Azure
This page describes the infrastructure and other prerequisites for deploying Seqera Platform Enterprise on Microsoft Azure.
Run the Seqera container with Docker on an Azure VM instance or with Kubernetes on an Azure AKS cluster. You must satisfy the requirements for your installation target:
-
A resource group and a storage account are required to use Azure. See Azure setup below to provision these resources.
-
SMTP server: If you don't have an email server, see Azure's recommended method of sending email. Microsoft recommends Microsoft 365 or the third party service SendGrid.
-
MySQL database: An external database such as Azure Database for MySQL is highly recommended for production deployments.
-
SSL certificate: An SSL certificate is required for your Seqera instance to handle HTTPS traffic.
cautionHTTP-only implementations must set the
TOWER_ENABLE_UNSAFE_MODE=true
environment variable in the Seqera hosting infrastructure to enable user login. HTTP must not be used in production environments. -
DNS: (Optional) DNS is required to support human-readable domain names and load-balanced traffic. See Azure DNS to learn about domain aquisition and record management.
These decisions must be made before you continue as they impact how Seqera configuration files are updated.
Prerequisites for Docker
A Linux VM instance is required to deploy Seqera Enterprise via Docker Compose. See the detailed instructions to provision a VM instance for this purpose.
Prerequisites for AKS
An Azure Kubernetes Service (AKS) cluster is required to deploy Seqera Enterprise via Kubernetes.
Azure setup
Set up commonly used Azure services for Seqera deployment.
Azure resource group
Create a resource group:
Create a resource group via Azure portal
- Sign in to the Azure portal.
- Select Resource groups.
- Select Add.
- Enter the following values:
- Subscription: Select your Azure subscription.
- Resource group: Enter a new resource group name (such as
towerrg
). - Region: Select the region where your assets will exist (such as
East US
).
- Select Review and Create.
- Select Create.
Create a resource group via Azure CLI
Run the az group create
command:
az group create --name $MY_RESOURCE_GROUP_NAME --location $REGION
Azure storage account
Create a storage account:
Create a storage account via Azure portal
- Sign in to the Azure portal.
- Select Storage accounts.
- Select Create.
- Enter the following values:
- Subscription: Select your Azure subscription.
- Resource group: Enter your resource group name.
- Storage account name: Enter a new storage account name (such as
towerstorage
). - Region: Select the region where your Resource Group exists (such as
East US
). - Performance: Select
Standard
. - Redundancy: Select
Geo-redundant storage (GRS)
.
- Select Review + create. The default values are used in the other tabs. See Create a storage account for further details on each setting.
- Select Create.
Create a storage account via Azure CLI
Run the az storage account create
command:
az storage account create -n towerstorage -g towerrg -l eastus --sku Standard_GRS
Azure MySQL DB instance
External databases for Seqera Enterprise deployments require:
- A MySQL8 Community DB instance.
- At least 2 vCPUs, 8 GB memory, and 30 GB SSD storage.
- Manual MySQL user and database schema creation. See Database configuration for more details.
Recommended instance performance and storage requirements depend on the number of parallel pipelines you expect to run.
Create an Azure MySQL DB instance:
Create a MySQL DB instance via Azure portal
- In the Azure portal, search for and select Azure Database for MySQL servers.
- Select Create.
- On the Select Azure Database for MySQL deployment option pane, select Flexible server as the deployment option.
- On the Basics tab, enter or select the following:
- Your Subscription name
- Your Resource group name
- A Server name such as
towerdbserver
- Your Region
- The Workload type, based on your required
max_connections
- High availability — high availability is recommended for production deployments
- Standby availability zone — standby server zone location
- MySQL version — 8.0
- An Admin username to access the server
- A Password to access the server
- Your Compute + storage requirements, considering the minimum performance requirements outlined above
- Configure networking options.
- Select Review + create, then Create.
Create a MySQL DB instance via Azure CLI
-
Run
az mysql flexible-server create
to create your server:az mysql flexible-server create --location eastus --resource-group towerrg --name towerdbserver --admin-user username --admin-password password --sku-name Standard_B2ms --tier Burstable --public-access 0.0.0.0 --storage-size 30 --version 8.0 --high-availability ZoneRedundant --zone 1 --standby-zone 3 --storage-auto-grow Enabled --iops 500
The
sku-name
,tier
,storage-size
, andiops
values depend on your performance requirements. -
Run
az mysql flexible-server db create
to create a database on your server:az mysql flexible-server db create --resource-group towerrg
--server-name towerdbserver
--database-name towerdb
After your database is created, update your Seqera configuration with the database hostname, Admin username, and password.
