Deployment in Microsoft Azure Cloud

Along with the Azure Kubernetes Service, the GoodData.CN requires the following Azure Services:

  • Azure Cache for Redis
  • Azure Database for PostgreSQL

These services should be accessible from the AKS cluster, make sure to read specific networking documentation.

Azure Cache for Redis

See official documentation .

Example provisioning of the service can be done by the az tool.

az redis create --location westeurope --name gooddata-cn-redis-cache \
  --resource-group gooddata-cn-resource-group --sku Standard \
  --vm-size c4 --enable-non-ssl-port

You can retrieve required connection properties (host and port) from service description:

az redis show --resource-group gooddata-cn-resource-group \
  --name gooddata-cn-redis-cache --query '{host:hostName,port:port}' -o json

Command outputs the following properties:

{
  "host": "gooddata-cn-redis-cache.redis.cache.windows.net",
  "port": 6379
}

To make access to your Redis cache more secure, we highly recommend using Private Endpoint configuration for your freshly deployed Redis instance.

export AZURE_DEFAULTS_GROUP=gooddata-cn-resource-group
nodeResourceGroup=$(az aks show --name gooddata-cn-azure --query nodeResourceGroup -o tsv)
aksVnet=$(az network vnet list -g ${nodeResourceGroup} --query '[].name' -o tsv)
aksVnetId=$(az network vnet show -g ${nodeResourceGroup} --name ${aksVnet} \
  --query 'id' -o tsv)
aksSubnet=$(az network vnet subnet list -g ${nodeResourceGroup} --vnet-name ${aksVnet} \
  --query '[].name' -o tsv)
subnetId=$(az network vnet subnet show -g ${nodeResourceGroup} --vnet-name ${aksVnet} \
  --name ${aksSubnet} --query 'id' -o tsv)
redisId=$(az redis show --name gooddata-cn-redis-cache --query 'id' -o tsv)
az network private-endpoint create --name gooddata-cn-redis-cache \
  --connection-name gooddata-cn-redis-cache-connection \
  --private-connection-resource-id ${redisId} \
  --subnet ${subnetId} --group-id redisCache
nifId=$(az network private-endpoint show --name gooddata-cn-redis-cache)
az network private-dns zone create --name privatelink.redis.cache.windows.net
az network private-dns link vnet create \
  --zone-name privatelink.redis.cache.windows.net --name gooddata-cn-redis-dns-link \
  --virtual-network ${aksVnetId} --registration-enabled false
redisIP=$(az resource show --ids $nifId -o tsv \
  --query 'properties.ipConfigurations[0].properties.privateIPAddress')
az network private-dns record-set a create  --name gooddata-cn-redis-cache \
  --zone-name privatelink.redis.cache.windows.net
az network private-dns record-set a add-record \
  --record-set-name gooddata-cn-redis-cache \
  --zone-name privatelink.redis.cache.windows.net -a ${redisIP}

Azure Database for PostgreSQL

See official documentation .

Example provisioning of the service can be done by the az tool.

az postgres server create --resource-group gooddata-cn-resource-group \
  --name gooddata-cn-pg --location westeurope --version 11 \
  --admin-user postgres --admin-password <PG_ADMIN_PASSWORD> \
  --sku-name GP_Gen5_4 --public Disabled --ssl-enforcement Disabled

You can retrieve required host from service description, port is 5432 by default.

az postgres server show --resource-group gooddata-cn-resource-group \
  --name gooddata-cn-pg --query '{host:fullyQualifiedDomainName}' -o json

Command outputs the following property:

{
  "host": "gooddata-cn-pg.postgres.database.azure.com"
}

To make access to your Postgres Database more secure, we highly recommend using Private Endpoint configuration for your freshly deployed Postgres instance.

export AZURE_DEFAULTS_GROUP=gooddata-cn-resource-group
nodeResourceGroup=$(az aks show --name gooddata-cn-azure --query nodeResourceGroup -o tsv)
aksVnet=$(az network vnet list -g ${nodeResourceGroup} --query '[].name' -o tsv)
aksVnetId=$(az network vnet show -g ${nodeResourceGroup} --name ${aksVnet} \
  --query 'id' -o tsv)
aksSubnet=$(az network vnet subnet list -g ${nodeResourceGroup} --vnet-name ${aksVnet} \
  --query '[].name' -o tsv)
subnetId=$(az network vnet subnet show -g ${nodeResourceGroup} --vnet-name ${aksVnet} \
  --name ${aksSubnet} --query id -o tsv)
pgId=$(az postgres server show --name gooddata-cn-pg --query 'id' -o tsv)
az network private-endpoint create --name gooddata-cn-pg-private \
  --connection-name gooddata-cn-pg-private --private-connection-resource-id ${pgId} \
  --subnet ${subnetId} --group-id postgresqlServer
nifId=$(az network private-endpoint show --name gooddata-cn-pg-private \
  --query 'networkInterfaces[0].id' -o tsv)
az network private-dns zone create --name privatelink.postgres.database.azure.com
az network private-dns link vnet create  \
  --zone-name privatelink.postgres.database.azure.com --name gooddata-cn-pg-dns-link \
  --virtual-network ${aksVnetId} --registration-enabled false
pgIP=$(az resource show --ids $nifId -o tsv \
  --query 'properties.ipConfigurations[0].properties.privateIPAddress')
az network private-dns record-set a create --name gooddata-cn-pg \
  --zone-name privatelink.postgres.database.azure.com
az network private-dns record-set a add-record \
  --record-set-name gooddata-cn-pg --zone-name privatelink.postgres.database.azure.com \
  -a ${pgIP}

For more details about this example, see the documentation .