Just Kubernetes please, I will make decisions later
    Use proven, open source projects for my Kubernetes operational environment, and self-manage my clusters upgrades and scaling
    • Manual Upgrades
    • Manual Scaling
    • Contour Ingress (docs)
    • Prometheus/Grafana Monitoring (docs)
    • DockerHub container registry
    Auto managed by Azure for upgrades and scaling, using Azure provided managed addons for minimmal operational burden
    • Cluster auto-scaler (docs)
    • Cluster auto-upgrades (docs)
    • Azure Monitor for Containers (docs)
    • Azure Container Registry
    • Azure AppGateway Ingress (docs)
    Simplest option for experimenting with kubernetes, or clusters with no sensitive data
      Good option for implementing recommended minimum security controls for regular environments
      • AAD Integration (docs)
      • AUDIT Pod security baseline standards (docs)
      • East-West traffic control (docs)
      • Authorized IP address ranges (docs)
      Best option for highly secure, regulated environments or sensitive data requirements.
      Most secure option for your apps, but requires most involved access management
      • AAD Integration (docs)
      • ENFORCE Pod security baseline standards (docs)
      • East-West traffic control (docs)
      • Private Cluster (docs)
      • Restrict dependencies with Private Link (docs)
      • Restrict egress with Azure Firewall (docs)
      • Store Kubernetes Secrets in Azure KeyVault (docs)
      Leverages a cost-optimised configuration for AKS development teams
      • Single pool, single node
      • VM Compute: D2s v3 w/managed disk
      • Automated Daily cluster start/stop
      • AzMonitor: Reduced logging and monitoring
      • AzMonitor: Daily Log cap
      Creates a comprehensive AKS configuration for higher reliability and availability
      • 3 Node minimum (user pool)
      • VM Compute: DS3 v2 w/ephemeral OS disk
      • Availability Zones
      • SLA
      • NAT Gateway Egress
      Current GA Version
      IP or Cidr , separated

      Enter an IP/CIDR, or select 'Public IP with no IP restrictions' in the 'Cluster API Server Security' section of the 'Cluster Details' tab

      Requires AZ CLI (2.37.0 or greater), or execute in the Azure Cloud Shell.
      shell script
      Configuration not complete, please correct the tabs with the warning symbol before running
      # Create Resource Group
az group create -l westeurope -n az-k8s-3w38-rg

# Deploy template with in-line parameters
az deployment group create -g az-k8s-3w38-rg  --template-file ./bicep/main.bicep --parameters \
	resourceName=az-k8s-3w38 \
	upgradeChannel=stable \
	AksPaidSkuForSLA=true \
	SystemPoolType=Standard \
	agentCountMax=20 \
	custom_vnet=true \
	enable_aad=true \
	AksDisableLocalAccounts=true \
	enableAzureRBAC=true \
	adminPrincipalId=$(az ad signed-in-user show --query id --out tsv) \
	registries_sku=Premium \
	acrPushRolePrincipalId=$(az ad signed-in-user show --query id --out tsv) \
	omsagent=true \
	retentionInDays=30 \
	networkPolicy=azure \
	azurepolicy=audit \
	availabilityZones="[\"1\",\"2\",\"3\"]" \
	ingressApplicationGateway=true \
	appGWcount=0 \
	appGWsku=WAF_v2 \
	appGWmaxCount=10 \
	appgwKVIntegration=true \
	keyVaultAksCSI=true \
	keyVaultCreate=true \
	keyVaultOfficerRolePrincipalId=$(az ad signed-in-user show --query id --out tsv)

# Get credentials for your new AKS cluster & login (interactive)
az aks get-credentials -g az-k8s-3w38-rg -n aks-az-k8s-3w38
kubectl get nodes