--- title: "Deploying Azure Kubernetes Services (AKS)" slug: "deploying-azure-kubernetes-services-aks" updated: 2024-12-20T15:04:00Z published: 2024-12-20T15:04:00Z --- > ## Documentation Index > Fetch the complete documentation index at: https://documentation.decisions.com/llms.txt > Use this file to discover all available pages before exploring further. # Deploying Azure Kubernetes Services (AKS) ## Overview The following article demonstrates how to set up an Azure Kubernetes Service (AKS) cluster in an Azure Cloud. For more information, refer to [About Clustering](https://documentation.decisions.com/v9/docs/about-clustering). ![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1684261577181.png) --- ### Prerequisites - An active [Azure Account](https://azure.microsoft.com/en-us/). - A Database Server. Refer to the [installation requirements](https://documentation.decisions.com/v9/docs/installation-requirements) to know the supported Databases. - If using an Azure Database Server, navigate to **Security > Networking** and enable **Allow Azure services and resources to access this server**. This action will allow the Kubernetes pods to access the DBs inside the DB server. Refer to the following image.![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1667918812438.png) - An Azure storage account. [Refer to Create a storage account](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal). - While creating a new Azure storage account, ensure **Performance**is set to Premiu m and the **Premium account type** is set to File Shares; refer to the following image. ![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1667918992912.png) - [Create a File share](https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-portal#create-a-file-share) under this Azure storage account. This file share will be used to maintain the persistent storage of the container. Further in this article, we have used a File Share named **filestorage**. Note: It is mandatory to create a File share. File share created under the Azure Storage Account will be mapped as the persistent storage volume to the containers. --- ### Steps to deploy the Kubernetes cluster in Azure 1. [Creating Kubernetes Service](/v9/docs/deploying-azure-kubernetes-services-aks#creating-kubernetes-service-with-azure-cli) 2. [Deploying a Decisions Service](/v9/docs/deploying-azure-kubernetes-services-aks#deploying-a-load-balancer-service) 3. [Enabling Application Gateway Ingress Controller (AGIC)](https://documentation.decisions.com/v9/docs/deploying-azure-kubernetes-services-aks#enabling-agic-application-gateway-ingress-controller) 4. [Deploying Application Gateway](/v9/docs/deploying-azure-kubernetes-services-aks#enabling-and-deploying-agic-application-gateway-ingress-controller) 5. [Deploying Redis Service](/v9/docs/deploying-azure-kubernetes-services-aks#deploying-a-redis-pod) 6. [Deploying Decisions Pods](/v9/docs/deploying-azure-kubernetes-services-aks#deploying-decisions-pod) 7. [Verifying the Cluster](/v9/docs/deploying-azure-kubernetes-services-aks#verifying-the-cluster) Each of these steps is explained further in this article. --- ## Creating Kubernetes Service with Azure CLI 1. Open the Azure CLI by clicking the command prompt icon to the right of the search bar. Change the CLI interface to Bash Language. ![](https://lh5.googleusercontent.com/ZTOJNEpzxZzUI__e6wnUkwkMZCnmzrpSJzk6rguTQVhjOKq7nQyB3B48rOsJYC9XWR4hoZNScMz79Ajnpqv5Z7RfxxLJZ_Gi5ljQ1Nwd6qosQOTypu1Ov0jPtqCZMdwznMoJGF6gX_4lyhN_i_pqNv8Qxgom8QgrMj8B35tZDrojhHXDHCZtXDradimOaQ) 2. Review and edit the commands from the following YAML file using the reference table. ```shell export SUBSCRIPTION=$Azure_Subscription_Name export RESOURCE_GROUP=$Resource_Group_Name export CLUSTER_NAME=$Prefered_Cluster_Name export LOCATION=$Region_set_to_the_Resource_Group export AKS_PERS_STORAGE_ACCOUNT_NAME=$Storage_Account_Name export STORAGE_KEY=$Storage_Account_Key az account set --subscription $Subscription_Name az aks create\    --resource-group $Resource_Group_Name\    --name $Given_Cluster_Name\    --node-count $Required_Node_count\    --generate-ssh-keys\    --node-vm-size Standard_D8s_v3\    --network-plugin azure az aks get-credentials --name $Given_Cluster_Name --resource-group $Given_Group_Name kubectl create secret generic azure-secret --from-literal=azurestorageaccountname=$Storage_Account_Name  --from-literal=azurestorageaccountkey=$Storage_Account_Key ``` | Variable Name | Description | | --- | --- | | `Azure_Subscription_Name` | Enter the Azure subscription name. | | `Resource_Group_Name` | Enter the Resource Group that falls under the same subscription. | | `Prefered_Cluster_Name` | Enter desired cluster name. | | `Region_set_to_the_Resource_Group` | Enter the same region used during setup. | | `Storage_Account_Name` | Enter the name of the created storage account. | | `Storage_Account_Key` | Enter the storage key from the above storage account. Refer to [View account access keys](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#view-account-access-keys). | | `Standard_D8s_v3` | The `Standard_D8s_v3` contains the minimum specification to handle the Decisions deployment in AKS. Please use larger node sizes if planning to run multiple replicas per node. Refer to [Azure VM sizes](https://learn.microsoft.com/en-us/azure/virtual-machines/dv5-dsv5-series). | 3. Once added, this will create Azure Kubernetes service in the Resource group. ![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1680602227696.png) --- ## Deploying a Decisions Service 1. From the Resource Group. Select the newly created Kubernetes service. 