Skip to content

DOCS: Deploy on AKS #280

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
alaye-ms wants to merge 3 commits into
base: main
Choose a base branch
from
Open

DOCS: Deploy on AKS #280

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0c7ee7e
Move docs from playground to public
alaye-ms Mar 4, 2026
af2bab7
add agent suggestions
alaye-ms Mar 4, 2026
03198a8
further agent suggestions
alaye-ms Mar 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/agents/documentation-agent.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
description: 'Agent for documentation tasks in the DocumentDB Kubernetes Operator project.'
tools: [execute, read, terminal]
tools: [execute, read, edit, vscode, search]
---
# Documentation Agent Instructions

Expand Down
107 changes: 107 additions & 0 deletions docs/operator-public-documentation/getting-started/deploy-on-aks.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
# Deploy on Azure Kubernetes Service (AKS)

This guide covers the general AKS deployment model for the DocumentDB Kubernetes
Operator.

## Quick Start

For automated deployment, use the playground scripts:

```bash
cd documentdb-playground/aks-setup/scripts
./create-cluster.sh --deploy-instance
```

For complete automation details, see the
[AKS setup README](https://github.com/documentdb/documentdb-kubernetes-operator/tree/main/documentdb-playground/aks-setup).

## Understanding the Configuration

### Azure LoadBalancer Annotations

When using AKS, set the `DocumentDB` `spec.environment` field to `aks`.

```yaml
spec:
environment: "aks"
```

The operator adds Azure-specific Service annotations when the cluster type is
AKS:

```yaml
annotations:
service.beta.kubernetes.io/azure-load-balancer-external: "true"
```

This instructs kubernetes to assign the Load Balancer an IP which can be accessed
from outside the cluster.

### Storage Class

AKS uses the built-in `managed-csi` storage class by default
(`StandardSSD_LRS`). For production workloads, use a Premium SSD class such as
`managed-csi-premium`.

```yaml
spec:
resource:
storage:
storageClass: managed-csi-premium
```

For available classes, see
<https://learn.microsoft.com/azure/aks/concepts-storage#storage-classes>.

## Monitoring and Troubleshooting

### Common Issues

LoadBalancer pending:

```bash
az aks show --resource-group RESOURCE_GROUP --name CLUSTER_NAME --query networkProfile
```

PVC binding failures:

```bash
kubectl get storageclass
kubectl get pods -n kube-system | grep csi-azuredisk
```

## Cost and Security Considerations

### Cost Optimization

- Use smaller VM SKUs for development (for example `Standard_B2s`)
- Reduce node count in non-production environments
- Use Standard SSD where Premium SSD is not required

### Security Baseline

- Managed identity for Azure resource access
- Network policies enabled
- Encryption at rest on managed disks
- TLS for database traffic
- Azure RBAC integration

### Hardening Examples

```bash
az aks enable-addons \
--resource-group RESOURCE_GROUP \
--name CLUSTER_NAME \
--addons azure-policy

az aks enable-addons \
--resource-group RESOURCE_GROUP \
--name CLUSTER_NAME \
--addons azure-keyvault-secrets-provider
```

## Additional Resources

- [AKS documentation](https://learn.microsoft.com/azure/aks/)
- [Azure CNI networking](https://learn.microsoft.com/azure/aks/configure-azure-cni)
- [Azure Load Balancer](https://learn.microsoft.com/azure/load-balancer/)
Loading
Loading