When creating a MySQL user, use the USER@HOSTNAME
format for the TOWER_DB_USER
environment variable. For Azure managed MySQL, it's recommended to pass an explicit serverTimezone
to the TOWER_DB_URL
environment variable, which (depending on your configuration) may be UTC
. The DB connection string should be similar to jdbc:mysql://towerdbserver.mysql.database.azure.com/towerdb?serverTimezone=UTC
.
Azure Linux VM
Create a VM instance with these attributes:
- Use default values unless otherwise specified.
- At least 2 CPUS and 8GB RAM.
- Ubuntu Server 22.04 LTS - Gen2 image.
- Accessible by SSH.
Create an Azure Linux VM:
Create a VM via Azure portal
- Under Basics, select your Subscription and Resource group.
- Under Instance details:
- Enter a VM name
- Select the same Region as your resource group.
- Select the Ubuntu Server 20.04 LTS - Gen2 image.
- Do not set the VM as an Azure Spot instance.
- Select the Size — B2ps v2 or higher is recommended.
- Under Administrator account:
- Select SSH public key
- Enter a username
- Select Generate new key pair
- Enter a Key pair name
- Under Inbound port rules:
- Select Allow selected ports
- Select SSH (22), HTTP (8000), HTTP (80), and HTTPS (443) (required for SSL termination in production environments) from the dropdown
- Select Review + create at the bottom of the page.
- Review your VM details, then select Create.
- When the Generate new key pair window opens, select Download private key and create resource. Your key file will be download as
myKey.pem
. Note the path to which it was downloaded. - On the page for your new VM, copy the Public IP address.
To make the VM's IP address static:
- Enter Public IP addresses in the search.
- Under Services, select Public IP addresses.
- On the Public IP addresses page, select the entry containing your VM name. A page opens with that IP's details.
- Select Configuration from the left-hand navigation panel.
- Confirm that your IP address assignment is Static.
- Do not add a custom DNS name label to the VM.
To allow ingress on port 8000:
- Enter Virtual Machines in the search bar.
- Under Services, select Virtual machines.
- On the Virtual machines page, select your VM name to navigate to the VM details.
- Select Networking from the left-hand navigation panel.
- Add inbound port rule for port 8000.
To allow ingress on port 443 (required for SSL/TLS termination in production environments):
- Enter Virtual Machines in the search bar.
- Under Services, select Virtual machines.
- On the Virtual machines page, select your VM name to navigate to the VM details.
- Select Networking from the left-hand navigation panel.
- Add inbound port rule for port 443.
Connect to the VM via SSH:
- On a macOS or Linux machine, open a terminal and set read-only permission on the
myKey.pem
file withchmod 400 ~/Downloads/myKey.pem
. - Install Docker:
-
Confirm that Docker Compose is installed:
docker compose version
Docker Compose version v2.24.1
Create a VM via Azure CLI
Run az vm create
:
az vm create \
--resource-group towerrg \
--name towervm \
--image Canonical:0001-com-ubuntu-minimal-jammy:minimal-22_04-lts-gen2:latest \
--admin-username username \
--assign-identity \
--generate-ssh-keys \
--public-ip-sku Standard
Seqera container images
Seqera Platform Enterprise is distributed as a collection of Docker containers available through the Seqera container registry (cr.seqera.io). Contact support to get your container access credentials. After you've received your credentials, retrieve the Seqera container images on your Azure VM:
-
Retrieve the username and password you received from Seqera support.
-
Run the following Docker command to authenticate to the registry (using the
username
andpassword
values copied in step 1):docker login -u '/\<USERNAME\>/' -p '/\PASSWORD\>/' cr.seqera.io
-
Pull the Seqera container images with the following commands:
docker pull cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.7
docker pull cr.seqera.io/private/nf-tower-enterprise/frontend:v24.1.7
Next steps
See Configuration.