In preparation for az 900 and az 104 certifications
- Setup NAT Gateway for outbound connectivity instead of using Load Balancer public ip Outbound Connections
- [] Setup Azure Virtual Network Manager for hub and spoke topology Doc
- [] Setup private endpoints for ACR and Vault [Doc] (https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview)
- Use spot instances or free B1s VMs [Doc] (https://learn.microsoft.com/en-us/azure/aks/spot-node-pool)
- [] Setup ACR repository for cache-through [Doc] (https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache)
- [] Add role assignment for app gateway and for user in AKS [Tf] (https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment)
Requirements:
- Assign read role for managed identity on resource group
- Assign contributor role for managed identity on Application Gateway