A pretty simple Spring boot project that communicates with Azure SQL DB and keeps secrets in Azure Key Vault, runs in Azure Kubernetes Service, communicates with both AKV and Azure SQL over Private Link. This project and the associated DevOps pipelines can be seen and used as a starting point for your actual project in Azure. The final architecture looks like
This has been broken down into following set of articles:
- The basic setup - Creating a Simple Spring Boot App deployed on AKS talking to Azure SQL db. Everything is terraformized and run via Azure DevOps.
- Adding Identity & Governance - Using Azure AD Managed Identities to access Key Vault & SQL and using OPA based Azure Policy for Governance
- Securing the Network - Looks into using enabling Private Links for Key Vault & SQL, and at the end using Private AKS Cluster with Azure Firewall and some basic thoughts on Network Policies