2. From the left configuration panel, navigate to **Kubernetes resources > Services and ingresses**. From the Top action bar, click on **Create > Apply a YAML.** ![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1680602381633.png) 3. Enter the following YAML. The name of the service can be changed by editing the `name `variable on line 4. ```yaml - apiVersion: v1  kind: Service  metadata:    name: decisions-service  spec:    type: ClusterIP    ports:      - targetPort: 80        name: port80        port: 80        protocol: TCP    selector:      app: decisions ``` 4. After deploying the YAML, the**Services**Page will populate with the 'decisions-service'. ![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1680603664756.png) ** --- ## Enabling AGIC (Application Gateway Ingress Controller) 1. Navigate to the **Kubernetes Service > Settings > Networking**. Scroll down and enable the **Application Gateway ingress controller,** and click on Apply. For more information, refer to [Microsoft's documentation](https://learn.microsoft.com/en-us/azure/application-gateway/tutorial-ingress-controller-add-on-existing#enable-the-agic-add-on-in-existing-aks-cluster-through-azure-portal). ![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1680620394702.png) --- ## Deploying Application Gateway 1. From the **Kubernetes resources > Services and ingresses**, add the following YAML. Update the following values from the YAML file. - `YOURAZURECERTHERE` - Enter the name of the certificate. The certificate should be in the PFX format. Follow the section to add a certificate manually to the application gateway. - `YOURDECISIONS.HOSTNAME.COM` - This will be the Decisions [Portal base URL](https://documentation.decisions.com/v9/docs/changing-the-portal-base-url). ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata:  name: agingress  annotations:    kubernetes.io/ingress.class: azure/application-gateway    appgw.ingress.kubernetes.io/ssl-redirect: "true"    appgw.ingress.kubernetes.io/appgw-ssl-certificate: "$PFX_CERT_NAME"    appgw.ingress.kubernetes.io/cookie-based-affinity: "true"    appgw.ingress.kubernetes.io/health-probe-path: "/home/healthcheck"    appgw.ingress.kubernetes.io/backend-hostname: "YOURDECISIONS.HOSTNAME.COM" spec:  rules:  - http:      paths:      - path: /        backend:          service:            name: decisions-service            port:              number: 80        pathType: Exact ``` 2. This will create the ingress at **Kubernetes > Services and ingresses > Ingresses**. Users will be able to hit the Decisions Pods through the application gateway's external IP address. In our example, the address is `20.112.53.29`. ![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1680680373789.png) ### Add an SSL certificate to the Application Gateway 1. Search for “Application Gatewayas” in the Azure search bar. Open the “Application Gateways” service from the search options. 2. Open the newly created ingress:`agingress` from the list. 3. From the left panel, navigate to “Listeners”. 4. Click on “Add Listener”. A new panel to add all the details for Listeners will open. - Listener Name: Enter the Listener's Name. - Frontend IP: Set to Public - Protocol: Set the Protocol to HTTPS - Port: Set the Port to 443 - Choose a Certificate: Select “Create New” if you want to upload a new certificate, or click “Select Existing” to pick the existing certificate. - HTTPS Settings: Select “Upload a Certificate” - Cert Name: Enter the certificate name similar to the one given in the above YAML file (`$PFX_CERT_NAME`) while deploying the Application Gateway. - PFX certificate file: Upload the PFX cert file. - Pasword: Enter the PFX cert password 5. Click on Add. --- ## Deploying a Redis Service Redis is used for external memory caching between all pods within the cluster. Only one Redis pod is needed per cluster. For more information on Redis, refer to [Setting Up Redis External Caching](https://documentation.decisions.com/v9/docs/setting-up-redis-external-caching). 