Skip to content

Portal Template (ARM)

Article Audience

Domain Experts: Working with OSDU services.

Data Scientists: Working with data and machine learning.

Data Engineers: Working with data and databases.

The Azure Resource Manager (ARM) custom template deployment provides a simple way to provision the solution through the Azure Portal. This method uses a pre-configured ARM template that has been transpiled from Bicep, enabling rapid deployment through a guided portal experience.

Learning Opportunity

Learn more about ARM Templates and how they work in Azure.

Warning

The template leverages complex configuration objects that are built in a way that can be integrated later with an Azure Managed Application. This can make configuration of feature flags more challenging.

Instructions

  1. Create a Microsoft Entra Application Registration.

    • Application Client Id (clientId)
    • Application Client Secret (clientSecret)
    • Enterprise Application Object Id (principalId)

  2. Open the custom ARM Template deployment.

    Deploy to Azure

  3. Provide the required values.

    • Email Address: Valid email address for the admin user
    • Application Client Id: Valid Client Id from the app registration
    • Application Client Secret: Valid Client Secret from the app registration
    • Application Client Principal OID: Valid Enterprise Application Object Id

  4. Modify the optional parameters as desired.

    • Custom VM Size: Set Custom VM size cluster nodes.
    • Ingress Type: Switch: Ingress type to use.
    • Enable Blob Public Access: Feature Flag: Enable Blob Storage public access.
    • Enable Manage: Feature Flag: Deploy virtual machine with bastion.
    • Vm Admin Username: Set admin username for the virtual machine.
    • Enable Pod Subnet: Feature Flag: Enhanced AKS subnet configuration.
    • Vnet Configuration: Network configuration object.
    • Cluster Software: Software configuration object.
    • Experimental Software: Experimental Software configuration object.
    • Cluster Network: Cluster network configuration object.
    • Cluster Network Plugin: Switch: Network plugin to use.
    • Cluster Admin Ids: Set cluster admin user ids to enable RBAC.

  5. Deploy the Solution.

    Warning

    Deployment can exceed 1 hour. Includes both infrastructure and software deployment.

  6. Configure Authentication.

    • Locate the ingress IP address in the AKS service
    • Add a redirect URI to your Entra application:
      • Format: https://<ingress_ip>/auth/spa/
      • Platform type: Single-page application (SPA)

  7. Validate Access.

    • Check Successful deployment in the resource group deployments
    • Check Successful deployment in the AKS gitops status
    • Navigate to https://<ingress_ip>/auth/spa/
    • Click Authorize to receive an authorization code
    • Use Get Tokens to retrieve an access token
    • Test the token with service swagger pages