├── .gitignore ├── CONTRIBUTING.md ├── LICENSE.md ├── README.md ├── SECURITY.md ├── cluster-manifests ├── README.md ├── a0008 │ ├── ingress-network-policy.yaml │ ├── ns-a0008.yaml │ └── rbac.yaml ├── cluster-baseline-settings │ ├── ns-cluster-baseline-settings.yaml │ └── rbac.yaml ├── cluster-rbac.yaml └── kube-system │ ├── ama-metrics-prometheus-config-configmap.yaml │ ├── ama-metrics-prometheus-config-node-configmap.yaml │ ├── ama-metrics-settings-configmap.yaml │ └── container-azm-ms-agentconfig.yaml ├── contoso-bicycle ├── README.md └── contoso-teams.svg ├── docs ├── aks-baseline_details.drawio.svg ├── architecture.drawio └── deploy │ ├── 01-prerequisites.md │ ├── 02-ca-certificates.md │ ├── 03-microsoft-entra-id.md │ ├── 04-networking.md │ ├── 05-bootstrap-prep.md │ ├── 06-aks-cluster.md │ ├── 07-bootstrap-validation.md │ ├── 08-workload-prerequisites.md │ ├── 09-secret-management-and-ingress-controller.md │ ├── 10-workload.md │ ├── 11-validation.md │ └── 12-cleanup.md ├── network-team ├── README.md ├── hub-default.bicep ├── hub-regionA.bicep ├── network-topology.drawio ├── spoke-BU0001A0008.bicep ├── topology.md └── virtualNetworkPeering.bicep ├── saveenv.sh ├── workload-team ├── acr-stamp.bicep ├── azuredeploy.parameters.prod.bicepparam ├── cluster-stamp.bicep └── modules │ ├── alerts.bicep │ ├── policies.bicep │ ├── policy-K8sCustomIngressTlsHostsHaveDefinedDomainSuffix.bicep │ ├── role-assignment-EnsureClusterIdentityHasRbacToSelfManagedResources.bicep │ └── role-assignment-EnsureClusterUserAssignedHasRbacToManageVMSS.bicep └── workload ├── 01-aspnetapp.yaml ├── 02-aspnetapp-ingress.yaml ├── aspnetapp-ingress-patch.yaml ├── kustomization.yaml ├── readme.md └── traefik.yaml /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/.gitignore -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/LICENSE.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/SECURITY.md -------------------------------------------------------------------------------- /cluster-manifests/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/cluster-manifests/README.md -------------------------------------------------------------------------------- /cluster-manifests/a0008/ingress-network-policy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/cluster-manifests/a0008/ingress-network-policy.yaml -------------------------------------------------------------------------------- /cluster-manifests/a0008/ns-a0008.yaml: -------------------------------------------------------------------------------- 1 | kind: Namespace 2 | apiVersion: v1 3 | metadata: 4 | name: a0008 5 | -------------------------------------------------------------------------------- /cluster-manifests/a0008/rbac.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/cluster-manifests/a0008/rbac.yaml -------------------------------------------------------------------------------- /cluster-manifests/cluster-baseline-settings/ns-cluster-baseline-settings.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/cluster-manifests/cluster-baseline-settings/ns-cluster-baseline-settings.yaml -------------------------------------------------------------------------------- /cluster-manifests/cluster-baseline-settings/rbac.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/cluster-manifests/cluster-baseline-settings/rbac.yaml -------------------------------------------------------------------------------- /cluster-manifests/cluster-rbac.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/cluster-manifests/cluster-rbac.yaml -------------------------------------------------------------------------------- /cluster-manifests/kube-system/ama-metrics-prometheus-config-configmap.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/cluster-manifests/kube-system/ama-metrics-prometheus-config-configmap.yaml -------------------------------------------------------------------------------- /cluster-manifests/kube-system/ama-metrics-prometheus-config-node-configmap.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/cluster-manifests/kube-system/ama-metrics-prometheus-config-node-configmap.yaml -------------------------------------------------------------------------------- /cluster-manifests/kube-system/ama-metrics-settings-configmap.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/cluster-manifests/kube-system/ama-metrics-settings-configmap.yaml -------------------------------------------------------------------------------- /cluster-manifests/kube-system/container-azm-ms-agentconfig.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/cluster-manifests/kube-system/container-azm-ms-agentconfig.yaml -------------------------------------------------------------------------------- /contoso-bicycle/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/contoso-bicycle/README.md -------------------------------------------------------------------------------- /contoso-bicycle/contoso-teams.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/contoso-bicycle/contoso-teams.svg -------------------------------------------------------------------------------- /docs/aks-baseline_details.drawio.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/aks-baseline_details.drawio.svg -------------------------------------------------------------------------------- /docs/architecture.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/architecture.drawio -------------------------------------------------------------------------------- /docs/deploy/01-prerequisites.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/deploy/01-prerequisites.md -------------------------------------------------------------------------------- /docs/deploy/02-ca-certificates.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/deploy/02-ca-certificates.md -------------------------------------------------------------------------------- /docs/deploy/03-microsoft-entra-id.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/deploy/03-microsoft-entra-id.md -------------------------------------------------------------------------------- /docs/deploy/04-networking.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/deploy/04-networking.md -------------------------------------------------------------------------------- /docs/deploy/05-bootstrap-prep.