Try Nected For Free

Azure

This guide explains how to deploy the full Nected Platform on Microsoft Azure using Terraform. The Terraform configuration provisions networking, an AKS cluster, databases, caching, logging infrastructure, DNS, SSL certificates, and all runtime services required for a production-grade Nected setup. Every step below prepares your system for a deterministic and reproducible deployment.

Prerequisites

Install the following tools on your machine and verify that each one runs correctly.

Requirement
Version
Purpose

Terraform

≥ 1.6

Infrastructure as Code (IaC) tool for provisioning Azure resources

Azure CLI

≥ 2.60

Command-line tool for interacting with Azure services

kubectl

Latest

Kubernetes command-line tool for cluster management

Helm

Latest

Kubernetes package manager for deploying applications

Git

Latest

Version control system for cloning the repository

Terraform manages Azure resources, the Azure CLI handles authentication and cluster access, kubectl interacts with AKS, and Helm deploys Nected’s workloads.

Azure Resources & Nected license key

To successfully deploy the infrastructure, ensure you have:

  • An active Azure Subscription and its Subscription ID

  • One Azure DNS Hosted Zone, which will be used for:

    • Creating CNAME records for all Nected services

    • Adding DNS entries required for SSL certificate validation

  • One Azure Resource Group where the entire infrastructure will be created.

    • The Hosted Zone can be in the same Resource Group or a different one.

  • Nected License Key required for installing the full Nected service

    • Remove it from terraform.tfvars if you want to use the free & limited version

Authentication

Authenticate your environment with Azure.

Login:

Select the correct subscription:

Confirm your context:

Terraform uses these credentials to communicate with Azure Resource Manager APIs. If authentication fails, no resource can be created. Always verify this step before proceeding.

Repository Setup and Installation Steps

Clone the Terraform deployment repository from GitHub. These files contain all resource definitions, Terraform modules, and environment-specific variables.

Clone the repository:

Move into the project directory:

Spend a moment reviewing the folder layout. Understanding which module controls which resource helps you troubleshoot or extend the deployment later.

Configuration

You must create a terraform.tfvars file to supply the environment-specific values. Terraform loads this file automatically and merges it into your configuration.

Example terraform.tfvars

Each variable directly influences the resources deployed on Azure. For example:

  • vnet_address_space defines the private network boundary for all Nected services.

  • aks_vm_size decides the compute capacity of each AKS worker node.

  • hosted_zone combined with domain prefixes produces all public URLs for UI, API, and router.

  • nected_pre_shared_key activates your Nected license inside the cluster.

Always verify that your values comply with Azure’s constraints—especially VM SKUs, PostgreSQL SKUs, and address spaces.

Deployment Steps

Execute the commands below from inside the repository directory. Terraform will detect modules, providers, and variable files automatically.

Step 1: Initialize the Terraform Workspace

Terraform downloads provider plugins, prepares the backend, and scans the modules. This process ensures all components needed for deployment are present.

Step 2: Validate the Configuration

This step checks your file structure and ensures that Terraform syntax, variable types, and references are correct. It prevents many common errors before provisioning.

Step 3: Preview the Changes

The plan lists all Azure resources Terraform will create, modify, or remove. Read the output carefully because Azure resources incur cost. This step provides visibility before making irreversible changes.

Step 4: Apply the Deployment

Terraform provisions:

  • The Azure Resource Group

  • The Virtual Network and all subnets

  • The AKS cluster using your specified VM size and scaling configuration

  • A PostgreSQL Flexible Server

  • A Redis Cache instance

  • An Elasticsearch VM-based cluster

  • DNS entries, routing rules, and SSL certificates

  • Helm deployments that install Nected services inside AKS

Azure typically takes several minutes to create managed services. The AKS cluster and PostgreSQL server are usually the slowest resources.

The Deployment Process might take ~25 minutes to complete

Post-Deployment Tasks

Once Terraform finishes, retrieve the outputs:

This returns critical information for operations:

  • The AKS cluster name

  • Resource group names

  • Fully qualified domain names for all Nected services

  • PostgreSQL and Redis endpoints

  • Elasticsearch connection details

  • Admin console credentials

  • kubeconfig contents (if enabled)

Use these values to connect to your environment.

