Azure Deployment Guide
Detailed Azure deployment instructions using ARM templates
Azure Deployment Process
What Gets Deployed
Azure Resources Created:
- Azure Kubernetes Service (AKS) cluster
- Virtual Network with security groups
- Azure Key Vault (secrets management)
- Managed identities for secure access
Deployed Inside AKS:
- PostgreSQL (metadata storage)
- Redis (caching layer)
- RabbitMQ (message queue)
- Istio service mesh
Container Images Pulled From:
- GraphPolaris container registry at
graphpolaris.azurecr.io
Prerequisites
Azure Subscription
- Active Azure subscription
- Contributor or Owner role
- Sufficient quota for AKS nodes
Technical Requirements
- Azure CLI installed (for manual configuration)
kubectlfor cluster access- Your graph database connection details
Quota Requirements
Ensure your subscription has quota for:
| Resource | Minimum | Recommended |
|---|---|---|
| vCPUs (Standard_D4s_v3) | 12 | 24 |
| Public IP addresses | 2 | 4 |
| Load Balancers | 1 | 2 |
Check quota:
az vm list-usage --location westeurope --output table
Deployment Steps
Step 1: Initiate Deployment
Click the Deploy to Azure button provided by your account representative, or use the Azure Portal deployment template.
Step 2: Configure Parameters
| Parameter | Description | Example |
|---|---|---|
| Subscription | Your Azure subscription | "Production" |
| Resource Group | New or existing RG | "rg-graphpolaris-prod" |
| Region | Azure region | "West Europe" |
| Cluster Name | AKS cluster name | "aks-graphpolaris" |
| Node Size | VM size for nodes | "Standard_D4s_v3" |
| Node Count | Number of nodes | 3 |
| Admin Email | For Let's Encrypt | "[email protected]" |
Step 3: Review and Deploy
- Review configuration summary
- Accept terms and conditions
- Click "Create"
- Wait 30-60 minutes for deployment
Step 4: Post-Deployment Configuration
Get Cluster Credentials
az aks get-credentials \
--resource-group rg-graphpolaris-prod \
--name aks-graphpolaris
Verify Deployment
# Check nodes
kubectl get nodes
# Check GraphPolaris pods
kubectl get pods -n graphpolaris
# Get external IP
kubectl get svc -n graphpolaris
ARM Template Parameters
Required Parameters
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"clusterName": {
"value": "aks-graphpolaris"
},
"location": {
"value": "westeurope"
},
"nodeVmSize": {
"value": "Standard_D4s_v3"
},
"nodeCount": {
"value": 3
},
"adminEmail": {
"value": "[email protected]"
},
"graphDatabaseHost": {
"value": "neo4j.company.com"
},
"graphDatabasePort": {
"value": "7687"
}
}
}
Optional Parameters
{
"enablePrivateCluster": {
"value": false
},
"enableAzurePolicy": {
"value": true
},
"enableDefender": {
"value": true
},
"nodeMaxPods": {
"value": 50
},
"networkPlugin": {
"value": "azure"
},
"availabilityZones": {
"value": ["1", "2", "3"]
}
}
Network Configuration
Default Configuration
- Public AKS cluster with Azure CNI
- Azure Load Balancer for ingress
- Network Security Groups for traffic control
Private Cluster (Optional)
For enhanced security, deploy as private AKS cluster:
{
"enablePrivateCluster": {
"value": true
},
"privateClusterDnsZone": {
"value": "system"
}
}
Requirements for private cluster:
- Azure Bastion or jump box for cluster access
- Private DNS zone
- ExpressRoute or VPN for on-premise connectivity
Network Policies
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: graphpolaris-policy
namespace: graphpolaris
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: istio-system
egress:
- to:
- ipBlock:
cidr: 0.0.0.0/0
except:
- 10.0.0.0/8
Security Configuration
Azure Key Vault Integration
Secrets are stored in Azure Key Vault:
# List secrets
az keyvault secret list \
--vault-name kv-graphpolaris-prod \
--output table
# View secret (admin only)
az keyvault secret show \
--vault-name kv-graphpolaris-prod \
--name jwt-secret
Managed Identities
GraphPolaris uses Azure Managed Identities:
- AKS Managed Identity: Pulls container images
- Pod Identities: Access Key Vault secrets
Azure AD Integration
Enable Azure AD authentication for AKS:
az aks update \
--resource-group rg-graphpolaris-prod \
--name aks-graphpolaris \
--enable-aad \
--aad-admin-group-object-ids <group-object-id>
Monitoring and Logging
Azure Monitor
Enable Container Insights:
az aks enable-addons \
--resource-group rg-graphpolaris-prod \
--name aks-graphpolaris \
--addons monitoring \
--workspace-resource-id <log-analytics-workspace-id>
Log Analytics Queries
// Pod errors
ContainerLog
| where LogEntry contains "error"
| where PodName startswith "graphpolaris"
| project TimeGenerated, PodName, LogEntry
// Resource usage
Perf
| where ObjectName == "K8SContainer"
| where CounterName == "cpuUsageNanoCores"
| summarize avg(CounterValue) by bin(TimeGenerated, 5m), InstanceName
Alerts
Set up alerts for:
- Pod restart count > 3
- CPU usage > 80%
- Memory usage > 85%
- Failed requests > 10/min
Scaling
Manual Scaling
# Scale node pool
az aks nodepool scale \
--resource-group rg-graphpolaris-prod \
--cluster-name aks-graphpolaris \
--name nodepool1 \
--node-count 5
Cluster Autoscaler
Enable autoscaling:
az aks nodepool update \
--resource-group rg-graphpolaris-prod \
--cluster-name aks-graphpolaris \
--name nodepool1 \
--enable-cluster-autoscaler \
--min-count 3 \
--max-count 10
Backup and Recovery
Database Backup
PostgreSQL backups are automated:
# List backups
az postgres flexible-server backup list \
--resource-group rg-graphpolaris-prod \
--name psql-graphpolaris
# Restore to point in time
az postgres flexible-server restore \
--resource-group rg-graphpolaris-prod \
--name psql-graphpolaris-restored \
--source-server psql-graphpolaris \
--restore-time "2024-01-15T00:00:00Z"
Disaster Recovery
For cross-region DR:
- Enable geo-redundant backups
- Configure Azure Site Recovery
- Document recovery procedures
- Test quarterly
Upgrades
AKS Upgrade
# Check available versions
az aks get-upgrades \
--resource-group rg-graphpolaris-prod \
--name aks-graphpolaris \
--output table
# Upgrade cluster
az aks upgrade \
--resource-group rg-graphpolaris-prod \
--name aks-graphpolaris \
--kubernetes-version 1.29.0
GraphPolaris Upgrade
helm repo update
helm upgrade graphpolaris graphpolaris/graphpolaris \
--namespace graphpolaris \
--values values.yaml
Cost Optimization
Reserved Instances
Save up to 72% with Reserved Instances:
az reservations reservation-order purchase \
--sku Standard_D4s_v3 \
--term P1Y \
--quantity 3
Right-sizing
Monitor and adjust node sizes:
# Check resource usage
kubectl top nodes
kubectl top pods -n graphpolaris
# Resize node pool
az aks nodepool update \
--resource-group rg-graphpolaris-prod \
--cluster-name aks-graphpolaris \
--name nodepool1 \
--node-vm-size Standard_D2s_v3
Troubleshooting
Common Issues
Deployment failed: Quota exceeded
- Check quota:
az vm list-usage --location westeurope - Request quota increase via Azure Portal
Pods not starting: ImagePullBackOff
- Verify managed identity has ACR pull permissions
- Check network connectivity to graphpolaris.azurecr.io
Database connection failed
- Check network security groups
- Verify private endpoint configuration
- Test connectivity from pod
Support
Contact your account representative for:
- Deployment assistance
- Architecture review
- Troubleshooting support