Installing the Platform on a Microsoft Azure Cloud With AKS

On This Page

Overview

This guide outlines the required steps for installing (deploying) an instance of the Iguazio Data Science Platform ("the platform") to a Microsoft Azure cloud. When you complete the procedure, you will have a platform instance running under your Azure account.

Troubleshooting
If you run into issues during the installation, see the platform's Azure-installation troubleshooting guide. For further assistance, contact Iguazio's support team.
Warning
  • Provisioning of the servers is handled automatically by the platform installer (Provazio).
    Don't attempt to provision the servers manually prior to the deployment.

  • The data-node instances include Non-Volatile Memory Express (NVMe) SSD-based instance storage, which is optimized for low latency, very high random I/O performance, and high sequential read throughput. The data doesn't persist on the NVMe if the instance is stopped.
    Don't attempt to shut down any of the data nodes, as it will erase the data.

Prerequisites

Before you begin, ensure that you have the following:

  1. A Provazio API key and a Provazio vault URL, provided by Iguazio.
  2. An Azure subscription ID.
  3. An Azure Resource Manager template file for deploying the platform mainTemplate.json.
  4. An Azure location (For example, "eastus2") that's capable of provisioning the number and overall size of the Azure instance types (VM sizes) that you plan to use from among those supported by the platform. For reference, see the Azure resource-calculation guide. The default data-node size is Standard_L16s_v2. Additional VMs are required for the Azure AKS cluster.
  5. A working Azure CLI.

Preparing to Install

Start out by performing the preliminary steps outlined in the Pre-Installation Steps Using the Azure CLI guide.

Deployment Steps

To deploy an instance of the platform in the Azure cloud, execute the following steps from a command-line shell that has the Azure CLI (installed as part of the pre-installation steps).

Step 1: Accept the platform terms | Step 2: Create an Azure resource group | Step 3: Create an Azure user assigned managed identity | Step 4 (Optional): Create an Azure service principal | Step 5: Deploy the platform

Step 1: Accept the Platform Terms

Run the following Azure CLI command to accept the platform terms and conditions. Replace <Azure subscription ID> with your Azure subscription ID.

az vm image terms accept \
    --offer iguazio-data-science-platform-vm \
    --plan iguazio-data-science-platform-vm \
    --publisher iguazio-5069960 \
    --subscription <Azure subscription ID>

Step 2: Create an Azure Resource Group

Run the following Azure CLI command to create a new Azure resource group. Replace <location> with the name of your Azure location, and <resource-group name> with the name of the resource group that you want to create.

az group create --location <location> --name <resource-group name>

For example, the following command creates a resource group named "my-resource-group-0" for location "eastus2":

az group create --location eastus2 --name my-resource-group-0

Step 3 : Create an Azure User Assigned Managed Identity

Follow the following guide and create a User Assigned Managed Identity. Create the User Assigned Managed Identity inside the Resource Group created in Step 2. Provide the User Assigned Managed Identity a "Contributor Role" to the Resource Group Step 2. If the vnet used in the deployment is in another Resource Group, Contributor Role should be provided to the vnet's Resource Group.

Step 4 (Optional): Create an Azure Service Principal

By default, the installer grants itself Contributor access to the resource group of the VNet in which the platform is provisioned, and you can safely skip this step. However, if you want to install the platform in an existing VNet that resides in a different resource group than that used for the platform deployment (created in Step 2), you must create an Azure service principal; save its tenant ID, subscription ID, client ID, and client secret; and provide this information to the platform installer as part of the deployment (see Step 4).

Note
The service principal must have Contributor roles in both the resource group containing the VNet and the resource group in which the platform is provisioned.

Step 5: Deploy the Platform

Run the following Azure CLI command to the start deploying a new platform instance.

az deployment group create \
     --resource-group <Azure Resource Group> \
     --template-file <Resource Template> \
     --name <Deployment Name> \
     --parameters apiKey=<API Key> adminUsername=<User Name> adminPassword=<Password> vaultUrl=<Vault URL> systemId=<System ID> allocatePublicIpAddresses=<true/fales> whitelistedCidrs=<IP list> numDataNodes=<number of data nodes> systemDomain=<system domain> systemVersion=<Platform Version> appClusterKubernetesKind=aks appClusterKubernetesVersion=1.19.11 userAssignedManagedIdentity=<link to the Assigned Managed Identity> 'appClusterKubernetesNodeGroups=<Node Groups Details>'

Replace the <...> placeholders with the information for your environment:

Azure Resource Group
The name of the Azure resource group that you created in Step 2.
Resource Template
Path to your mainTemplate.json Azure Resource Manager template file (see the installation prerequisites).
Deployment Name
A unique Azure deployment name (for example, "iguazio-deployment-0"), which is required by the Azure CLI. Note that platform identifies deployment instances by their custom platform name (ID) — see the systemId deployment parameter.

Deployment Parameters

apiKey
A Provazio API key, received from Iguazio (see the installation prerequisites).
vaultUrl
A Provazio vault URL, received from Iguazio (see the installation prerequisites).
adminUsername
A username for logging into the platform dashboard. More users can be added later.
adminPassword
A user password for logging into platform dashboard; see the password restrictions. This can be changed later.
systemId

A platform name (ID) of your choice (for example, "my-platform-0"). The installer prepends this value to the value of systemDomain parameter to create the full platform domain.