1. Open the **Kubernetes service > Kubernetes Resources > Workloads** and create another YAML via the plus icon. 2. Enter the following YAML into the text box. ```yaml apiVersion: apps/v1 kind: Deployment metadata:  name: redis spec:  replicas: 1  selector:    matchLabels:      app: redis  template:    metadata:      labels:        app: redis    spec:      containers:        - image: redis:latest          name: redis          resources:            requests:              cpu: 4              memory: 16G            limits:              cpu: 4              memory: 16G          ports:            - containerPort: 6379              name: redis --- apiVersion: v1 kind: Service metadata:  name: redis-service spec:  selector:    app: redis  ports:    - protocol: TCP      port: 6379      targetPort: 6379 ``` 3. It might take a few minutes to deploy the Redis service. Navigate to **Kubernetes Service > Kubernetes resources > Workloads.**It will populate as 'redis-service'.![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1680685903176.png) 4. Select the newly created Redis service. It will open the Overview page. Copy the IP listed under **Endpoints**. Refer to the following image. ![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1680692177423.png) --- ## Deploying Decisions Pod 1. In the Kubernetes service, navigate to **Kubernetes resources > Workloads**from the left configuration panel and create another YAML via the plus icon. For all the details on the environment variables, refer to [Creating Environment List Files (env.list)](https://documentation.decisions.com/v9/docs/environment-variables-1). Check the Table Below and Modify Variables as Needed AML **** ```yaml - apiVersion: apps/v1  kind: Deployment  metadata:    name: decisions  spec:    replicas: 2    selector:      matchLabels:        app: decisions    template:      metadata:        labels:          app: decisions      spec:        nodeSelector:          kubernetes.io/os: linux        containers:          - image: decisionscore/platform:latest            name: decisions            env:              - name: DECISIONS_FORCEBASEURI                value: "https://your.domain.com"              - name: DECISIONS_PORTALBASEURL                value: "https://your.domain.com"              - name: DECISIONS_FILESTORAGELOCATION                value: "/opt/decisions/data"              - name: DECISIONS_DATABASETYPE                value: "AZURE"              - name: DECISIONS_DATABASECONNECTSTRING                value: "Server=tcp:[YOURDATABASE].database.windows.net,1433;Initial Catalog=decisions;Persist Security Info=False;User ID=[ADMINUSER];Password=[YOURADMINPASSWORD];MultipleActiveResultSets=False;Encrypt=False;Connection Timeout=30;"              - name: DECISIONS_CLUSTERING_TURNONCLUSTERING                value: "True"              - name: DECISIONS_CLUSTERING_REDISBASEURL                value: "redis-service.default.svc.cluster.local:6379"              - name: DECISIONS_LICENSECOMPANYID                value: "12345abc-67de-89fg-1011-121314151617"              - name: DECISIONS_LICENSECOMPANYNAME                value: "Decisions Customer"              - name: DECISIONS_LICENSECONTACTEMAIL                value: "exampleemail@decisions.com"              - name: DECISIONS_ENVIRONMENTNAME                value: "Decisions"              - name: DECISIONS_LICENSETYPE                value: "EnterpriseNonProduction"              - name: DECISIONS_ADMINISTRATOR_EMAIL                value: "name@email.com"              - name: DECISIONS_ADMINISTRATOR_PASSWORD                value: "your_password"            resources:              requests:                cpu: 4                memory: 16G              limits:                cpu: 4                memory: 16G            volumeMounts:              - name: filestorage                mountPath: /opt/decisions/data            ports:              - containerPort: 80                name: http        volumes:          - name: filestorage            csi:              driver: file.csi.azure.com              volumeAttributes:                secretName: azure-secret                shareName: filestorage                mountOptions: "dir_mode=0777,file_mode=0777,cache=strict,actimeo=30" ``` | Variable Name | Default Value | New Value | | --- | --- | --- | | spec > replicas | 2 | Enter the number of pods to create; minimum is 2. | | containers > image | decisionscore/platform:latest Ensure that the latest version is not used for the production environment. | Container images for all Decisions version 8.0 and further have been published to [Docker Hub](https://hub.docker.com/r/decisionscore/platform/tags) and are publicly available. Just change the version number as per requirement. | | DECISIONS_FORCEBASEURI | http://localhost | Enter the force base URI of the clustered environment. | | DECISIONS_DATABASECONNECTSTRING | Example connection string | Enter the connection string of the SQL server created during setup. | | DECISIONS_CLUSTERING_TURNONCLUSTERING | True | This will enable the containers to run in a cluster. | | DECISIONS_CLUSTERING_REDISBASEURL | redis-service.default.svc.cluster.local:6379 | This is the CoreDNS, a fully qualified domain name for the Redis service. | | ports > containerport | 80 | Enter the port number declared in the previous step when creating the load balancer service. | | DECISIONS_PORTALBASEURL | http://localhost | Enter the Portal base URL of the