Access AKS

Fetch Kubernetes credentials:

Check cluster access:

You should see your AKS worker node pool listed. If access fails, confirm that your Azure user has the correct RBAC role.

Alternative kubeconfig extraction

If you want to use the kubeconfig file generated by Terraform:

This method is useful in CI systems or non-interactive environments.

Destroying the Environment

Remove all resources created by Terraform:

Terraform deletes the VNet, AKS, databases, Redis, Elasticsearch, and DNS records. Azure may take a few minutes to release large managed services. Run this only when the environment is no longer required.

Accessing the Nected Application

Your deployed instance becomes available at:

  • UI: https://<ui_domain_prefix>.<hosted_zone>

  • Backend: https://<backend_domain_prefix>.<hosted_zone>

  • Router: https://<router_domain_prefix>.<hosted_zone>

Login using the credentials defined in terraform.tfvars:

  • Email: console_user_email

  • Password: console_user_password

Once logged in, verify UI connectivity, API responsiveness, webhook endpoints, and rule execution.

Terraform Azure: Public Domain vs Private Domain Configuration

This section explains how domain configuration behaves in Azure-based Terraform deployments and what changes when you deploy Nected using a public domain versus a private domain.

Public Domain Deployment (Azure DNS / Public Access)

When you deploy Nected on a public domain, Terraform provisions the Application Gateway and related resources for internet-facing access.

Key characteristics:

  • Application endpoints are exposed using the public IP of the Azure Application Gateway

  • DNS records are created in Azure DNS (Public Zone)

Required terraform.tfvars configuration:

  • Set agic_internal = false

This is the default configuration. Use this setup when Nected must be accessible over the public internet using a public IP address.

Private Domain Deployment (VNet / Internal Access Only)

When you deploy Nected on a private domain, all application traffic remains within your Azure virtual network.

Key characteristics:

  • Application endpoints use the private IP of the Azure Application Gateway

  • DNS records are created in Azure DNS Private Zones mapped to private IP addresses

  • Access is limited to internal networks, VPN, or private connectivity

Required terraform.tfvars configuration:

  • Set agic_internal = true

Use this configuration for regulated environments or deployments that require network isolation and restricted access.

Summary

Deployment Type
Public Domain
Private Domain

Internet Access

Yes

No

Domain Mapping

Public IP

Private IP

Select the deployment model based on your access and security requirements before running terraform apply.

Terraform Azure: Managed Redis vs Redis in AKS

This section explains how Redis is provisioned in Azure-based Terraform deployments and when to use managed Azure Redis Cache versus Redis deployed inside AKS.

Default: Redis Deployed in AKS (Recommended)

By default, Terraform deploys Redis using the Nected datastore Helm chart inside the AKS cluster.

Key characteristics:

  • Redis runs as a Kubernetes workload inside AKS

  • Used only for caching, not for persistent storage

  • Faster overall deployment time

  • No additional network latency between AKS and Redis

This setup is recommended for most deployments.

Optional: Azure Managed Redis Cache

If you choose to use Azure Redis Cache, Terraform provisions a managed Redis instance instead of deploying Redis in AKS.

Required terraform.tfvars configuration:

  • Set use_managed_redis = true

Important considerations:

  • Adds approximately 20 minutes to the deployment time

  • Introduces additional network latency compared to in-cluster Redis

  • Suitable when organizational policies mandate the use of managed cloud services

Use this option only when managed Redis is explicitly required by your infrastructure or compliance standards.

Support

For deployment questions or feedback:

  • Refer to the official documentation

  • Connect with the engineering team on LinkedIn

  • Email: [email protected]

If you want a diagram showing how AKS, PostgreSQL, Redis, Elasticsearch, and the Nected services connect, I can generate a Mermaid architecture diagram as well.

PreviousTerraformNextKubernetes

Last updated