Deployment in Microsoft Azure Cloud

Along with the Azure Kubernetes Service, the GoodData.CN requires the following Azure Services:

Azure Cache for Redis
Azure Database for PostgreSQL

These services should be accessible from the AKS cluster, make sure to read specific networking documentation.

Azure Cache for Redis

Example provisioning of the service can be done by the az tool.

az redis create --location westeurope --name gooddata-cn-redis-cache \
  --resource-group gooddata-cn-resource-group --sku Standard \
  --vm-size c4 --enable-non-ssl-port

You can retrieve required connection properties (host and port) from service description:

az redis show --resource-group gooddata-cn-resource-group \
  --name gooddata-cn-redis-cache --query '{host:hostName,port:port}' -o json

Command outputs the following properties:

{
  "host": "gooddata-cn-redis-cache.redis.cache.windows.net",
  "port": 6379
}

To make access to your Redis cache more secure, we highly recommend using Private Endpoint configuration for your freshly deployed Redis instance.

export AZURE_DEFAULTS_GROUP=gooddata-cn-resource-group
nodeResourceGroup=$(az aks show --name gooddata-cn-azure --query nodeResourceGroup -o tsv)
aksVnet=$(az network vnet list -g ${nodeResourceGroup} --query '[].name' -o tsv)
aksVnetId=$(az network vnet show -g ${nodeResourceGroup} --name ${aksVnet} \
  --query 'id' -o tsv)
aksSubnet=$(az network vnet subnet list -g ${nodeResourceGroup} --vnet-name ${aksVnet} \
  --query '[].name' -o tsv)
subnetId=$(az network vnet subnet show -g ${nodeResourceGroup} --vnet-name ${aksVnet} \
  --name ${aksSubnet} --query 'id' -o tsv)
redisId=$(az redis show --name gooddata-cn-redis-cache --query 'id' -o tsv)
az network private-endpoint create --name gooddata-cn-redis-cache \
  --connection-name gooddata-cn-redis-cache-connection \
  --private-connection-resource-id ${redisId} \
  --subnet ${subnetId} --group-id redisCache
nifId=$(az network private-endpoint show --name gooddata-cn-redis-cache)
az network private-dns zone create --name privatelink.redis.cache.windows.net
az network private-dns link vnet create \
  --zone-name privatelink.redis.cache.windows.net --name gooddata-cn-redis-dns-link \
  --virtual-network ${aksVnetId} --registration-enabled false
redisIP=$(az resource show --ids $nifId -o tsv \
  --query 'properties.ipConfigurations[0].properties.privateIPAddress')
az network private-dns record-set a create  --name gooddata-cn-redis-cache \
  --zone-name privatelink.redis.cache.windows.net
az network private-dns record-set a add-record \
  --record-set-name gooddata-cn-redis-cache \
  --zone-name privatelink.redis.cache.windows.net -a ${redisIP}

Note

You will need the connection properties during the Helm Chart Installation.

Azure Database for PostgreSQL

See official documentation.

Example provisioning of the service can be done by the az tool.

az postgres server create --resource-group gooddata-cn-resource-group \
  --name gooddata-cn-pg --location westeurope --version 11 \
  --admin-user postgres --admin-password <PG_ADMIN_PASSWORD> \
  --sku-name GP_Gen5_4 --public Disabled --ssl-enforcement Disabled

You can retrieve required host from service description, port is 5432 by default.

az postgres server show --resource-group gooddata-cn-resource-group \
  --name gooddata-cn-pg --query '{host:fullyQualifiedDomainName}' -o json

Command outputs the following property:

{
  "host": "gooddata-cn-pg.postgres.database.azure.com"
}

To make access to your Postgres Database more secure, we highly recommend using Private Endpoint configuration for your freshly deployed Postgres instance.

export AZURE_DEFAULTS_GROUP=gooddata-cn-resource-group
nodeResourceGroup=$(az aks show --name gooddata-cn-azure --query nodeResourceGroup -o tsv)
aksVnet=$(az network vnet list -g ${nodeResourceGroup} --query '[].name' -o tsv)
aksVnetId=$(az network vnet show -g ${nodeResourceGroup} --name ${aksVnet} \
  --query 'id' -o tsv)
aksSubnet=$(az network vnet subnet list -g ${nodeResourceGroup} --vnet-name ${aksVnet} \
  --query '[].name' -o tsv)
subnetId=$(az network vnet subnet show -g ${nodeResourceGroup} --vnet-name ${aksVnet} \
  --name ${aksSubnet} --query id -o tsv)
pgId=$(az postgres server show --name gooddata-cn-pg --query 'id' -o tsv)
az network private-endpoint create --name gooddata-cn-pg-private \
  --connection-name gooddata-cn-pg-private --private-connection-resource-id ${pgId} \
  --subnet ${subnetId} --group-id postgresqlServer
nifId=$(az network private-endpoint show --name gooddata-cn-pg-private \
  --query 'networkInterfaces[0].id' -o tsv)
az network private-dns zone create --name privatelink.postgres.database.azure.com
az network private-dns link vnet create  \
  --zone-name privatelink.postgres.database.azure.com --name gooddata-cn-pg-dns-link \
  --virtual-network ${aksVnetId} --registration-enabled false
pgIP=$(az resource show --ids $nifId -o tsv \
  --query 'properties.ipConfigurations[0].properties.privateIPAddress')
az network private-dns record-set a create --name gooddata-cn-pg \
  --zone-name privatelink.postgres.database.azure.com
az network private-dns record-set a add-record \
  --record-set-name gooddata-cn-pg --zone-name privatelink.postgres.database.azure.com \
  -a ${pgIP}

Note

You will need the connection properties during the Helm Chart Installation.

For more details about this example, see the documentation.

Google Cloud Platform

On-premise