Design
cimpl-azure-provisioning deploys OSDU on AKS Automatic through three layers: infrastructure provisions the Azure resources and Kubernetes cluster, platform services install the middleware operators and instances, and service architecture deploys 20+ OSDU microservices with automatic compliance patching. Each layer has its own Terraform state and lifecycle so that infrastructure can evolve without redeploying services, platform operators can upgrade independently, and multiple OSDU stacks can share the same foundation safely. The architecture prioritizes layered lifecycle separation, upstream-safe customization, and secure-by-default deployment.
-
How the four Terraform states, lifecycle scripts, and namespace architecture enable independent layer operation and multi-stack isolation.
-
The Azure and AKS foundation: cluster provisioning, node placement, networking, and baseline naming and access patterns.
-
The shared middleware layer that OSDU depends on: databases, search, messaging, caching, certificates, and identity.
-
How OSDU services are packaged, patched for compliance, and deployed consistently using a shared Terraform module and feature flags.
-
How requests reach services and how services communicate: Gateway API ingress, DNS, TLS, service mesh, and async messaging.
-
The security model from cluster to pod: Istio mTLS, deployment safeguards, pod security standards, workload identity, and auth flows.
Reading path
New to the project? Start with Deployment Model for the big picture, then Infrastructure for the Azure foundation. Jump to Security if you need compliance details, or Service Architecture if you're adding OSDU services.