Prime EDMAzure AKS Deployment Guide
Infrastructure Setup
Prerequisites
- Azure CLI v2.50+
kubectlv1.25+- Helm v3.0+
- Azure subscription with admin access
Initial Setup
- Login to Azure:
bash
az login- Create Resource Group:
bash
az group create --name prime-edm-rg --location eastus- Create AKS cluster:
bash
az aks create \
--resource-group prime-edm-rg \
--name prime-edm-cluster \
--node-count 3 \
--enable-addons monitoring \
--generate-ssh-keysNetwork Configuration
- Create Virtual Network:
bash
az network vnet create \
--name prime-edm-vnet \
--resource-group prime-edm-rg \
--subnet-name prime-edm-subnet- Configure Network Security:
bash
az network nsg create \
--resource-group prime-edm-rg \
--name prime-edm-nsgSecrets Management
Azure Key Vault Setup
- Create Key Vault:
bash
az keyvault create \
--name prime-edm-kv \
--resource-group prime-edm-rg \
--location eastus- Create Service Principal:
bash
az ad sp create-for-rbac --name prime-edm-sp- Set Key Vault permissions:
bash
az keyvault set-policy \
--name prime-edm-kv \
--spn <CLIENT_ID> \
--secret-permissions get listExternal Secrets Configuration
yaml
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: azure-backend
spec:
provider:
azurekv:
tenantId: "your-tenant-id"
vaultUrl: "https://prime-edm-kv.vault.azure.net"
authSecretRef:
clientId:
name: azure-secret-creds
key: client-id
clientSecret:
name: azure-secret-creds
key: client-secretIngress Configuration
Application Gateway Setup
- Enable Application Gateway Ingress Controller:
bash
az aks enable-addons \
--resource-group prime-edm-rg \
--name prime-edm-cluster \
--addons ingress-appgw- Configure Ingress:
yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: prime-edm-ingress
annotations:
kubernetes.io/ingress.class: azure/application-gateway
spec:
rules:
- host: api.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: prime-edm-service
port:
number: 80Production Configuration
High Availability Setup
- Create node pools for HA:
bash
az aks nodepool add \
--resource-group prime-edm-rg \
--cluster-name prime-edm-cluster \
--name prodpool \
--node-count 3 \
--node-vm-size Standard_DS3_v2- Enable cluster autoscaler:
bash
az aks update \
--resource-group prime-edm-rg \
--name prime-edm-cluster \
--enable-cluster-autoscaler \
--min-count 3 \
--max-count 6Monitoring Setup
- Enable Azure Monitor:
bash
az aks enable-addons \
--addons monitoring \
--resource-group prime-edm-rg \
--name prime-edm-clusterBackup Configuration
- Enable Azure Backup:
bash
az backup vault create \
--name prime-edm-vault \
--resource-group prime-edm-rg \
--location eastusCost Optimization
Resource Management
- Configure resource requests and limits:
yaml
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 500m
memory: 1Gi- Use Spot Instances:
bash
az aks nodepool add \
--resource-group prime-edm-rg \
--cluster-name prime-edm-cluster \
--name spotpool \
--priority Spot \
--eviction-policy Delete \
--spot-max-price -1Troubleshooting
Common Issues
Application Gateway Issues:
- Check network configuration
- Verify SSL certificate setup
- Review Application Gateway logs
Node Pool Issues:
- Check VM scale set status
- Verify network connectivity
- Review node pool logs
Networking Issues:
- Verify VNet configuration
- Check NSG rules
- Review route tables
Debug Commands
bash
# Check Application Gateway status
az network application-gateway show-backend-health \
--name prime-edm-agw \
--resource-group prime-edm-rg
# View node status
kubectl get nodes -o wide
# Check pod status
kubectl get pods --all-namespaces
# View service endpoints
kubectl get endpoints