A Proof of Concept app that allows users to answer questions to receive a score that's not a binary checklist, but rather an assessment based on trade-offs.

Review App Proof of Concept

Note: this is just a proof of concept and the content should be treated as fillers and placeholders


Local Development

First install Dependences

npm install

Then start the Nuxt.js Server

npm run nuxt:dev

Testing Production Builds

In the cloud, the app is served via Express so we can include a /health endpoint. To test if the app still works locally, run:

npm run nuxt:build
npm run express:dev


The best docs are code itself. See 🐳 Dockerfile and ☸️ manifests/deployment.yaml


Note: the architecture-review namespace should exist before running Terraform.

Resources Created

The Terraform infrastructure as code performs the following:

  • Azure Container Registry
    just for this application (because its lifecycle should be different from the AKS clusters)

  • Service Principals

    • to use in CI/CD to push/pull images to this container registry cloudkubereviews
    • contributor access to architecture-review namespace in shared cluster

Role Based Access Control (RBAC)

The following are managed in this repository's Infrastructure as Code.

Security Principal Role Scope
cloudkube-dev-r9er-cluster-agentpool AcrPull cloudkubereviews Container Registry
cloudkube-staging-d7c-cluster-agentpool AcrPull cloudkubereviews Container Registry
cloudkube-arch-review-ci-dev-sp AcrPush cloudkubereviews Container Registry
cloudkube-arch-review-ci-staging-sp AcrPush cloudkubereviews Container Registry
cloudkube-arch-review-ci-dev-sp AKS Cluster User Role* cloudkube-dev-r9er-cluster
cloudkube-arch-review-ci-staging-sp AKS Cluster User Role* cloudkube-staging-d7c-cluster
cloudkube-arch-review-ci-dev-sp AKS RBAC Writer architecture-review namespace in dev cluster
cloudkube-arch-review-ci-staging-sp AKS RBAC Writer architecture-review namespace in staging cluster

*Required read-only role for non-interactive cluster login

Governance Considerations

  • The infrastructure as code (IaC) in this repo is not intended for CI/CD automation or configuration management. Thus the Terraform state file is local.

  • This IaC is designed to be run by an Administrator with elevated permissions not just for this repository, but also for the corresponding Kubernetes clusters, which are managed in a different repository.

  • The Azure Container Registry's admin account is disabled.

  • The AKS clusters are AAD integrated and local accounts are disabled.

