Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Azure Kubernetes Services (AKS) landing zone accelerator provides a reference implementation to help you deploy AKS in an Azure landing zones. The following architecture shows how AKS integrates with shared services and aligns with the design areas.
Establish a platform foundation
A platform foundation provides shared services such as networking, identity, security, and governance. This foundation supports consistent and secure AKS deployments across your environment.
Implement a platform foundation using Azure landing zones. Use the Cloud Adoption Framework's Azure landing zone guidance to deploy shared services that include identity providers, hub-and-spoke networking, and centralized policy enforcement. This foundation simplifies security and management across your cloud environment.
Skip this step if your organization already has a platform foundation. If you already have an Azure landing zone, proceed to deploy the AKS landing zone accelerator.
AKS landing zone accelerator
This AKS landing zone accelerator includes a reference architecture that supports AKS deployments in an Azure landing zone.
Use the templates from the official GitHub repository. Use the AKS landing zone accelerator repo to access ARM template, Bicep, and Terraform templates for deploying AKS infrastructure components fit your environment. Modify environment variables and parameters to align with your organization’s naming conventions, policies, and operational requirements.
Deploy the accelerator in the landing zones management group. Place the AKS workload in the appropriate subscription and management group to ensure alignment with platform governance and policy enforcement.
Evaluate the AKS design areas
Design areas help you align your AKS implementation with Azure landing zone principles. Use the following guides to evaluate and configure each area:
- Azure billing and Active Directory (if needed)
- Identity and access management
- Network topology and connectivity
- Resource organization
- Security
- Management and business continuity and disaster recovery (BCDR)
- Platform automation and DevOps
- Storage