> ## Documentation Index
> Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Install on Azure

> Install TrueFoundry control plane and AI Gateway on Azure Blob Storage.

Deploy the TrueFoundry control plane and AI Gateway. See the [overview](/docs/platform/deploy-control-plane-and-gateway-plane) for compute requirements and prerequisites.

## Installation Instructions

<Steps>
  <Step title="Create Azure Blob Storage">
    <Accordion title="Create Azure Blob Storage">
      To setup Azure Blob Storage for control plane, follow the steps below:

      1. Create a [Azure Storage account](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?tabs=azure-portal) in your resource group
         1. **Instance details** - You must `Geo-redundant storage` to make sure your data is available through other regions in case of region unavailability.

         2. **Security** - Make sure
            1. DISABLE `Allow enabling anonymous access on individual containers`
            2. ENABLE `Enable storage account key access`

         3. **Network access** - ENABLE `Allow public access from all networks`

         4. **Recovery** - You can keep it to default for 7 days.

      2. Create an [Azure container](https://learn.microsoft.com/en-us/azure/storage/blobs/blob-containers-portal) inside the above storage account.

      3. Search for `CORS` from the left panel and for `Blob service` (optional for `File service` `Queue service` and `Table Service`, only apply the change if you are using them) select the below options
         1. Allowed Origins - `*` or your control plane URL
         2. Allowed Methods - `GET, POST, PUT`
         3. Allowed Headers - `*`
         4. Exposed Headers - `Etag`
         5. MaxAgeSeconds - `3600`

      4. Collect the following information
         1. [Standard endpoint](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview#standard-endpoints) - Endpoint of the blob storage Once the container is created we need to get the standard endpoint of the blob storage along with the container which will look something like this. Replace this with your storage account name and the container name.
            ```javascript lines theme={"dark"}
            https://*mystorageaccount*.blob.core.windows.net/*mycontainer*/
            ```
         2. Connection string - From the Azure portal in your storage account, head over to the `Security + Networking` section under `Access keys` which will contain the `Connection String` .
    </Accordion>
  </Step>

  <Step title="Create Azure Database for PostgreSQL database">
    Create a PostgreSQL database of size `GP_Standard_D4ds_v5` with storage size of 30GB.

    <Warning>
      **Important Configuration Notes:** - **For PostgreSQL 17+:** Disable SSL,
      allowing both encrypted and unencrypted client communications, you can change
      the server parameter `require_secure_transport` to OFF - **Security Group:**
      Ensure your database firewall rules allow inbound traffic from AKS node pools
    </Warning>

    <Note>
      In case you want to setup PostgreSQL on Kubernetes in the dev mode, skip this step and set `devMode` to true in the values file in the steps below.
    </Note>
  </Step>

  <Step title="Create Kubernetes Secrets">
    We will create two secrets in this step:

    1. Store the License Key and DB Credentials
    2. Store the Image Pull Secret

    <Accordion title="Create Kubernetes Secret for License Key and DB Credentials">
      We need to create a [Kubernetes secret](https://github.com/truefoundry/infra-charts/blob/main/charts/truefoundry/README.md#using-k8s-secret-for-required-fields) containing the licence key and db credentials.

      <Note>
        If you are using PostgreSQL on Kubernetes in the dev mode, the values will be as follows:

        DB\_HOST: \<HELM\_RELEASE\_NAME>-postgresql.\<NAMESPACE>.svc.cluster.local // eg. truefoundry-postgresql.truefoundry.svc.cluster.local

        DB\_NAME: truefoundry

        DB\_USERNAME: postgres # In order to use custom username, please update the same at `postgresql.auth.username`

        DB\_PASSWORD: randompassword # You can change this to any value here.
      </Note>

