Platform Azure Deployment
This guide covers deploying the platform on Azure Kubernetes Service.
Overview
The platform chart deploys UI, Catalog API, AI Agent, Audit API, Keycloak, workers, RabbitMQ, Redis, and supporting services. For RabbitMQ and Celery worker usage, see RabbitMQ & Celery Workers. It uses Azure Key Vault and Workload Identity for secrets and authentication.
Prerequisites
- Complete Azure Prerequisites
- Databases created (see Create databases)
- Required secrets in Key Vault (see Key Vault Secrets)
Deployment Options
Option 1: Automated Install (Recommended)
Use the automated install to create databases, check Key Vault secrets, verify ESO, and deploy:
# Navigate to the scripts directory in your project
# Copy and configure
cp install-config-azure.example.env install-config-azure.env
# Edit install-config-azure.env with your values (see below)
# Run the automated install
Configuration file (install-config-azure.env) — use placeholders, never commit real values:
| Variable | Description |
|---|---|
DB_USER | PostgreSQL admin user |
DB_HOST | <your-server>.postgres.database.azure.com |
DB_PORT | 5432 (default) |
DB_PASSWORD | PostgreSQL admin password |
KEY_VAULT_NAME | Your Azure Key Vault name |
HELM_NAMESPACE | bh-control-plane (default) |
VALUES_FILE | Optional: path to custom values file |
Skip steps (set to true to skip):
SKIP_DATABASES– Skip database creationSKIP_GRANT– Skip database privilege grantsSKIP_KEYVAULT– Skip Key Vault checksSKIP_ESO_CHECK– Skip External Secrets Operator checkSKIP_HELM– Skip Helm deployment
Option 2: Manual Deployment
# Navigate to the platform chart directory
# Update dependencies
helm dependency update
# Deploy
helm upgrade --install bighammer-azure . \
--namespace bh-control-plane \
--create-namespace \
-f values-dev.yaml \
--wait \
--timeout 10m
Post-Deployment
# Check pods
kubectl get pods -n bh-control-plane
# Check ExternalSecrets
kubectl get externalsecret -n bh-control-plane
# Check ingress
kubectl get ingress -n bh-control-plane
Ingress Hosts
The chart configures ingress for these services (hostnames are configurable in values):
| Service | Typical Host |
|---|---|
| BH UI | ui.<env>.az.<domain> |
| Admin UI | adminui.<env>.az.<domain> |
| Catalog API | catalog.<env>.az.<domain> |
| Audit API | audit.<env>.az.<domain> |
| AI Agent | aiagent.<env>.az.<domain> |
| Keycloak | kc.<env>.az.<domain> |
| Keycloak API | kcapi.<env>.az.<domain> |
| Transformation Utils | transformation-utils.<env>.az.<domain> |
| RabbitMQ | rabbitmq.<env>.az.<domain> |