Azure
Provisioning Control Plane Infrastructure on Azure
| Requirements | Description | Reason for Requirement |
|---|---|---|
| Kubernetes Cluster | Any Kubernetes cluster will work here - we can also choose the compute-plane cluster itself to install Truefoundry helm chart. | The Truefoundry helm chart will be installed here. |
| Azure Flexible Server for PostgreSQL | Postgres >= 13 | The database is used by Truefoundry control plane to store all its metadata. |
| Container in Azure Storage Account | Any container bucket reachable from control-plane. | This is used by control-plane to store the intermediate code while building the docker image. |
| Egress Access for TruefoundryAuth | Egress access to https://auth.truefoundry.com | This is needed to validate the users logging into Truefoundry so that licensing can be maintained. |
| Egress access For Docker Registry | 1 public.ecr.aws 2. quay.io 3. ghcr.io 4. docker.io/truefoundrycloud 5. docker.io/natsio 6. nvcr.io 7. registry.k8s.io | This is to download docker images for Truefoundry, ArgoCD, NATS, ArgoRollouts, ArgoWorkflows, Istio. |
| DNS with TLS/SSL | One endpoint to point to the control plane service (something like platform.example.com where example.com is your domain. There should also be a certificate with the domain so that the domains can be accessed over TLS. The control-plane url should be reachable from the compute-plane so that compute-plane cluster can connect to the control-plane | The developers will need to access the Truefoundry UI at domain that is provided here. |
| User/ServiceAccount to provision the infrastructure | - azure subscription with billing enabled - Contributor Role to the above Subscription. - Role Based Access Administrator to the above subscription | These are the permissions required by the IAM user in GCP to create the entire control plane components. |
Updated 3 days ago