Helm Deploy to Azure - paramify/support GitHub Wiki
Paramify can be deployed using Helm into an existing Kubernetes cluster, such as AWS EKS, Azure AKS, or self-managed.
The following instructions are an example of how to create and deploy into an Azure AKS cluster leveraging Workload Identity (attached to a ServiceAccount) for permissions to read/write from Azure Storage. Other than the specific Terraform the overall process is generally applicable for any Helm-based install of Paramify into Kubernetes.
- Azure CLI and authenticated user with sufficient permissions to create resources
- terraform CLI installed (if using the example .tf files)
- kubectl CLI installed
- A Paramify license (user and credential for Helm registry login)
- (Recommended) An available subdomain planned to access the application (e.g., paramify.company.com)
- (Recommended) Credentials for an SMTP server to send email
- (Recommended) Access to configure Okta or Google Cloud Console for SSO
Note: You'll need to configure at least one authentication method (e.g., SMTP, Google, Okta) to be able to login to Paramify.
Paramify will use the following infrastructure in Azure:
- AKS Kubernetes cluster
- PostgreSQL database (this example uses an embedded DB container, but optionally you could use Azure Database for PostgreSQL, etc.)
- Azure Storage account and container for images and generated documentation
- Load balancer to access to the Paramify application
To simplify creation of the infrastructure you can use the example Terraform files to create everything in an isolated resource group.
Follow these steps to create the infrastructure:
-
Update and apply the terraform example (or similar):
- In an empty directory, save the example files and edit
variables.tfto set the variables for your environment.
Note: If an AKS cluster already exists you may be able to skip the
azure-paramify-infra-prereq.tffile.- Init and check the configuration:
terraform init terraform plan
- Apply the configuration to create AWS resources:
terraform apply
Note: This will usually take a few minutes.
- Copy the convenience output values (or run
terraform output) that look something like:
azure_container = "paramify-container" azure_storage = "paramify" client_id = "00000000-0000-0000-0000-000000000000" kubernetes_cluster_name = "paramify-aks" resource_group_name = "paramify-rg" - In an empty directory, save the example files and edit
-
Authenticate your
kubectlconfig by running theaks-creds.shscript
Follow these steps to install the application using Helm:
-
Edit
values-local.yamland edit the configuration according to your environment, including SMTP and DB credentials.Note: Be sure to update ADMIN_EMAIL to match the first user that will login, who can then add other users.
-
Authenticate to the Paramify Helm registry using your license (which can be obtained from Paramify):
helm registry login registry.paramify.com --username [email protected] --password <license_id>
-
Review the Helm templates and then install:
- If desired, use the
helm templatecommand to preview the resulting templates that will be applied.
helm template paramify oci://registry.paramify.com/paramify/helm/paramify --namespace paramify --values ./values-local.yaml
- Then actually install the templates into your cluster:
helm install paramify oci://registry.paramify.com/paramify/helm/paramify --namespace paramify --values ./values-local.yaml
- If desired, use the
-
If you used the default
LoadBalanceroption you should do the following to identify the IP to connect to:kubectl get service paramify -n paramify
- The results will look something like:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/paramify LoadBalancer 10.0.43.163 10.224.0.6 443:31758/TCP 31s
- Copy the
EXTERNAL-IPand paste that into your browser to https://<EXTERNAL-IP>.
Note: You can add a custom DNS domain name pointing at that EXTERNAL-IP to get a more user friendly endpoint. It's then recommended to generate an associated SSL cert to use. Otherwise you may see an error in the browser about the SSL cert, which you'll have to accept to access the app.
Now you should be ready to access Paramify at the load balancer IP or optionally your desired domain (e.g., https://paramify.company.com) and login using one of your configured methods. Enjoy!