clustered environment. Enter the external IP of the LoadBalancer. | | DECISIONS_LICENSECOMPANYID | 12345abc-67de-89fg-1011-121314151617 | Enter the Customer ID for the container's instance. | | DECISIONS_LICENSECOMPANYNAME | Decisions Customer | Enter the Customer Name. | | DECISIONS_LICENSECONTACTEMAIL | email@decisions.com | Enter a contact email for the provided license. | | DECISIONS_ENVIRONMENTNAME | Decisions | Enter the name of the clustering Environment. This name will be stored to run all the containers under the clustering environment. | | DECISIONS_LICENSETYPE | EnterpriseNonProduction | Enter the license type of the container. This will likely be either 'Enterprise Production' or 'EnterpriseNonProduction'. | | DECISIONS_ADMINISTRATOR_EMAIL | name@email.com | Allows the creation of an administrator account that will be used to log in to the Portal after completing the hosting process. Note: This email address will be set as the default email address for sending notification emails. This default email address can be modified in the Portal settings. | | DECISIONS_ADMINISTRATOR_PASSWORD | your_password | Provide the password to the admin email. | | resources > requests > cpu | 4 | Mention the number of CPU cores. | | resources > requests > memory | 16G | Mention the memory to be allocated to the container. environment. | | resources > limits > cpu | 4 | Mention the maximum number of CPU cores. | | resources > limits > memory | 16G | Mention the maximum memory to be allocated to the container environment. | | volumeMounts > name | filestorage | Enter the name of the File share created in the Azure Storage account. | | - Volumes > name - Volumes > name > csi > driver > volumeAttributes > shareName | filestorage | Enter the name of the File share created in the Azure Storage account. This should match the storage names given in volumeMounts. | 2. After editing the values from the YAML file. Click Add to confirm. 3. This will deploy the pods. This may take several minutes. To check the status of the pods, enter `kubectl get pods` in the Azure CLI.![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1667999771683.png) 4. Once complete, the Ready column for the new Deployment will verify all pods running with a green checkmark. ![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1680692338597.png) ### Optional Settings in YAML Note: The configurations listed under this category are not mandatory for deploying the pods in AKS. These are additional configurations. 1. **Loading Windows fonts in Decisions containers** Warning: Not having TrueType Windows font might throw an Exception Error if you have a business use case of Document to PDF Steps and [WordToPdf module](https://documentation.decisions.com/v9/docs/about-modules). Decisions containers try to load the font from `/customfont` folder. To use the Windows font in containers, we need to volume map the `/customfont` folder. Windows font can be found at C:\Windows\Fonts, and an easy and quick way to get TrueType fonts on containers is to copy .TTF and .TTC files from the C:\Windows\Fonts to a new File Share in the Azure Storage Account. Add the following attributes under the `volumes` from the [above-listed YAML](/v9/docs/deploying-azure-kubernetes-services-aks#deploying-decisions-pod). ```yaml volumeMounts:    - name: $File Share name for custom fonts        mountPath: /customfont ``` ```yaml volumes:  - name: $File Share name for custom fonts    csi:      driver: file.csi.azure.com      volumeAttributes:        secretName: azure-secret        shareName: $File_Share_Name        mountOptions: "dir_mode=0777,file_mode=0777,cache=strict,actimeo=30" ``` 2. **Custom Modules** To use the Custom Module in the AKS. Users need to keep the Custom Module in the Custom Module folder, which gets created inside the file storage of the container. Custom Modules must be kept at the following location created under the Azure Storage Account. ```actionscript https://[Storage_Account_Name].file.core.windows.net/[File_Share_name]/CustomModules ``` ![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/image-1668002585531.png) --- ## Verifying the Cluster 1. Open the Decisions container instance by hitting on the External IP of the [Application Gateway Ingress Controller](/v9/docs/deploying-azure-kubernetes-services-aks#enabling-and-deploying-agic-application-gateway-ingress-controller). 2. In the Decisions instance, navigate to **System (gear icon) > Settings > Clustering Settings**. 3. In the Edit Clustering Settings window, Enable **Turn on clustering**, and in the **Redis Address** field, enter the [Redis Endpoint](/v9/docs/deploying-azure-kubernetes-services-aks#deploying-a-redis-pod) copied earlier in the article. 4. To verify the cluster, Navigate to **System > Administration > Services**. All the information related to the Decisions containers created in Azure will populate in this folder. ![](https://cdn.document360.io/6ef8bcc1-6489-4486-9ad1-83acff7e5df0/Images/Documentation/2024-07-31_13h15_32.png)