  • Valid Values: A string of 1–12 characters; can contain lowercase letters (a–z) and hyphens (-); must begin with a lowercase letter
  • Default Value: A randomly generated lowercase string
systemDomain

A custom platform domain (for example, "my-domain.com"). The installer prepends the value of the systemId parameter to this value to create the full platform domain.

  • Default Value: "iguazio-c0.com"
systemVersion
Platform Version (to be recieved from Iguazio's support team).
vnetName

The name of an existing VNet in which to provision the platform.

  • Default Behavior: If this parameter isn't set, a new VNet named "<system ID>-vnet" is created.
vnetSubnetName

The name of the subnet in which to provision the platform.

  • Default Behavior: If this parameter isn't set, a new subnet named "<system ID>-subnet" is created.
vnetResourceGroup

The resource group of the configured platform VNet (see the vnetName parameter). To set this parameter, you must first create an Azure service principal, as outlined in Step 4.

  • Default Value: The resource group that's used for the platform deployment (--resource-group Azure Resource Group)

vnetAddressPrefix

The CIDR of the newly created VNet; applicable only when the vnetName parameter isn't set (resulting in the creation of a new VNet).

  • Default Value: "172.38.0.0/16"
numDataNodes

The number of platform data nodes (VMs).

  • Valid Values: 1 or 3
whitelistedCidrs

A list of classless inter-domain routing (CIDR) addresses to be granted access to the platform's service port (for example, "10.0.0.0/16,40.10.10.31/32"). This parameter is typically relevant when the platform has public IP addresses (when allocatePublicIpAddresses is set to true).

  • Default Value: An empty list ("")
allocatePublicIpAddresses

Set to true to allocate public IP addresses for all platform nodes (VMs).

  • Default Value: false
whitelistIguazioNetwork

Set to true to allow Iguazio's support team to access the platform nodes from the Iguazio network. This parameter is applicable only when the platform has public IP addresses (see the allocatePublicIpAddresses parameter).

  • Default Value: false
appClusterKubernetesKind

This parameter determines the type of Kubernetes cluster. Set to AKS.

appClusterKubernetesVersion
The Kubernetes version received from Iguazio.
appClusterKubernetesNodeGroups

The node pool/s details to be created. An initial node pool must be created with a minimum of 1 Application Node that will not be scaled down. Additional node pools can be created with minimum of 0 nodes.

  • Value Example: 'appClusterKubernetesNodeGroups=initial:2,Standard_D16s_v3;added0:0,0,2,Standard_NC6s_v3' will create an initial node pool of 2 Applicaiton nodes and a Node Pool of a minimum of 0 nodes and a maximum of 2 nodes from the Azure NC-series VMs.
userAssignedManagedIdentity

In Azure Console go to "Managed Identities" -> Identity created in Step 3 -> Overview -> JSON view. Copy the "id": URL and use it with this parameter.

  • Value Example: userAssignedManagedIdentity=/subscriptions/8d81bc0b-6abd-4395-be83-000251d9fdbe/resourcegroups/example/providers/Microsoft.ManagedIdentity/userAssignedIdentities/example-mgmt-id
Security-Principal Parameters

If you created a service principal (see Step 4), you must also set the following parameters:

spTenantId
The tenant ID of the service principal.
spSubscriptionId
The subscription ID of the service principal (your Azure subscription ID).
spClientId
The client iD of the service principal.
spClientSecret
The client secret of the service principal.

Example

az deployment group create \
     --resource-group rg-example \
     --template-file mainTemplate.json \
     --name example1 \
     --parameters apiKey=xKsaG34ED8pa9rSUSexaVzkaQxj2T6g42P9UZTwy5FQ9Gmc adminUsername=admin adminPassword=TempPass123! vaultUrl=https://vault.trial.provazio.iguazio.com systemId=example allocatePublicIpAddresses=true whitelistedCidrs=0.0.0.0/0 whitelistIguazioNetwork=true numDataNodes=1 systemDomain=iguazio-c0.com systemVersion=3.0_b177_20210806003728 appClusterKubernetesKind=aks appClusterKubernetesVersion=1.19.11 userAssignedManagedIdentity=/subscriptions/8d81bc0b-6abd-4395-be83-000251d9fdbe/resourcegroups/example/providers/Microsoft.ManagedIdentity/userAssignedIdentities/example-mgmt-id 'appClusterKubernetesNodeGroups=initial:2,Standard_D16s_v3;added0:0,0,2,Standard_NC6s_v3'

Deployment Note

The deployment requires the command-line shell to remain open only until a "Running" message is displayed (typically, approximately 10 minutes after running the deployment command). The deployment takes approximately two hours. The Azure CLI has a fixed timeout period of 1.5 hours, so the command line shows a timeout indication during the deployment process, even though the deployment is still running. This is the expected behavior and no action is needed on your part. After Iguazio's support engineers confirm that the deployment completed successfully, they will guide you on how to log into the platform, and Iguazio's customer-success team will initiate a getting-started session to help you with your first steps.

Post-Deployment Steps

When the deployment completes, follow the post-deployment steps.

See Also