Prepare to Install on Azure

Before installing GoodData.CN on Microsoft Azure, ensure your environment is set up with the necessary tools and prerequisites. This section guides you through verifying requirements, installing essential command-line tools, and configuring your environment to prepare for the installation process.

Meet Prerequisites

Before you begin, ensure you have the following:

A GoodData.CN license key
An Azure account with the Owner access control role
Azure DNS zone; Or a domain and an access to that domain’s management console or dashboard
An External OIDC Identity Provider

Install Tools

This guide has been written from the point of view of a MacOS user using the shell terminal. If you are using different architecture, you may need to modify certain commands.

Steps:

Install Azure CLI:
```
brew install azure-cli
```
Log in to Azure:
```
az login
```
Install kubectl:
```
brew install kubectl
```
Install helm:
```
brew install helm
```

Download and extract Tinkey:

curl -fsL https://storage.googleapis.com/tinkey/tinkey-1.9.0.tar.gz \
    | tar xzvf -

Prepare Environmental Variables

During the installation, you will make use of environmental variables. This section provides instructions on creating and storing the necessary variables in a single file for easy management.

Steps:

Run the following command to create file environmental_variables.sh with your environmental variables:

cat <<EOF > environmental_variables.sh
# You will assign some the commented out environmental 
# variable values later in the installation process.

# Azure
AZ_RESOURCE_GROUP="gd-rg"
AZ_LOCATION="eastus2" # REVIEW

# PostgreSQL
PG_NAME="gd-db"
PG_ADMIN_NAME="postgres" # Don't change this!
PG_ADMIN_PASSWORD="" # FILL IN
PG_HOSTNAME="gd-db.postgres.database.azure.com"
PG_PORT=5432
PG_CREDENTIALS_SECRET="gd-pg-secret"

# Kubernetes
AZ_AKS="gd-aks-cluster"
AZ_AKS_NODE_RESOURCE_GROUP="gd-rg-aks-nodes"
PG_VNET="gd-vnet"
PG_SUBNET="gd-subnet"
# AZ_AKS_NODE_VNET=""
# AZ_AKS_NODE_VNET_ID=""
# PG_VNET_ID=""
# PG_SUBNET_ID=""

# DNS
DNS_ZONE="" # FILL IN
DNS_RESOURCE_GROUP="gd-rg" # Change this if your DNS zone is in different RG
USER_ASSIGNED_IDENTITY_NAME="externaldns"
FEDERATED_IDENTITY_CREDENTIAL_NAME="externaldns"
SERVICE_ACCOUNT_NAMESPACE="external-dns"
SERVICE_ACCOUNT_NAME="external-dns"
ACME_EMAIL="" # FILL IN
# AKS_OIDC_ISSUER=""
# SUBSCRIPTION_ID=""
# TENANT_ID=""
# USER_ASSIGNED_CLIENT_ID=""
# DNS_ID=""
# RESOURCE_GROUP_ID=""

# Azure Storage Account
AZ_STORAGE_ACCOUNT_NAME="gd-storage-user"
AZ_STORAGE_CONTAINER_NAME="gd-storage-container"
AZ_STORAGE_SECRET_NAME="gd-storage-secret"
# AZ_STORAGE_KEY=""

# GoodData.CN
GD_LICENSE_KEY="" # FILL IN
GD_LICENSE_KEY_SECRET="gd-license-secret"
GD_ENCRYPTION_KEYSET_SECRET="gd-keyset-secret"
GD_ORGANIZATION_HOSTNAME="" # FILL IN, use "yourcustomsubdomain.your_dns_zone"
GD_ORGANIZATION_ID="gd-org-id"
GD_ORGANIZATION_NAME="gooddata-org-name"
GD_ORGANIZATION_DISPLAY_NAME="GoodData Organization"
GD_ADMIN_USER_NAME="bootstrapAdminUser"
GD_ADMIN_USER_PASSWORD="" # FILL IN
GD_CERT_SELF_SIGNED_SECRET="gd-cert-secret"
# GD_ADMIN_USER_PASSWORD_SALTED=""
# GD_BOOTSTRAP_API_TOKEN=""

# Authentication
OAUTH_ISSUER_LOCATION="" # FILL IN
OAUTH_CLIENT_ID="" # FILL IN
OAUTH_CLIENT_SECRET="" # FILL IN
USER_SUB_CLAIM="" # FILL IN
EOF

Edit the file an update the following variables:
- GD_LICENSE_KEY
- AZ_LOCATION (see Choose Azure Location)
- DNS_ZONE
- ACME_EMAIL
- PG_ADMIN_PASSWORD and GD_ADMIN_USER_PASSWORD
- All Authentication variables.
You may customize other variables as well.
Export the variables by sourcing the file:
```
source environmental_variables.sh
```

Set Up Azure Resources