Azure Deployment

Deploy Optimal Platform on Microsoft Azure using AKS (Azure Kubernetes Service).

Architecture Overview

┌─────────────────────────────────────────────────────────────────────────────┐
│                              Azure Cloud                                     │
│  ┌─────────────────────────────────────────────────────────────────────┐   │
│  │                      Virtual Network (10.0.0.0/8)                    │   │
│  │  ┌────────────────────────────────────────────────────────────────┐ │   │
│  │  │                    AKS Cluster Subnet                           │ │   │
│  │  │  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐             │ │   │
│  │  │  │  Node Pool  │  │  Node Pool  │  │  Node Pool  │             │ │   │
│  │  │  │    Zone 1   │  │    Zone 2   │  │    Zone 3   │             │ │   │
│  │  │  └─────────────┘  └─────────────┘  └─────────────┘             │ │   │
│  │  └────────────────────────────────────────────────────────────────┘ │   │
│  │                                                                      │   │
│  │  ┌────────────────────────────────────────────────────────────────┐ │   │
│  │  │                    Database Subnet                              │ │   │
│  │  │  ┌─────────────────────────────────────────────────────────┐   │ │   │
│  │  │  │           Azure Database for PostgreSQL                  │   │ │   │
│  │  │  │                 (Flexible Server)                        │   │ │   │
│  │  │  └─────────────────────────────────────────────────────────┘   │ │   │
│  │  └────────────────────────────────────────────────────────────────┘ │   │
│  └─────────────────────────────────────────────────────────────────────┘   │
│                                                                             │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐        │
│  │   Azure     │  │   Azure     │  │   Azure     │  │   Azure     │        │
│  │    DNS      │  │   Key       │  │  Container  │  │   Blob      │        │
│  │             │  │   Vault     │  │  Registry   │  │  Storage    │        │
│  └─────────────┘  └─────────────┘  └─────────────┘  └─────────────┘        │
│                                                                             │
│  ┌─────────────────────────────────────────────────────────────────────┐   │
│  │                    Azure Application Gateway                         │   │
│  │                      (Ingress Controller)                           │   │
│  └─────────────────────────────────────────────────────────────────────┘   │
└─────────────────────────────────────────────────────────────────────────────┘

Prerequisites

Requirement	Description
Azure Subscription	With Owner or Contributor role
Azure CLI	v2.50+ installed
Terraform	v1.6+
kubectl	v1.28+
Helm	v3.13+

Step 1: Configure Azure CLI

# Login to Azure
az login

# Set subscription
az account set --subscription "Your Subscription Name"

# Verify
az account show

Step 2: Register Required Providers

# Register providers
az provider register --namespace Microsoft.ContainerService
az provider register --namespace Microsoft.OperationsManagement
az provider register --namespace Microsoft.OperationalInsights

# Check registration status
az provider show -n Microsoft.ContainerService --query registrationState

Step 3: Prepare Terraform Variables

cd infra/terraform/azure

# Copy example configuration
cp terraform.tfvars.example terraform.tfvars

Edit terraform.tfvars:

# Required
subscription_id = "your-subscription-id"
location        = "eastus"
environment     = "production"

# Cluster Configuration
cluster_name       = "optimal-platform"
kubernetes_version = "1.29"
node_vm_size       = "Standard_D4s_v3"
node_count         = 3
node_min_count     = 3
node_max_count     = 10

# Networking
vnet_address_space = ["10.0.0.0/8"]
aks_subnet_prefix  = "10.240.0.0/16"
db_subnet_prefix   = "10.241.0.0/24"

# Database
db_sku_name        = "GP_Standard_D4s_v3"
db_storage_mb      = 131072
db_ha_mode         = "ZoneRedundant"

# Domain (optional)
domain_name        = "platform.yourdomain.com"

# Tags
tags = {
  Project     = "optimal-platform"
  ManagedBy   = "terraform"
  Environment = "production"
}

Step 4: Deploy Infrastructure

# Initialize Terraform
terraform init

# Review the plan
terraform plan -out=tfplan

# Apply (takes 15-20 minutes)
terraform apply tfplan

What Gets Created

Resource	Description
Resource Group	Container for all resources
Virtual Network	With AKS and database subnets
AKS Cluster	Managed Kubernetes with Azure CNI
PostgreSQL Flexible Server	Managed database with zone redundancy
Azure Container Registry	Private container registry
Azure Blob Storage	For backups and artifacts
Azure Key Vault	Secrets management
Application Gateway	Ingress with WAF

Step 5: Configure kubectl

# Get credentials
az aks get-credentials \
  --resource-group optimal-platform-rg \
  --name optimal-platform \
  --overwrite-existing

# Verify connection
kubectl get nodes

Step 6: Deploy Platform

# Return to repository root
cd ../../..

# Add Helm repositories
make helm-deps

# Deploy with production values
helm upgrade --install optimal-platform k8s/helm-charts/optimal-platform \
  --namespace optimal-system \
  --create-namespace \
  -f k8s/helm-charts/optimal-platform/values-production.yaml \
  --set global.cloud.provider=azure \
  --set global.cloud.region=eastus

Configure Azure-Specific Settings

# Additional Helm values for Azure
global:
  cloud:
    provider: azure
    region: eastus

ingress:
  className: azure-application-gateway
  annotations:
    appgw.ingress.kubernetes.io/ssl-redirect: "true"
    appgw.ingress.kubernetes.io/backend-protocol: "http"

postgresql:
  enabled: false  # Using Azure Database
  external:
    host: optimal-db.postgres.database.azure.com
    port: 5432
    database: optimal_platform

velero:
  configuration:
    provider: azure
    backupStorageLocation:
      bucket: optimal-backups
      config:
        storageAccount: optimalbackups
        resourceGroup: optimal-platform-rg

Step 7: Verify Deployment

# Check all pods
kubectl get pods -n optimal-system

# Get Application Gateway public IP
kubectl get ingress -n optimal-system

# Or via Terraform output
cd infra/terraform/azure
terraform output platform_url

Azure AD Integration (Optional)

Enable Azure AD authentication for Keycloak:

# Create app registration
az ad app create \
  --display-name "Optimal Platform" \
  --sign-in-audience "AzureADMyOrg"

# Configure redirect URIs
az ad app update \
  --id <app-id> \
  --web-redirect-uris "https://platform.yourdomain.com/auth/realms/optimal/broker/azuread/endpoint"

Production Checklist

• Enable zone-redundant PostgreSQL
• Configure Azure Key Vault integration
• Set up Azure Monitor alerts
• Enable AKS defender
• Configure network policies
• Enable Azure AD pod identity
• Set up Azure Backup for AKS

Government Cloud (Azure Gov)

For Azure Government deployments:

# terraform.tfvars
environment_type = "usgovernment"
location         = "usgovvirginia"

# Additional configuration
azure_environment = "usgovernment"

# Login to Azure Gov
az cloud set --name AzureUSGovernment
az login

Cleanup

# Remove platform
helm uninstall optimal-platform -n optimal-system

# Destroy infrastructure
cd infra/terraform/azure
terraform destroy

Troubleshooting

AKS nodes not ready

# Check node status
kubectl describe nodes

# Check system pods
kubectl get pods -n kube-system

Application Gateway issues

# Check AGIC logs
kubectl logs -n kube-system -l app=ingress-appgw-deployment

PostgreSQL connection issues

# Verify firewall rules
az postgres flexible-server firewall-rule list \
  --resource-group optimal-platform-rg \
  --name optimal-db

Next Steps

• Security Configuration
• Kyverno Policies
• Airgap Deployment