Cortex LogoCortex Charts
Version: 0.5.6

Azure AKS Prerequisites

This page outlines the prerequisite requirements for deploying Cortex DCI on a Kubernetes/AKS cluster using the "helm-only" deployment model.

For help with deploying your AKS cluster please refer to Azure's documentation on Kubernetes instantiation.

Basic Installation Prerequisites

  • Azure subscription
  • Valid SMTP credentials
  • Base domain zone
  • Service principal account \<add link to azure docs>
  • Cortex license and account name
    • JWT and key for "docsToken"
  • SSL certificate and any intermediate certificate with associated private key files signed by a trusted CA
  • Utilities:
    • azure-cli
    • kubectl
    • k9s
    • helm
    • jq

Service Principal Account

  • Provide an Azure Service Principal Account ID to the subscription where Cortex is to be deployed (3 GUID identifiers and common name).
  • Permissions for AKS cluster to pull images from CognitiveScale’s ACR (see Azure CLI API permissions).

Network

Provision a preferred network subnet with a /16 CIDR block size, and provide CognitiveScale with the subnet range.

AKS Cluster

  • Provision an AKS service with four (4) worker/kublet nodes per deployed Cortex instance.
  • Provision two (2) Kubernetes Ingress controller per deployed Cortex instance, one (1) with SSL termination and one (1) with SSL passthrough enabled.
  • Example

SSL Certificates

Wildcard certs and keys for the following targets. If wildcards certificates are not allowed, five (5) certificates and keys for the list of URLs below must be provisioned.

  • console.<cluster-name>.base-domain.
  • api.<cluster-name>.base-domain.
  • docs.<cluster-name>.base-domain.
  • marketplace.<cluster-name>.base-domain.
  • private-registry.<cluster-name>.base-domain.

Access to the cluster

Provide admin AKS permission to CognitiveScale to access the cluster.

EKS Prerequisites checklist

  • License Registration: Require first/last name & email address for license registration
  • Azure Subscription
    • Create VNet in the assigned subscription
    • Create a Bastion host
  • New Service Principal Account in Subscription
  • Build AKS Cluster
  • Decide on DNS base domain and process request
  • SSL: provide key, certs and any intermediates
  • Notify CognitiveScale that it is ready for validation
  • Log integration plan
  • System Monitoring plan
  • Give CognitiveScale, SRE team, access & required permission to perform the Cortex Configuration activity in the client subscription.