Skip to content

Comments

v0.8.3: Add Azure AKS deployment support with Key Vault integration and topology constraints#60

Merged
cosmic-flood merged 6 commits intomainfrom
example-aks
Jan 12, 2026
Merged

v0.8.3: Add Azure AKS deployment support with Key Vault integration and topology constraints#60
cosmic-flood merged 6 commits intomainfrom
example-aks

Conversation

@cosmic-flood
Copy link
Contributor

@cosmic-flood cosmic-flood commented Jan 11, 2026
edited
Loading

Extends Helm chart compatibility with Azure Kubernetes Service (AKS Standard and AKS Automatic) through optional template enhancements and production-ready deployment example.

Template Enhancements

Added optional fields to all service deployments (API, UI, ELS, DAS):

  • volumeMounts / volumes - Azure Key Vault CSI Driver integration for secret management
  • topologySpreadConstraints - Pod distribution across nodes/zones for AKS Automatic policy compliance
  • initContainers.resources - Resource limits/requests for init containers (AKS Automatic requirement)

All fields use {{- with }} conditionals for backward compatibility - existing deployments unaffected.

# Example: Azure Key Vault volume mount
api:
  volumeMounts:
    - name: secrets-store
      mountPath: "/mnt/secrets-store"
      readOnly: true
  volumes:
    - name: secrets-store
      csi:
        driver: secrets-store.csi.k8s.io
        volumeAttributes:
          secretProviderClass: "featbit-keyvault-secrets"

AKS Deployment Example

New charts/featbit/examples/aks/ with production architecture:

Internet → Traffic Manager → Azure LB → NGINX Ingress (TLS) → FeatBit

  • featbit-aks-values.yaml - External PostgreSQL/Redis, Key Vault secrets, autoscaling config
  • keyvault-secret-provider.yaml - SecretProviderClass for CSI Driver
  • cluster-issuer.yaml - Let's Encrypt staging/production issuers
  • README.md - Complete deployment guide: NGINX Ingress setup, cert-manager, Traffic Manager multi-region, troubleshooting

Configuration highlights:

  • External PostgreSQL/Redis with Key Vault-managed credentials
  • HPA targeting 80% CPU/memory with 3-10 replicas
  • WebSocket-optimized NGINX timeouts (3600s)
  • Pod security contexts for RuntimeDefault seccomp profile

Additional Changes

  • .gitignore - Added *.local.yaml pattern for local config files

@cosmic-flood
feat: add AKS deployment examples and configuration for FeatBit with …
b2102d5 
…Azure Front Door
@cosmic-flood
feat: remove old AKS example and add Azure Key Vault integration
73e7131 
- Deleted outdated AKS deployment files and README.
- Added new AKS deployment configuration using Azure Key Vault for secret management.
- Updated deployment templates to include topology spread constraints and volume mounts for secrets.
- Introduced a comprehensive setup guide for Azure Key Vault integration, detailing steps for creating secrets and configuring access.
- Enhanced security practices by integrating managed identities for secret retrieval.
@cosmic-flood
feat: update AKS deployment examples with external PostgreSQL and Red…
05686f1 
…is configuration

- Revised README to clarify deployment with external Azure PostgreSQL and Redis.
- Updated `featbit-aks-automatic-via-alb.yaml` with specific external URLs and database configurations.
- Ensured secret names align with `keyvault-secret-provider.yaml` for credential management.
- Enhanced clarity on prerequisites and setup steps for using Azure Key Vault with FeatBit.
@cosmic-flood
feat: rename AKS deployment configuration from `featbit-aks-automatic…
b68fcad 
…-via-alb.yaml` to `featbit-aks-automatic-via-lb.yaml` and update references in README
@cosmic-flood
feat: restructure AKS deployment examples with new configurations and…
536e4de 
… documentation

- Added new README for AKS deployment guide with Traffic Manager and NGINX Ingress.
- Introduced `featbit-aks-values.yaml` for standard deployment configurations.
- Created `cluster-issuer.yaml` for Let's Encrypt certificate issuers.
- Implemented `keyvault-secret-provider.yaml` for Azure Key Vault integration.
- Removed outdated AKS example files to streamline the repository.
- Updated `.gitignore` to include local configuration files.
@cosmic-flood
Copy link
Contributor Author

cosmic-flood commented Jan 12, 2026

@copilot please help me to summarize what has been changed, and tell me the potential risks.

here's what I did:

  • volumeMounts and .volumes changes, this is for store secret synced from azure keyvault service. those are optional

  • topologySpreadConstraints, this for fit the restriction of azure kuberntes service automatic azure policy rules. optional

  • .initContainers.resources, this for fit the restriction of azure kuberntes service automatic azure policy rules. optional

  • examples/aks is the example to deploy featbit into aks with nginx, azure load balancer and traffic manger.

please also give me this pull request a title and description of the pull request by changes.

basically, all changes are for deploy this helm chart to aks standard (also aks automatic) + azure solution

Copilot AI mentioned this pull request Jan 12, 2026
Closed
Copy link

Copilot AI commented Jan 12, 2026

@cosmic-flood I've opened a new pull request, #61, to work on those changes. Once the pull request is ready, I'll request review from you.

@cosmic-flood cosmic-flood changed the title Example aks v0.8.3: Add Azure AKS deployment support with Key Vault integration and topology constraints Jan 12, 2026
@cosmic-flood cosmic-flood merged commit 7003838 into main Jan 12, 2026
@cosmic-flood cosmic-flood deleted the example-aks branch January 12, 2026 12:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cosmic-flood