Deploying Sarus Arena on Azure AKS

in three simple steps

Nicolas Grislain
Sarus Blog
5 min readMay 27, 2024

--

In this short post we will describe the deployment of Sarus Arena on Azure AKS. The deployment procedure will consist in three main steps:

  1. Provisioning the kubernetes (k8s) cluster and connecting to it.
  2. Setting up the public IP, domain name and TLS certificate.
  3. Deploying Arena using helm.

First step: provisioning a cluster

AKS web interface

To provision an AKS cluster on Azure, you’ll need an Azure account. Note that the installation process is relatively similar with other managed k8s such as GKE, EKS and the like.

You’ll also need Azure command line interface (az) and Kubernetes command line tool (kubectl). Make sure you have them installed.

You can create a cluster in many ways. In this document we will focus on using the CLI.

Create a few environment variables

You can parametrize the deployment of Arena using environment variables:

export CLUSTER_NAME="arena"
export REGION="westeurope"
export SUBSCRIPTION_ID="<your_id>"
export RESOURCE_GROUP_NAME="arena"
export NODE_RESOURCE_GROUP_NAME="arena_nodes"
export RELEASE_NAME="sarus"
export PUBLIC_IP="104.46.33.202"
export CLUSTER_HOST="arena.sarus.app"
export POSTGRES_USER="postgres"
export POSTGRES_PASSWORD="$(openssl rand -base64 12)"
export REDIS_PASSWORD="$(openssl rand -base64 12)"
export FIRST_SUPERUSER="admin@sarus.tech"
export FIRST_SUPERUSER_PASSWORD="$(openssl rand -base64 12)"
export SMTP_HOST="<your_smtp_server>"
export SMTP_USER="<your_smtp_user>"
export SMTP_USER="<your_smtp_password>"
export USERS_OPEN_REGISTRATION=False

Set them to fit your needs. Make sure the region you choose enables the provisioning of GPUs if you plan to use AI model fine-tuning features.

Note down the FIRST_SUPERUSER_PASSWORD you just generated by printing it:

echo $FIRST_SUPERUSER_PASSWORD

You will need it to log into the app as admin@sarus.tech (FIRST_SUPERUSER).

Create a resource group

The resource group is where the resources created by the user for the cluster are created. Create it using this command:

az group create --name $RESOURCE_GROUP_NAME --location $REGION

Another group: the node resource group will be automatically created with the cluster and will contain the resources created by k8s, such as the VMs etc.

Create the cluster

The cluster itself can be created with the command below:

az aks create \
--resource-group $RESOURCE_GROUP_NAME \
--name $CLUSTER_NAME \
--node-count 2 \
--subscription $SUBSCRIPTION_ID \
--location $REGION \
--tier standard \
--kubernetes-version 1.28.5 \
--auto-upgrade-channel patch \
--node-os-upgrade-channel NodeImage \
--nodepool-name agentpool \
--node-vm-size Standard_D8ds_v5 \
--enable-cluster-autoscaler \
--min-count 2 \
--max-count 5 \
--node-resource-group $NODE_RESOURCE_GROUP_NAME

We will add a nodepool in user mode. There are two modes for nodepools: user and system modes. Pods for the system are allocated in priority to nodepools in system mode so this user pool is mostly for the application pods.

az aks nodepool add \
--resource-group $RESOURCE_GROUP_NAME \
--name userpool \
--cluster-name $CLUSTER_NAME \
--mode user \
--node-count 2 \
--node-vm-size Standard_D8ds_v5 \
--enable-cluster-autoscaler \
--min-count 2 \
--max-count 5

Get the credentials

To connect to the cluster you need credentials on your local machine. Run the following command:

az aks get-credentials --resource-group $RESOURCE_GROUP_NAME --name $CLUSTER_NAME

It will configure your local kubectl command, typically by adding entries in your ~/.kube/config file.

Then use kubectl to access the cluster:

# E.g.
kubectl get nodes

Check the cluster configuration

You can check the cluster configuration this way:

az aks show --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP_NAME

You can list the nodepools this way:

az aks nodepool list --cluster-name $CLUSTER_NAME --resource-group $RESOURCE_GROUP_NAME

You have now a working cluster ready to run the Arena app.

Second step: setting up the public IP, domain name and TLS certificate

Create a public IP

We create a static public IP for the cluster.

az network public-ip create --name "${CLUSTER_NAME}-ip" \
--resource-group $NODE_RESOURCE_GROUP_NAME \
--allocation-method Static \
--location $REGION

Set a DNS entry for your domain

Associate a domain to this IP. In our case, we set the A record of arena.sarus.app to our newly created IP address.

Setup cert-manager

Arena uses cert-manager to automatically get a letsencrypt TLS certificate to enable secure https access.

To setup cert-manager first clone the Arena repository on your local machine.

git clone https://github.com/arena-ai/arena.git

Change to the repository directory:

cd arena

Create K8s Custom Resources Definitions (CRDs)

The use of cert-manager requires CRDs.

They can be created this way:

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml

Third and last step: deployment

The Arena app can be deployed with:

helm upgrade --install ${RELEASE_NAME} kubernetes/arena \
--set ingress-nginx.controller.service.loadBalancerIP=${PUBLIC_IP} \
--set cluster.host=${CLUSTER_HOST} \
--set postgresql.user=${POSTGRES_USER} \
--set postgresql.password=${POSTGRES_PASSWORD} \
--set redis.password=${REDIS_PASSWORD} \
--set backend.firstSuperUser.user=${FIRST_SUPERUSER} \
--set backend.firstSuperUser.password=${FIRST_SUPERUSER_PASSWORD} \
--set backend.smtp.host=${SMTP_HOST} \
--set backend.smtp.requireAuthentication=True \
--set backend.smtp.user=${SMTP_USER} \
--set backend.smtp.password="${SMTP_PASSWORD}" \
--set backend.usersOpenRegistration=${USERS_OPEN_REGISTRATION}

To ease the cluster administration, it is nice to deploy the kubernetes dashboard.

helm upgrade --install kubernetes-dashboard kubernetes-dashboard \
--repo https://kubernetes.github.io/dashboard/ \
--create-namespace --namespace kubernetes-dashboard

You can then log into the dashboard using:

kubectl --namespace kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443
A view of Sarus Arena on K8s dashboard

After a few seconds, the cluster should be up and running.

We can log into our app at: https://arena.sarus.app.

Et voilà!

If you like Arena, feel free to add stars to its github repo and read the upcoming posts about it.

--

--

Sarus Blog
Sarus Blog

Published in Sarus Blog

Sarus lets organizations leverage all their sensitive data assets for AI or analytics. Sarus leverages the latest privacy research to make compliance processes scalable and improves the efficiency of all data projects.

Nicolas Grislain
Nicolas Grislain