Production-ready infrastructure for deploying .NET Core backend, Next.js frontend, and PostgreSQL database on Azure Kubernetes Service (AKS) using Terraform and Ansible.
This project provisions a complete cloud infrastructure on Microsoft Azure with:
- Backend: .NET Core Web API running in containers
- Frontend: Next.js application with server-side rendering
- Database: Azure Database for PostgreSQL (Flexible Server)
- Container Platform: Azure Kubernetes Service (AKS)
- Container Registry: Azure Container Registry (ACR)
- Monitoring: ELK Stack (Elasticsearch, Logstash, Kibana)
- CI/CD: GitHub Actions
- Secrets Management: Azure Key Vault
- Development: Smaller resources for testing and development
- Staging: Production-like environment for pre-release testing
- Production: High availability, auto-scaling, multi-zone deployment
azure-k8s-infrastructure/
├── terraform/ # Infrastructure as Code
│ ├── modules/ # Reusable Terraform modules
│ └── environments/ # Environment-specific configurations
├── ansible/ # Configuration management
│ ├── playbooks/ # Automation playbooks
│ └── roles/ # Reusable roles
├── kubernetes/ # Kubernetes manifests
│ ├── backend/ # Backend deployment configs
│ ├── frontend/ # Frontend deployment configs
│ ├── ingress/ # Ingress controller configs
│ └── elk/ # ELK stack configs
├── applications/ # Application source code
│ ├── backend/ # .NET Core API
│ └── frontend/ # Next.js application
├── .github/workflows/ # CI/CD pipelines
└── scripts/ # Helper scripts
Ensure you have the following tools installed:
- Azure CLI (v2.40+)
- Terraform (v1.5+)
- Ansible (v2.15+)
- kubectl (v1.27+)
- Docker (v24+)
- Helm (v3.12+)
- GitHub CLI (optional, for issue management)
-
Clone the repository
git clone https://github.com/damnthonyy/azure-k8s-infrastructure.git cd azure-k8s-infrastructure -
Setup Azure Credentials (5 minutes)
# Automated setup (recommended) ./scripts/setup-azure-credentials.sh # Or follow detailed guide # See: docs/QUICK_START.md
-
Initialize Terraform Backend
./scripts/init-terraform.sh
-
Configure local non-secret environment variables (if needed)
Use
.envonly for non-sensitive local configuration values. Do not store Azure client secrets, service principal secrets, database passwords, or other credentials in.envor any other local file.If you need a local
.env, create it from.env.exampleonly for non-secret values and keep secrets in the supported credential systems described above (Azure CLI login, GitHub Actions secrets, Azure Key Vault, etc.).
- Quick Start Guide - Get started in 5 minutes
- Azure Setup - Detailed Azure configuration
- Credential Management - Security and credential rotation
- Contributing - Development workflow and best practices
# Navigate to desired environment
cd terraform/environments/dev
# Initialize Terraform
terraform init
# Plan the deployment
terraform plan -out=tfplan
# Apply the changes
terraform apply tfplan# Configure kubectl context
./scripts/setup-kubectl.sh dev
# Run Ansible playbooks
cd ansible
ansible-playbook -i inventory/dev.yml playbooks/configure-aks.yml
ansible-playbook -i inventory/dev.yml playbooks/deploy-elk.ymlPush to the appropriate branch to trigger CI/CD:
develop→ Deploys to Developmentstaging→ Deploys to Stagingmain→ Deploys to Production (with approval)
- Secrets Management: All secrets stored in Azure Key Vault
- Network Security: Private endpoints and network policies
- RBAC: Azure AD integration for authentication
- SSL/TLS: Automatic certificate management with cert-manager
- Container Scanning: Vulnerability scanning in CI/CD pipeline
- Application Logs: Centralized in ELK Stack
- Metrics: Prometheus and Grafana
- Alerts: Configured in Elasticsearch Watcher
- Dashboards: Pre-configured Kibana dashboards
Access Kibana:
kubectl port-forward -n elk-stack svc/kibana 5601:5601
# Open http://localhost:5601# Run Terraform validation
terraform validate
# Run Ansible syntax check
ansible-playbook --syntax-check playbooks/*.yml
# Run Kubernetes manifest validation
kubectl apply --dry-run=client -f kubernetes/We follow a structured workflow with GitHub issues and pull requests:
- Check existing issues or create a new one
- Create a feature branch:
feat/<issue-number>-description - Make your changes with descriptive commits
- Create a draft PR and link it to the issue
- Request review when ready
- Merge after approval
See CONTRIBUTING.md for detailed guidelines.
This project is licensed under the MIT License - see the LICENSE file for details.
For questions or support:
- Create an issue in this repository
- Contact the DevOps team
- Check the troubleshooting guide
- Multi-region deployment
- Advanced monitoring with APM
- Chaos engineering tests
- Cost optimization automation
- Infrastructure drift detection
Built by Antoine Mahassadi