Azure Modules
The Azure Terraform modules provision Azure-specific infrastructure for the MATIH platform: AKS clusters, PostgreSQL databases, Key Vault, networking, storage, monitoring, and governance resources.
Source: infrastructure/terraform/modules/azure/
Module Inventory
| Module | Path | Description |
|---|---|---|
| Kubernetes Control Plane | azure/kubernetes/control-plane/ | AKS cluster with system and user nodepools |
| Kubernetes Data Plane | azure/kubernetes/data-plane/ | AKS nodepools for data plane workloads |
| PostgreSQL | azure/postgres/ | Azure Database for PostgreSQL Flexible Server |
| Key Vault | azure/keyvault/ | Azure Key Vault for secret management |
| Networking | azure/networking/ | VNet, subnets, NSGs, DNS zones |
| Storage | azure/storage/ | Azure Blob Storage accounts |
| Cognitive Services | azure/cognitive-services/ | Azure OpenAI and Cognitive Services |
| Monitoring | azure/monitoring/ | Azure Monitor, Log Analytics workspace |
| Monitoring Nodepool | azure/monitoring-nodepool/ | Dedicated nodepool for monitoring workloads |
| Governance | azure/governance/ | Azure Policy assignments and compliance |
| Tagging | azure/tagging/ | Consistent resource tagging |
AKS Cluster Module
Key Resources
| Resource | Purpose |
|---|---|
azurerm_kubernetes_cluster | AKS cluster with RBAC and workload identity |
azurerm_kubernetes_cluster_node_pool | System, user, GPU, and build nodepools |
azurerm_container_registry | Azure Container Registry for images |
Nodepool Configuration
| Nodepool | VM Size | Purpose |
|---|---|---|
| system | Standard_D4s_v5 | System components (kube-system) |
| user | Standard_D8s_v5 | Application workloads |
| gpu | Standard_NC6s_v3 | ML/AI GPU workloads |
| build | Standard_D4s_v5 | Multi-arch image builds (scales to 0) |
PostgreSQL Module
| Resource | Purpose |
|---|---|
azurerm_postgresql_flexible_server | Managed PostgreSQL instance |
azurerm_postgresql_flexible_server_database | Database per service |
random_password | Generated passwords stored in Key Vault |
Networking Module
| Resource | Purpose |
|---|---|
azurerm_virtual_network | Platform VNet |
azurerm_subnet | AKS, PostgreSQL, and service subnets |
azurerm_dns_zone | Platform DNS zone (e.g., matih.ai) |
azurerm_network_security_group | Network security rules |
Key Vault Module
All secrets are stored in Azure Key Vault and synced to Kubernetes via External Secrets Operator (ESO):
| Secret Category | Examples |
|---|---|
| Database passwords | PostgreSQL admin and app passwords |
| API keys | Azure OpenAI keys, external API credentials |
| TLS certificates | cert-manager integration |
Related Pages
- AWS Modules -- AWS equivalents
- GCP Modules -- GCP equivalents
- Environments -- Environment configurations