7 Platform Control Plane Foundations

This chapter covers

Managing Cloud Account Baseline Settings
Defining the Transit Network Layer
Separating Customer Identity
Deploying the Cloud Service Control Plane

7.1 Cloud Account Baseline

7.1.1 Account Baseline Security Scanning

7.1.2 Account Baseline Observability

7.1.3 Hosted Zones and Top-level Domains

7.1.4 Exercise 7.1: Create a release pipeline for hosted zone and zone delegation

7.2 Transit Network Layer

7.2.1 Role-based Network Structure

7.2.2 Exercise 7.2: Create a release pipeline for a role-based network

7.3 Customer Identity

7.3.1 Authentication and Authorization

7.3.2 OIDC Device-Auth-Flow and Team Membership Claims

7.3.3 Project 7.1: Configure SaaS Identity Provider for Device Auth Flow

7.4 Cloud Service Control Plane Base

7.4.1 Managed Node Groups

7.4.2 Dependencies for AWS Managed EKS Services

7.4.3 AWS Managed EKS Addons

7.4.4 Integrating an OIDC Provider with the Control Plane Base

7.4.5 Post-Terraform Configuration

7.4.6 Strategy for Testing EKS Base

7.4.7 Exercise 7.3: Create a build and release pipeline for the control plane base

7.4.8 Project 7.2: Create a Platform CLI that uses the Customer identity provider to generate a customer identity token and a Kubeconfig file for accessing the Kubernetes clusters.

7.5 Summary

@font-face { font-family: 'livebook'; src:url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.eot?1.9.0'); src:url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.eot?1.9.0') format('embedded-opentype'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.woff?1.9.0') format('woff'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.ttf?1.9.0') format('truetype'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.svg?1.9.0') format('svg'); font-weight: normal; font-style: normal; }