CIVITAS/CORE Azure Deployment
1. Install Prerequisites / Tools
To deploy CIVITAS/CORE on Azure, you need to set up a few tools on your local machine to interact with Azure services. We'll start by installing the Azure Command-Line Interface (CLI), which allows you to manage Azure resources from the command line.
Windows
Use the Windows Package Manager (winget) to install Azure CLI:
winget install -e --id Microsoft.AzureCLI
-e: Ensures exact match for the package ID.--id: Specifies the unique identifier for the Azure CLI package.
macOS
On macOS, use Homebrew, a popular package manager:
brew update
brew install azure-cli
brew update: Updates Homebrew to the latest version.brew install azure-cli: Installs the Azure CLI tool.
2. Login to Azure
Authenticate your local machine with your Azure account:
az login
This command opens a browser window where you can enter your Azure credentials. After successful login, your subscription details will be displayed in the terminal.
3. Register Azure Resource Providers
Azure Resource Providers must be registered to manage certain resources. Microsoft.ContainerService handles Azure Kubernetes Service (AKS). Microsoft.Compute handles virtual machines.
Check if it's registered:
az provider show --namespace Microsoft.ContainerService --query "registrationState"
az provider show --namespace Microsoft.Compute --query "registrationState"
If not, register it with:
az provider register --namespace Microsoft.ContainerService
az provider register --namespace Microsoft.Compute
4. Create an AKS Cluster
Now, we'll create a resource group and an AKS (Azure Kubernetes Service) cluster.
Create Resource Group
A resource group organizes Azure resources:
az group create --name civitas --location germanywestcentral
--name civitas: Names the resource group "civitas".--location germanywestcentral: Deploys resources in the West Europe region.
Create AKS Cluster
az aks create --resource-group civitas --name civitas --node-count 1 --generate-ssh-keys --node-vm-size Standard_D8s_v3
--node-count 1: Creates a single-node cluster (suitable for testing, not production).--generate-ssh-keys: Generates SSH keys for VM access.--node-vm-size Standard_D8s_v3: Specifies a small VM size. Consider upgrading for production.- D-Serie (General Purpose)
- Standard_D8s_v3: 8 vCPUs, 32 GiB RAM
- Standard_D16s_v3: 16 vCPUs, 64 GiB RAM
- Standard_D32s_v3: 32 vCPUs, 128 GiB RAM
- E-Serie (Memory Optimized)
- Standard_E8s_v3: 8 vCPUs, 64 GiB RAM
- Standard_E16s_v3: 16 vCPUs, 128 GiB RAM
- Standard_E32s_v3: 32 vCPUs, 256 GiB RAM
- F-Serie (Compute Optimized)
- Standard_F8as_v6: 8 vCPUs, 32 GiB RAM
- Standard_F16as_v6: 16 vCPUs, 64 GiB RAM
- Standard_F32as_v6: 32 vCPUs, 128 GiB RAM
- D-Serie (General Purpose)
If you would like to add additional node ppols to the cluster, you can use the following command:
az aks nodepool add --resource-group civitas --cluster-name civitas --name nodepool2 --node-count 5 --node-vm-size Standard_D2s_v3
Without additional rules, the scheduler distributes the pods randomly across all available nodes. If certain workloads should only run on specific VM types, you can use node selectors or affinity rules in your deployments.
5. Connect to the Cluster Using kubectl
kubectl is the Kubernetes command-line tool to interact with your AKS cluster.
Configure kubectl to Use Your AKS Cluster
az aks get-credentials --resource-group civitas --name civitas
This command downloads and configures the kubeconfig file, allowing kubectl to communicate with your cluster.
Verify Connection
kubectl get nodes
You should see a list of nodes (at least one) in your cluster, confirming that you're connected.
6. Install Ingress Controller and Cert-Manager
Install Ingress-NGINX
The ingress-nginx ingress controller manages external access to the CIVITAS/CORE services in your cluster.
-
Add the Helm repository:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update -
Install the ingress controller:
helm install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace --set controller.allowSnippetAnnotations=true --set controller.publishService.enabled=true --set controller.service.externalTrafficPolicy=Local --set controller.replicaCount=2--namespace ingress-nginx: Deploys in theingress-nginxnamespace.--set controller.allowSnippetAnnotations=true: Allows custom NGINX configurations via annotations.--set controller.publishService.enabled=true: Publishes the external IP address.--set controller.service.externalTrafficPolicy=Local: Ensures traffic is routed to the same node where the ingress controller is running.
If you want to use an existing external IP, you can use the --set controller.service.loadBalancerIP=<your-static-ip> flag.
Update DNS Settings
To make your services accessible via a domain, update your DNS A-record to point to the external IP of the ingress controller.
Find the external IP:
kubectl get svc -n ingress-nginx
Look for the EXTERNAL-IP under the ingress-nginx-controller service.
Install Cert-Manager
Cert-Manager automates the management of TLS certificates from Let's Encrypt.
-
Add the Cert-Manager Helm repository:
helm repo add jetstack https://charts.jetstack.io --force-update -
Install Cert-Manager:
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.17.0 --set crds.enabled=true--set crds.enabled=true: Ensures necessary Custom Resource Definitions (CRDs) are installed.
Configure Cluster Issuers
Let's Encrypt Cluster Issuers are installed with the CIVITAS/CORE deployment. Ensure the ingress class is correctly set to nginx in your inventory.
Next Steps:
- Deploy the CIVITAS/CORE platform to the AKS cluster.
- Set up monitoring and logging for better insights (provided by CIVITAS/CORE platform).
- Adjust cluster scaling and VM sizes based on workload requirements.