Data Plane
Self-hosting a DevZero Data Plane on Azure AKS.
Prerequisites
The following tools are needed to set up a DevZero region hosted on AKS:
Setting up the infrastructure
az
configuration and IAM setup
If you have an Azure account, use the Azure CLI command to log in and configure your current subscription. Or, log in to your Azure portal and create a new subscription.
Configuring az
CLI to interact with the subscription
Log in to your Azure account using the Azure CLI:
az login
This will open a browser window for authentication. Complete the login process there.
Set your current subscription using the following command:
az account set --subscription <SUBSCRIPTION-ID>
Replace <SUBSCRIPTION-ID>
with your Azure subscription ID.
Verify the active subscription:
az account show --query name
Ensure the necessary permissions are explicitly granted to your account or service principal. You need the Contributor
role on the subscription or resource group level.
Assign the role to your account or service principal:
For a user account:
az role assignment create --assignee <your-email@domain.com> \
--role Contributor --scope /subscriptions/<SUBSCRIPTION-ID>
Replace <your-email@domain.com>
and <SUBSCRIPTION-ID>
with your Azure registered email and subscription ID.
For a service principal:
az role assignment create --assignee <SERVICE-PRINCIPAL-ID> \
--role Contributor --scope /subscriptions/<SUBSCRIPTION-ID>
Replace <SERVICE-PRINCIPAL-ID>
and <SUBSCRIPTION-ID>
with your service principal ID and subscription ID.
Setting up an AKS cluster
Deploying the Helm Charts
Create a new namespace called devzero-self-hosted
by running:
kubectl create ns devzero-self-hosted
Install the CRDs which are prerequisites to set up a DevZero region on the AKS cluster.
helm upgrade --install dz-crds oci://public.ecr.aws/v1i4e1r2/charts/dz-crds \
-n devzero-self-hosted \
--version 0.1.2
Install the helm charts to set up the DevZero data plane. Contact the DevZero team at support@devzero.io to get the values for:
<CEDANA-AUTH-TOKEN>
<SIGNOZ-ACCESS-TOKEN>
helm upgrade --install dz-data-plane oci://public.ecr.aws/v1i4e1r2/charts/dz-data-plane \
-n devzero-self-hosted \
--version 0.1.2 \
--set cedana-helm.cedanaConfig.signozAccessToken=<SIGNOZ-ACCESS-TOKEN> \
--set cedana-helm.cedanaConfig.cedanaAuthToken=<CEDANA-AUTH-TOKEN>
To track progress:
watch kubectl get pods -n devzero-self-hosted
Verify that everything works:
kubectl get pods -n devzero-self-hosted
Connecting to DevZero
Connect this Data Plane to DevZero
Visit the regions page on the DevZero
dashboard and click Add New
.
Use the retrieved values (token, URL, and CA certificate) to connect the
self-hosted DevZero region to your team:
Fetching Cluster Configuration
After deploying the Helm chart, retrieve the following values for integration with the DevZero dashboard:
Cluster Name
Enter something meaningful and unique.
Examples: Madrid (europe-southwest1), Mumbai (asia-south1), Los Angeles (us-west2), The Dalles (us-west1)
Region ID
Enter a cloud-friendly region name (does not necessarily have to be unique).
To preserve familiarity, feel free to reuse existing Azure terms. For a list of Azure Region Names, click here.
Examples: eastus (Virginia), westeurope (Netherlands), southeastasia (Singapore), australiacentral (Canberra)
Cluster URL
To get the Cluster URL/IP:
kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.server}'
For example,
% kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.server}'
https://35.236.26.173
Add the string as is, without leading or trailing whitespaces.
Cluster CA Certificate
To get the Cluster CA certificate:
kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}'
For example,
% kubectl config view --minify --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}'
LS0tLS1CRUdJTi.....FUlRJRklDQVRFLS0tLS0K
Add the string as is, without leading or trailing whitespaces.
Service Account Name
To get the name of the Service Account:
kubectl get serviceaccounts -n devzero-self-hosted
Usually, this should be devzero-sa-token
.
Add the string as is, without leading or trailing whitespaces.
Service Account Token
To get the Service Account Token:
kubectl get secret devzero-sa-token -n devzero-self-hosted -o jsonpath='{.data.token}' | base64 -d
For example,
% kubectl get secret devzero-sa-token -n devzero-self-hosted -o jsonpath='{.data.token}' | base64 -d
eyJhbGciOi......pMWncc3bxGtreh9fDTgg
Add the string as is, without leading or trailing whitespaces.
Slug
To get the slug:
az aks show --resource-group <resource-group> --name <cluster-name> --query "fqdn" -o tsv | awk -F '.' '{print $1}'
Replace <cluster-name>
with the name of the AKS cluster, and <zone>
with the zone its located in (eg: europe-southwest1, asia-south1, us-west2, us-west1).
For example,
% az aks show --resource-group myResourceGroup --name myAKSCluster --query "fqdn" -o tsv | awk -F '.' '{print $1}'
aks-6d3a0a11-52f2-4b3e-bb0d-888aeadbdc89