## Description This architecture represents a hub and spoke components used to provision a kubernetes cluster in an isolated network (spoke) and accessible through an internet facing network (hub) using a bastion. ## Architecture components - **Hub and spoke:** two isolated resource groups with virtual networks. - **Public IP:** This IP is used by the bastion host, and it allows access from the internet to the vnet. - **Bastion host:** This Azure bastion host. If you want to reduce costs, it's better to use a virtual machine as a bastion instead of the native Azure bastion resource. - **Vnet peering** between the hub and spoke. - **Key vault:** Contains the secrets used in the cluster. - **Private end points** to limit access to the key vault and the container registry. - **Container registry** - **Kubernetes cluster** ## Requirement | Name | Configuration | | --- | --- | | Terraform | > 0.13 | | Provider | Azurerm | | Provider version | > 3.37 | ## How to use this architecture Go to the templates catalog and clone the architecture. Modify the variables according to your needs and deploy it. We highly advice you to run pipelines to check the security posture of this architecture and its cost before you deploy it to avoid any surprises. Use the CI/CD part for the pipelines. ## Maintainer(s) - [Chafik Belhaoues](mailto:chafik@brainboard.co) - [Brainboard team](mailto:support@brainboard.co)