Secure Private AKS Platform

Project Overview

Designed and implemented a secure, private, and production-ready Azure Kubernetes Service (AKS) platform using Terraform. The focus was on enterprise-grade security, modular infrastructure, and long-term maintainability rather than just cluster creation.

Infrastructure & Architecture

• Private AKS cluster with no public API server exposure
• AKS deployed into private subnets within a secured Azure VNet
• Controlled ingress and egress through private networking
• Jump host deployed inside the VNet for cluster administration
• Azure Bastion for browser-based SSH access without public IPs
• Fully modular Terraform design for reusability and clarity

Terraform Modular Design

• Networking module (VNet, subnets, route tables)
• AKS module with system and user node pools
• Jump host and Bastion module
• Resource group management
• Managed identities and RBAC assignments
• Azure Key Vault for secret management

Identity & Kubernetes Access

• User-assigned managed identities for AKS control plane and nodes
• Azure RBAC integrated with Kubernetes RBAC
• Workload Identity for Kubernetes pods to access Azure services
• No service principal credentials stored in code or pipelines
• Secrets securely stored and accessed via Azure Key Vault

Security & Governance

• Private cluster networking aligned with Azure security best practices
• No public IP exposure on nodes or control plane
• Least-privilege access enforced using managed identities
• Infrastructure fully provisioned via Terraform for auditability
• Consistent and repeatable deployments across environments

Key Outcomes

• Enterprise-ready private AKS platform
• Strong separation of concerns through Terraform modules
• Improved security posture with zero public exposure
• Clean identity and secret management using Azure native services
• Scalable and maintainable foundation for production workloads

Project Gallery

terraformcli

Get Node Details from Jumphost

Aks resource group

Terraform State Management