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/deploy/05-bootstrap-prep.md -------------------------------------------------------------------------------- /docs/deploy/06-aks-cluster.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/deploy/06-aks-cluster.md -------------------------------------------------------------------------------- /docs/deploy/07-bootstrap-validation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/deploy/07-bootstrap-validation.md -------------------------------------------------------------------------------- /docs/deploy/08-workload-prerequisites.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/deploy/08-workload-prerequisites.md -------------------------------------------------------------------------------- /docs/deploy/09-secret-management-and-ingress-controller.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/deploy/09-secret-management-and-ingress-controller.md -------------------------------------------------------------------------------- /docs/deploy/10-workload.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/deploy/10-workload.md -------------------------------------------------------------------------------- /docs/deploy/11-validation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/deploy/11-validation.md -------------------------------------------------------------------------------- /docs/deploy/12-cleanup.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/docs/deploy/12-cleanup.md -------------------------------------------------------------------------------- /network-team/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/network-team/README.md -------------------------------------------------------------------------------- /network-team/hub-default.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/network-team/hub-default.bicep -------------------------------------------------------------------------------- /network-team/hub-regionA.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/network-team/hub-regionA.bicep -------------------------------------------------------------------------------- /network-team/network-topology.drawio: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/network-team/network-topology.drawio -------------------------------------------------------------------------------- /network-team/spoke-BU0001A0008.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/network-team/spoke-BU0001A0008.bicep -------------------------------------------------------------------------------- /network-team/topology.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/network-team/topology.md -------------------------------------------------------------------------------- /network-team/virtualNetworkPeering.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/network-team/virtualNetworkPeering.bicep -------------------------------------------------------------------------------- /saveenv.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/saveenv.sh -------------------------------------------------------------------------------- /workload-team/acr-stamp.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload-team/acr-stamp.bicep -------------------------------------------------------------------------------- /workload-team/azuredeploy.parameters.prod.bicepparam: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload-team/azuredeploy.parameters.prod.bicepparam -------------------------------------------------------------------------------- /workload-team/cluster-stamp.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload-team/cluster-stamp.bicep -------------------------------------------------------------------------------- /workload-team/modules/alerts.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload-team/modules/alerts.bicep -------------------------------------------------------------------------------- /workload-team/modules/policies.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload-team/modules/policies.bicep -------------------------------------------------------------------------------- /workload-team/modules/policy-K8sCustomIngressTlsHostsHaveDefinedDomainSuffix.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload-team/modules/policy-K8sCustomIngressTlsHostsHaveDefinedDomainSuffix.bicep -------------------------------------------------------------------------------- /workload-team/modules/role-assignment-EnsureClusterIdentityHasRbacToSelfManagedResources.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload-team/modules/role-assignment-EnsureClusterIdentityHasRbacToSelfManagedResources.bicep -------------------------------------------------------------------------------- /workload-team/modules/role-assignment-EnsureClusterUserAssignedHasRbacToManageVMSS.bicep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload-team/modules/role-assignment-EnsureClusterUserAssignedHasRbacToManageVMSS.bicep -------------------------------------------------------------------------------- /workload/01-aspnetapp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload/01-aspnetapp.yaml -------------------------------------------------------------------------------- /workload/02-aspnetapp-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload/02-aspnetapp-ingress.yaml -------------------------------------------------------------------------------- /workload/aspnetapp-ingress-patch.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload/aspnetapp-ingress-patch.yaml -------------------------------------------------------------------------------- /workload/kustomization.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload/kustomization.yaml -------------------------------------------------------------------------------- /workload/readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload/readme.md -------------------------------------------------------------------------------- /workload/traefik.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mspnp/aks-baseline/HEAD/workload/traefik.yaml --------------------------------------------------------------------------------