Container Registry SKU (Pricing tier): Premium
- Public access: Disabled
- Private access: Connected with "Base" network
- Integrated with AKS: true
9. Application Insights:
- Description: Azure Application Insights is an application performance monitoring and diagnostics service that helps you detect and diagnose issues in your applications.
- Purpose: Constant check and alerting of Aos application availability from several geo-distributed locations
- Amount of resources: 1
- Configuration:
- Retention in days: 90
- Frontend availability check
- Backend availability check
10. Log Analytics Workspace:
- Description: Azure Log Analytics Workspace provides a central repository for collecting, analyzing, and visualizing logs and telemetry data from various sources.
- Purpose: Collect and analyze log data from multiple sources.
- Amount of resources: 2
- Configuration:
- Pricing tier: Pay-as-you-go
- Retention in days: 90
- Collected resources:
- AKS OMS agent
- Storage Accounts
- Container registry
- PostgreSQL server
- Key Vaults
11. Private DNS Zone:
- Description: Azure Private DNS Zone allows you to create and manage custom DNS zones for private name resolution within your Azure Virtual Network.
- Purpose: Support private name resolution and private endpoint connections with the "base" network and the Azure-managed resources.
- Amount of resources: 10
12. Virtual networks:
- Description: Virtual Network (VNet), serves as a foundational networking construct that provides a private and isolated environment for running your Azure resources.
- Purpose: Private network space in Azure
- Amount of resources: 2
- Configuration:
- Base-network:
- Address space: 10.242.0.0/16
- Peering network: Message-queue-network
- Subnets:
- kubernetes-subnet: 10.240.100.0/24
- endpoints-subnet: 10.240.0.0/18
- runner-subnet: 10.240.255.0/24
- Message-queue-network:
- Address space: 10.250.0.0/20
- Peering network: Base-network
- Subnets:
- message-queue-subnet: 10.250.0.0/22
- Base-network:
13. Load balancer:
- Description: Azure Load Balancer is a high-performance, highly available, and scalable network load-balancing service offered by Microsoft Azure
- Purpose: Distribute network traffic evenly across multiple instances of a Kubernetes service, ensuring high availability, scalability, and efficient utilization of resources
- Amount of resources: 1
- Configuration:
- Pricing tier (SKU): Standard
- IP: 2 - Inbound and Outbound
- Open ports:
- Web port 443
- Service discovery port 9000
- Backend port 10000
Note: This is a brief overview of the main Azure resources. Of course, we use additional resources, such as networks, disks, policies, and so on. For detailed information and guidance on using these resources, please refer to the official Azure documentation or specific product documentation provided by Microsoft.