      ```yaml truefoundry-creds.yaml lines theme={"dark"}
      apiVersion: v1
      kind: Secret
      metadata:
        name: truefoundry-creds
      type: Opaque
      stringData:
        TFY_API_KEY: <TFY_API_KEY> # Provided by TrueFoundry team
        DB_HOST: <DB_HOST>
        DB_NAME: <DB_NAME>
        DB_USERNAME: <DB_USERNAME>
        DB_PASSWORD: <DB_PASSWORD>
      ```

      Apply the secret to the Kubernetes cluster (Assuming you are installing the control plane in the `truefoundry` namespace)

      ```bash lines theme={"dark"}
      kubectl apply -f truefoundry-creds.yaml -n truefoundry
      ```
    </Accordion>

    <Accordion title="Create Kubernetes Secret for Image Pull Secret">
      We need to create a [Image Pull Secret](https://github.com/truefoundry/infra-charts/blob/main/charts/truefoundry/README.md#using-k8s-secret-for-required-fields) to enable pulling the truefoundry images from the private registry.

      ```yaml truefoundry-image-pull-secret.yaml lines theme={"dark"}
      apiVersion: v1
      kind: Secret
      metadata:
        name: truefoundry-image-pull-secret
      type: kubernetes.io/dockerconfigjson
      data:
        .dockerconfigjson: <IMAGE_PULL_SECRET> # Provided by TrueFoundry team
      ```

      Apply the secret to the Kubernetes cluster (Assuming you are installing the control plane in the `truefoundry` namespace)

      ```bash lines theme={"dark"}
      kubectl apply -f truefoundry-image-pull-secret.yaml -n truefoundry
      ```
    </Accordion>
  </Step>

  <Step title="Create HelmChart Values file">
    Create a values file as given below and replace the following values:

    * `Control Plane URL`: URL that you will map to the control plane dashboard.
    * `Tenant Name`: Tenant name provided by TrueFoundry team.
    * `Azure Blob URI`: Azure Blob URI provided by TrueFoundry team.
    * `Azure Blob Connection String`: Azure Blob Connection String provided by TrueFoundry team.

    ```yaml truefoundry-values.yaml wrap expandable lines theme={"dark"}
    global:
      # Domain to map the platform to
      controlPlaneURL: https://example.com

      # Ask TrueFoundry team to provide these
      tenantName: <TENANT_NAME>

      # This is the reference to the secrets we created in the previous step
      existingTruefoundryCredsSecret: "truefoundry-creds"
      imagePullSecrets:
        - name: "truefoundry-image-pull-secret"
      ## Add if you have restricted public registry access
      # image:
      #   pullSecretNames:
      #   - "truefoundry-image-pull-secret"

      # Choose the resource tier as per your needs
      resourceTier: medium # or small or large

      config:
        defaultCloudProvider: "azure"
        storageConfiguration:
          azureBlobUri: "<AZURE_BLOB_URI>"
          # Add the connection string as part of truefoundry-creds secret(refer - https://github.com/truefoundry/infra-charts/blob/main/charts/truefoundry/README.md#using-k8s-secret-for-additional-fields):
          azureBlobConnectionString: ${k8s-secret/truefoundry-creds/AZURE_BLOB_CONNECTION_STRING}
      ingress:
        hosts:
          - example.com
        enabled: true
        annotations: {}
        ingressClassName: nginx # Replace with your ingress class name
    # In case, you want to spin up PostgreSQL on kubernetes, enable this
    # Please add creds and host details in the secret `truefoundry-creds`
    devMode:
      enabled: false
    tags:
      llmGateway: true
      llmGatewayRequestLogging: true

    tfyBuild:
      enabled: false
    sfyManifestService:
      enabled: false
    tfyController:
      enabled: false
    tfyConfigs:
      enabled: false
    ```
  </Step>

  <Step title="Install Helm chart">
    ```bash wrap lines theme={"dark"}
    helm upgrade --install truefoundry oci://tfy.jfrog.io/tfy-helm/truefoundry -n truefoundry --create-namespace -f truefoundry-values.yaml
    ```
  </Step>
</Steps>
