Azure Deployment Overview

The Curity Identity Server can quickly be deployed on Azure.

1. Deploy on Azure Kubernetes Service (AKS) using the Curity provided Helm Chart
2. Quick deployment using Azure Resource Manager (ARM) template

Deployment on AKS

Instructions on how to deploy the Helm Chart is available in the article, Kubernetes using Helm chart. Let's look at some of the steps needed in order to prepare the AKS environment for the Helm Chart deployment.

Setting up AKS

Start by installing the Azure CLI.

Create a resource group, run:

az group create --name myResourceGroup --location westus

The result should look something like the following. Note that the important information here is row 7:

{
  "id": "/subscriptions/ae0ca103-b17a-474a-ae00-52b93f35c9c9/resourceGroups/myResourceGroup",
  "location": "westus",
  "managedBy": null,
  "name": "myResourceGroup",
  "properties": {
    "provisioningState": "Succeeded"
  },
  "tags": null,
  "type": "Microsoft.Resources/resourceGroups"
}

Register a provider, run:

az provider register --namespace Microsoft.ContainerService

Create an AKS cluster, run:

az aks create \
    --resource-group myResourceGroup\
    --name myAKSCluster \
    --vm-set-type VirtualMachineScaleSets \
    --node-count 2 \
    --generate-ssh-keys

Note that this could take a few minutes to complete. Get credentials to the newly created AKS cluster so that we can connect to it, run:

az aks get-credentials --resource-group myResourceGroup --name myAKSCluster

Response should be something like:

Merged "myAKSCluster" as current context in /home/user/.kube/config

Deploy the Curity Identity Server to AKS

The environment is ready for the Helm Chart to be deployed. Follow the instructions in the article.

Expose the deployment

List the deployments

kubectl get deployments

Result:

NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
idsvr-tutorial-admin     1/1     1            1           12m
idsvr-tutorial-runtime   1/1     1            1           12m

The Admin node can be made accessible by port forwarding as described in the Install Helm Chart article.

To expose the runtime deployment, run:

kubectl expose deployment idsvr-tutorial-runtime --type=LoadBalancer --name=curity-runtime

To get the public IP, run:

kubectl describe service curity-runtime

The response should have an entry with the name LoadBalancer Ingress that contains the public IP address. This will be the address to reach the Curity Identity Server Runtime Node. Ex: https://<IP-address>:8443

ARM Template

This is a very straight forward and fast option that will deploy both the Curity Identity Server Admin and runtime components on a single node.

Summary

Deploying the Curity Identity Server on Azure Kubernetes Service (AKS) is trivial leveraging the Azure CLI and the provided Helm chart or the ready made ARM template.