Azure remote provisioning

Configuring your Azure account

With an Altinity.Cloud Anywhere account, Altinity technical support can remotely provision Azure AKS clusters in your Azure account, then create ClickHouse® clusters inside those Kubernetes clusters.

Setting up a Bring Your Own Cloud environment for Azure involves three steps:

  1. Get an Altinity.Cloud Anywhere account.
  2. Create an Azure Service Principal (SP) and associate it with Altinity’s Azure resources.
  3. Create an Environment in the Altinity Cloud Manager (ACM) and point it to your Azure account.

With those steps completed, Altinity.Cloud Anywhere will have the necessary access to create Kubernetes clusters in your Azure environment and then create ClickHouse clusters in those Kubernetes clusters.

You’ll need to know your Azure Tenant ID and the Subscription ID you want to use for your BYOC environment. You’ll also need User Access Administrator or Role Based Access Control Administrator permissions or higher to create a service principal. See your Azure account administrator if you don’t have that level of access.

Creating an Azure Service Principal

There are two ways to do this: with Terraform or with az, the Azure command-line tool.

Using Terraform

We recommend using Terraform to create the service principal. That gives you a complete record of everything you’ve created as well as a way to delete everything via the terraform destroy command.

Copy these lines to a file named main.tf:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~>3.0"
    }
  }
}

provider "azurerm" {
  skip_provider_registration = true
  features {}
}

variable "subscription_id" {
  type = string
  description = "The ID of subscription to connect to Altinity.Cloud"
}

locals {
  application_id = "8ce5881c-ff0f-47f7-b391-931fbac6cd4b"
}

data "azuread_client_config" "current" {}

resource "azuread_service_principal" "altinity_cloud" {
  client_id       = local.application_id
  owners          = [data.azuread_client_config.current.object_id]
  description     = "Altinity.Cloud Service Principal"
  notes           = "Altinity.Cloud Service Principal"
  account_enabled = true # change to false to block Altinity.Cloud access
  feature_tags {
    hide = true
  }
}

resource "random_uuid" "azurerm_role_assignment_altinity_cloud" {}

resource "azurerm_role_assignment" "altinity_cloud" {
  name                 = random_uuid.azurerm_role_assignment_altinity_cloud.id
  scope                = "/subscriptions/${var.subscription_id}"
  role_definition_name = "Owner"
  principal_id         = azuread_service_principal.altinity_cloud.object_id
}

The value of application_id is owned by Altinity; this value never changes.

With main.tf on your machine and the Azure subscription ID you’re using, run these commands:

terraform init
terraform apply -var subscription_id=00000000-0000-0000-0000-000000000000

If you don’t have the appropriate permissions, you’ll get the error message Could not create service principal. If that happens, see your Azure account administrator.

Using the Azure command-line tool

Alternately, you can create the service principal with the az command-line tool, filling in your subscription ID:

(
  set -eu
  SUBSCRIPTION_ID=00000000-0000-0000-0000-000000000000
  APPLICATION_ID=8ce5881c-ff0f-47f7-b391-931fbac6cd4b
  SP_ID=$(az ad sp create --id "$APPLICATION_ID" --query id -o tsv)
  az role assignment create --scope "/subscriptions/$SUBSCRIPTION_ID" --assignee-object-id "$SP_ID" --role Owner
)

As with the Terraform method, if you don’t have the appropriate permissions, the command will fail.

Creating an Environment in the ACM

Once the service principal is created, go to the Altinity Cloud Manager and open the Environments tab:

Environment Setup - Environment Type

Click the button at the top of the screen.

In the Environment Setup dialog, click the down arrow to see the list of environment types:

Environment Setup - Environment Type

Select Altinity.Cloud Anywhere Bring Your Own Cloud (BYOC). With the environment type set, enter a name for the environment:

Naming your environment

Click OK to continue.

Configuring your Environment

With your Altinity.Cloud Anywhere environment created, you need to connect the environment to the Resource Group in your Azure account.

Setting up your connection

The first tab of the Environment Setup wizard is the Connection Setup tab:

AKS provisioned by Altinity

Select AKS Provisioned by Altinity and click PROCEED to continue.

Defining your environment’s properties

Next you’ll see the Resources Configuration tab:

Defining the details of your cloud account

Field Details

Cloud Provider

Azure is selected automatically.

Region

Click the down arrow icon and select the appropriate region from the list of Azure regions.

Number of AZs

The number of Availability Zones for your Kubernetes clusters. We recommend that you select at least two AZs.

Tenant ID

You can find this in the Azure web console.

Subscription ID

You can find this in the Azure web console as well.

CIDR Block

Enter the CIDR block for your environment. We recommend at least /21 to ensure you have enough addresses for your cluster.

Storage Classes

Select as many storage classes as you need. You can create new storage classes with the button or delete storage classes by clicking the trash can icon.

Node Pools

Define as many node pools as you need. At least one pool must be selected for ClickHouse clusters, at least one for Zookeeper nodes, and at least one for System nodes. You can click the button to add new node pools, or click to restore the original settings. NOTE: You can add more node pools later if you need them.

Click PROCEED to start the configuration process. The Confirmation tab will show the status of the configuration:

Connecting to your Azure Resource Group

The Altinity Cloud Manager will connect to your Azure account and configure the resources it needs to create and manage Kubernetes clusters and ClickHouse clusters in your Azure account.

Given the way the Azure platform manages resources and permissions, creating the Kubernetes cluster and its related infrastructure will take a while. Click the button as many times as necessary.

Your patience may be exhausted along the way, but be of good cheer! Keep clicking the button until the resources used by Altinity.Cloud are created. (In our testing, we’ve had to click the button more than 15 times, with the provisioning taking more than 25 minutes.)

When the connection between Altinity.Cloud and Azure is complete, you may get a warning that no node types are defined for your Environment:

No node types defined for an Azure Environment

Although the Environment is connected to Azure, node types are being defined in the background. In another minute or two, refreshing the screen will show several node types defined:

Node types defined for an Azure Environment

Now you’re ready to create a ClickHouse cluster inside the Kubernetes cluster Altinity created inside your Azure account. Click the CLUSTERS link at the top of the panel, then click the button to start the Launch Cluster wizard. See the Launch Cluster Wizard documentation for complete details on creating a ClickHouse cluster.