Skip to main content

Home

Unravel on Azure Kubernetes Service (AKS)

Prerequisites

  • An Admin user with permission to manage the following resources during the initial setup:

    • Azure Kubernetes Service

      • Create cluster

      • Create node pool

      • Deploy services

    • Azure MySQL

    • Virtual Machine or CICD pipeline to manage and deploy K8s services

    • Subnet

    • Databricks Workspace

      • Accept private endpoint requests. (Private workspace only)

      • Create a Databricks token for Unravel to use.

      • Update workspace configuration

  • An AKS cluster for Unravel. A new cluster is preferred, but the existing one also works.

    • If you plan to use an existing AKS cluster, inform Unravel about the Ingress controller you prefer, Unravel support Contour, and Nginx out of the box.

    • Since the Unravel service connects to the Databricks API server, the AKS cluster is deployed onto an existing virtual network (vnet injection). You must determine which virtual network and subnet can be used.

  • A domain where the Unravel service can be used and the certificate.

Infrastructure setup

  1. Set up a new AKS cluster.

    1. Run the following to get the current Azure AD tenant ID and copy the tenantId field.

      az account tenant list

    2. Get the AD group object ID that will be the admin of the AKS cluster and copy the id field.

      az ad group show --group "GROUP NAME"

    3. Get the subnet ID and copy the first ID field, which should be in the following format:

      /subscriptions/<subscription id>/resourceGroups/<rg name>/providers/Microsoft.Network/virtualNetworks/<vnet name>/subnets/<subnet name>

      az network vnet subnet show --name <subnet name> --vnet-name <vnet name> --resource-group <rg-name>

    4. Create cluster.

      az aks create --name <cluster name> --resource-group <resource group name> --kubernetes-version 1.27.7 --auto-upgrade-channel patch --network-policy calico --disable-local-accounts --os-sku Ubuntu --enable-managed-identity --enable-private-cluster --tier standard --enable-aad --network-plugin azure \ --vnet-subnet-id <existing subnet id> --aad-tenant-id <Azure Active Directoy tenant id> --aad-admin-group-object-ids <Azure AD group ids id1,id2 that will be the cluster admin>

    5. Create AKS node pool.

      # Create Unravel node pool
az aks nodepool add --name unravel --cluster-name <cluster name> --resource-group <resource group name> --mode User --node-count 0 --node-vm-size Standard_E8as_v5 --enable-cluster-autoscaler --max-count 100 --min-count 0 --max-pods 100 --node-osdisk-size 100 --vnet-subnet-id <subnet id from above> --tags "environment=Unravel" "owner=Unravel" # Create shared node pool for Kafka, Zookeeper and Elasticsearch
az aks nodepool add --name es --cluster-name <cluster name> --resource-group <resource group name> --mode User --node-count 0 --node-vm-size Standard_D4as_v5 --enable-cluster-autoscaler --max-count 100

  2. Create Azure MySQL for Unravel.

    1. Optional - Create a dedicated subnet for Unravel MySQL, in case there are no existing ones, for an internal-only network between Azure MySQL and Unravel services.

      az network vnet subnet create  --name <subnet name e.g. unravel-mysql-subnet>  --resource-group <resource group name>  --vnet-name <vnet name>  --address-prefixes <available ip range available within the vnet e.g. 10.10.32.0/28>  --delegations "Microsoft.DBforMySQL/flexibleServers"  --service-endpoints Microsoft.Sql

    2. Create Azure MySQL Service.

      az mysql flexible-server create --resource-group <resource group name> --name <database name> --location <same location as the AKS cluster e.g. eastus> --version 8.0.21 --storage-size 1024 --sku-name Standard_D2ads_v5 --auto-scale-iops Enabled --database-name unravel --admin-user <db admin username> --admin-password <db admin user password> --tags "owner=unravel" --vnet <vnet name> --subnet <subnet name>

  3. Create a Databricks user and token for Unravel. Refer to Databricks Workspace Setup Guide.

Azure Private Link Setup

This topic provides instructions to set up the Azure private link to connect to Unravel securely. Do the following to set the Azure private link:

Precheck the requirement for a private link

  1. Go to the Azure portal and open the Databricks workspace. The greyed-out Virtual Network Peerings setting in the workspace page indicates that the cluster is a VNet-injected workspace. Making the cluster private is a prerequisite for setting the private link.

    Azure_Databricks_1.png

  2. On the workspace page, click Settings > Networking.

    Azure_databricks_2.png

  3. In the Network Access tab, the following indicates if it is a private cluster:

    • No Public IP: Enabled

    • Allow Public Network Access: Disabled

    • Required NSG Rules: No Azure Databricks Rules

    Networking-3.png
Collect information to share with Unravel to establish a private link

  1. Go to the Azure portal and open the Databricks workspace.

  2. Click Properties.

    Properties-4.png

  3. Copy the workspace resource ID and send the string to Unravel.

    Properties-5.png
Approve Unravel’s private workspace link

  1. Go to the Azure portal and open the Databricks Workspace.

  2. On the Workspace page, click Settings > Networking.

  3. Click Private endpoint connections. A new private link connection is shown in your workspace as Pending state.

    Properties-6.png
    connectionname-7.png

  4. Select the connection from Unravel, and click Approve. When prompted to confirm, click Yes. The private link connection should be changed to Approved. This indicates that Unravel can access the workspace API via the private link.

    endpoint-connections-8.png
In this section: