Installing the Platform on a Microsoft Azure Cloud
Overview
This guide outlines the required steps for installing (deploying) an instance of the Iguazio AI Platform ("the platform") to a Microsoft Azure cloud. When you complete the procedure, you will have a platform instance running under your Azure account.
-
Provisioning of the servers is handled automatically by the platform installer (Provazio).
Don't attempt to provision the servers manually prior to the deployment. -
The data-node instances include Non-Volatile Memory Express (NVMe) SSD-based instance storage, which is optimized for low latency, very high random I/O performance, and high sequential read throughput. The data doesn't persist on the NVMe if the instance is stopped.
Don't attempt to shut down any of the data nodes, as it will erase the data.
Prerequisites
Before you begin, ensure that you have the following:
- A Provazio API key and a Provazio vault URL, provided by Iguazio.
- A URL to the data node VHD file, provided by Iguazio to be copied to the local Azure Storage Account using AZ copy tool.
- An Azure subscription ID.
- An Azure Resource Manager template file for deploying the platform
mainTemplate.json . - An Azure location (For example, "eastus2") that's capable of provisioning the number and overall size of the Azure instance types (VM sizes) that you plan to use from among those supported by the platform. For reference, see the Azure resource-calculation guide.
The default data-node size is
Standard_L16s_v2
. Additional VMs are required for the Azure AKS cluster. - A working Azure CLI.
Preparing to Install
Start out by performing the preliminary steps outlined in the Pre-Installation Steps Using the Azure CLI guide.
Deployment Steps
To deploy an instance of the platform in the Azure cloud, execute the following steps from a command-line shell that has the Azure CLI (installed as part of the pre-installation steps).
Step 1: Accept the platform terms | Step 2: Create an Azure resource group | Step 3: Create an Azure user assigned managed identity | Step 4 (Optional): Create an Azure service principal | Step 5: Deploy the platform
Step 1: Accept the Platform Terms
Run the following Azure CLI command to accept the platform terms and conditions.
Replace <Azure subscription ID>
with your Azure subscription ID.
az vm image terms accept \
--offer iguazio-data-science-platform-vm \
--plan iguazio-data-science-platform-vm \
--publisher iguazio-5069960 \
--subscription <Azure subscription ID>
Step 2: Create an Azure Resource Group
Run the following Azure CLI command to create a new Azure resource group.
Replace <location>
with the name of your Azure location, and <resource-group name>
with the name of the resource group that you want to create.
az group create --location <location> --name <resource-group name>
For example, the following command creates a resource group named "my-resource-group-0" for location "eastus2":
az group create --location eastus2 --name my-resource-group-0
Step 3 : Create an Azure User Assigned Managed Identity
Follow the following guide and create a User Assigned Managed Identity. Create the User Assigned Managed Identity inside the Resource Group created in Step 2. Provide the User Assigned Managed Identity a "Contributor Role" to the Resource Group Step 2. If the vnet used in the deployment is in another Resource Group, Contributor Role should be provided to the vnet's Resource Group.
Step 4 (Optional): Create an Azure Service Principal
By default, the installer grants itself Contributor access to the resource group of the VNet in which the platform is provisioned, and you can safely skip this step. However, if you want to install the platform in an existing VNet that resides in a different resource group than that used for the platform deployment (created in Step 2), you must create an Azure service principal; save its tenant ID, subscription ID, client ID, and client secret; and provide this information to the platform installer as part of the deployment (see Step 4).
Contributor
roles in both the resource group containing the VNet and the resource group in which the platform is provisioned.Step 5: Deploy the Platform
Run the following Azure CLI command to the start deploying a new platform instance.
az deployment group create \
--resource-group <Azure Resource Group> \
--template-file <Resource Template> \
--name <Deployment Name> \
--parameters apiKey=<API Key> adminUsername=<User Name> adminPassword=<Password> vaultUrl=<Vault URL> systemId=<System ID> allocatePublicIpAddresses=<true/fales> whitelistedCidrs=<IP list> numDataNodes=<number of data nodes> systemDomain=<system domain> systemVersion=<Platform Version> appClusterKubernetesKind=aks appClusterKubernetesVersion=<AKS Version> userAssignedManagedIdentity=<link to the Assigned Managed Identity> appClusterKubernetesNodeGroups=<Node Groups Details> dataClusterImage=<VHD URL>
Replace the <...>
placeholders with the information for your environment:
- Azure Resource Group
- The name of the Azure resource group that you created in Step 2.
- Resource Template
- Path to your
mainTemplate.json Azure Resource Manager template file (see the installation prerequisites). - Deployment Name
- A unique Azure deployment name (for example, "iguazio-deployment-0"), which is required by the Azure CLI.
Note that platform identifies deployment instances by their custom platform name (ID)—see the
systemId
deployment parameter. - apiKey
- A Provazio API key, received from Iguazio (see the installation prerequisites).
- vaultUrl
- A Provazio vault URL, received from Iguazio (see the installation prerequisites).
- adminUsername
- A username for logging into the platform dashboard. More users can be added later.
- adminPassword
- A user password for logging into platform dashboard; see the password restrictions. This can be changed later.
- systemId
A platform name (ID) of your choice (for example, "my-platform-0"). The installer prepends this value to the value of
systemDomain parameter to create the full platform domain.- Valid Values: A string of 1–12 characters; can contain lowercase letters (a–z) and hyphens (-); must begin with a lowercase letter
- Default Value: A randomly generated lowercase string
- systemDomain
A custom platform domain (for example, "my-domain.com"). The installer prepends the value of the
systemId parameter to this value to create the full platform domain.- Default Value:
"iguazio-c0.com"
- Default Value:
- systemVersion
- Platform Version (to be recieved from Iguazio's support team).
- vnetName
The name of an existing VNet in which to provision the platform.
- Default Behavior: If this parameter isn't set, a new VNet named "<system ID>-vnet" is created.
- vnetSubnetName
The name of the subnet in which to provision the platform.
- Default Behavior: If this parameter isn't set, a new subnet named "<system ID>-subnet" is created.
- vnetResourceGroup
The resource group of the configured platform VNet (see the
vnetName parameter). To set this parameter, you must first create an Azure service principal, as outlined in Step 4.Default Value: The resource group that's used for the platform deployment (
--resource-group Azure Resource Group )
- vnetAddressPrefix
The CIDR of the newly created VNet; applicable only when the
vnetName parameter isn't set (resulting in the creation of a new VNet).- Default Value:
"172.38.0.0/16"
- Default Value:
- numDataNodes
The number of platform data nodes (VMs).
- Valid Values:
1
or3
- Valid Values:
- whitelistedCidrs
A list of classless inter-domain routing (CIDR) addresses to be granted access to the platform's service port (for example, "10.0.0.0/16,40.10.10.31/32"). This parameter is typically relevant when the platform has public IP addresses (when
allocatePublicIpAddresses is set totrue
).- Default Value: An empty list (
""
)
- Default Value: An empty list (
- allocatePublicIpAddresses
Set to
true
to allocate public IP addresses for all platform nodes (VMs).- Default Value:
false
- Default Value:
- whitelistIguazioNetwork
Set to
true
to allow Iguazio's support team to access the platform nodes from the Iguazio network. This parameter is applicable only when the platform has public IP addresses (see theallocatePublicIpAddresses parameter).- Default Value:
false
- Default Value:
- appClusterKubernetesKind
This parameter determines the type of Kubernetes cluster. Set to AKS.
- appClusterKubernetesVersion
- The Kubernetes version received from Iguazio.
- appClusterKubernetesNodeGroups
The node pool/s details to be created. An initial node pool must be created with a minimum of 1 Application Node that will not be scaled down. Additional node pools can be created with minimum of 0 nodes.
- Value Example: 'appClusterKubernetesNodeGroups=initial:2,Standard_D16s_v3;added0:0,0,2,Standard_NC6s_v3' will create an initial node pool of 2 Applicaiton nodes and a Node Pool of a minimum of 0 nodes and a maximum of 2 nodes from the Azure NC-series VMs.
- userAssignedManagedIdentity
In Azure Console go to "Managed Identities" -> Identity created in Step 3 -> Overview -> JSON view. Copy the "id": URL and use it with this parameter.
- Value Example: userAssignedManagedIdentity=/subscriptions/8d81bc0b-6abd-4395-be83-000251d9fdbe/resourcegroups/example/providers/Microsoft.ManagedIdentity/userAssignedIdentities/example-mgmt-id
- dataClusterImage
A URL path to the location of the data node VHD that was copied to the local Azure storage account (see prerequisite 2).
- spTenantId
- The tenant ID of the service principal.
- spSubscriptionId
- The subscription ID of the service principal (your Azure subscription ID).
- spClientId
- The client iD of the service principal.
- spClientSecret
- The client secret of the service principal.
Deployment Parameters
If you created a service principal (see Step 4), you must also set the following parameters:
Example
az deployment group create \
--resource-group rg-example \
--template-file mainTemplate.json \
--name example1 \
--parameters apiKey=xKsaG34ED8pa9rSUSexaVzkaQxj2T6g42P9UZTwy5FQ9Gmc adminUsername=admin adminPassword=TempPass123! vaultUrl=https://vault.trial.provazio.iguazio.com systemId=example allocatePublicIpAddresses=true whitelistedCidrs=0.0.0.0/0 whitelistIguazioNetwork=true numDataNodes=1 systemDomain=iguazio-c0.com systemVersion=3.0_b177_20210806003728 appClusterKubernetesKind=aks appClusterKubernetesVersion=1.19.11 userAssignedManagedIdentity=/subscriptions/8d81bc0b-6abd-4395-be83-000251d9fdbe/resourcegroups/example/providers/Microsoft.ManagedIdentity/userAssignedIdentities/example-mgmt-id 'appClusterKubernetesNodeGroups=initial:2,Standard_D16s_v3;added0:0,0,2,Standard_NC6s_v3'
Deployment Note
The deployment requires the command-line shell to remain open only until a "Running" message is displayed (typically, approximately 10 minutes after running the deployment command). The deployment takes approximately two hours. The Azure CLI has a fixed timeout period of 1.5 hours, so the command line shows a timeout indication during the deployment process, even though the deployment is still running. This is the expected behavior and no action is needed on your part. After Iguazio's support engineers confirm that the deployment completed successfully, they will guide you on how to log into the platform, and Iguazio's customer-success team will initiate a getting-started session to help you with your first steps.
Post-Deployment Steps
When the deployment completes, follow the post-deployment steps.