Skip to main content

There are steps in this guide where TrueFoundry team will have to be involved. Please reach out to support@truefoundry.com to get the credentials

Setting up TrueFoundry control plane on your own cloud involves creating the infrastructure to support the platform and then installing the platform itself.

Setting up Infrastructure

Requirements

All the compute plane requirements must be met in order to install the control plane. Below are the additional requirements for the control plane:
RequirementsDescriptionReason for Requirement
Azure Flexible Server for PostgreSQLPostgres >= 13The database is used by TrueFoundry control plane to store all its metadata. Ensure that require_secure_transport is kept OFF if you are using Azure Flexible Server for PostgreSQL. Ensure SSL is disabled, you can change the server parameter require_secure_transport to OFF
Container in Azure Storage AccountAny container bucket reachable from control-planeThis is used by control-plane to store the intermediate code while building the docker image
Egress Access for TrueFoundryAuthEgress access to https://auth.truefoundry.com and analytics.truefoundry.comThis is needed to verify the users logging into the TrueFoundry platform for licensing purposes
Additional TrueFoundry informationAdditional information for control plane deployment which will be provided by TrueFoundry teamThis includes tenant name, licence key, and image pull secret
DNSDomain for control plane and service endpointsOne endpoint to point to the control plane service (e.g., platform.example.com) The control-plane URL must be reachable from the compute-plane. The developers will need to access the TrueFoundry UI at the provided domain.
User/ServiceAccount to provision the infrastructureRequired permissions:
- Azure subscription with billing enabled
- Contributor Role to the subscription
- Role Based Access Administrator to the subscription		Required to set up and manage the infrastructure components

Permissions Required

For the control plane, we will be using the following permissions:
  • Compute plane permissions
  • Azure Flexible Server for PostgreSQL permissions

Setting up control plane

TrueFoundry control plane infrastructure is provisioned using OpenTofu/Terraform. You can download the OpenTofu/Terraform code for your exact account by filling up your account details and downloading a script that can be executed on your local machine. To perform the below steps, you need to register an account on TrueFoundry and login to the platform.
1

Choose to create a new cluster or attach an existing cluster

Go to the platform section in the left panel and click on Clusters. Add the following value at the end of your URL &controlPlaneSetupEnabled=true. This will enable the control plane installation for you. You can click on Create New Cluster or Attach Existing Cluster depending on your use case. Read the requirements and if everything is satisfied, click on Continue.
2

Fill up the form to generate the OpenTofu/Terraform code

A form will be presented with the details for the new cluster to be created. Fill in with your cluster details. Click Submit when done
The key fields to fill up here are:
  • Region - The region and availability zones where you want to create the cluster.
  • Resource Group - The resource group where you want to create the cluster. Chose between New Resource Group or Existing Resource Group depending on your use case.
  • Cluster Name - A name for your cluster.
  • Cluster Version and node pools - The version of the cluster and the node pools to be created.
  • Network Configuration - Choose between New Vnet or Existing Vnet depending on your use case.
  • DNS Configuration - Configure the DNS zone and domains that will point to the cluster’s load balancer. This also provisions a TLS certificate for those domains. Select New DNS Zone or Existing DNS Zone if you want TrueFoundry to manage DNS in Azure. If you use an external DNS provider (e.g., Route53, Cloudflare), you can skip this section.
  • Resource Tags - Tags to be added to the resources created by TrueFoundry on your behalf if any.
  • Storage account (container) for OpenTofu/Terraform State - OpenTofu/Terraform state will be stored in this container. It can be a preexisting storage account or a new storage account name. The new storage account will automatically be created by our script.
  • Platform Features - This is to decide which features like BlobStorage, ClusterIntegration using Azure AD and Container Registry will be enabled for your cluster. To read more on how these integrations are used in the platform, please refer to the platform features page.
  • Control Plane Configuration - Control plane URL and the database details. You can chose between PostgreSQL on kubernetes or Managed PostgreSQL (RDS) or Existing PostgreSQL configuration depending on your use case.
3

Copy the curl command and execute it on your local machine

You will be presented with a curl command to download and execute the script. The script will take care of installing the pre-requisites, downloading OpenTofu/Terraform code and running it on your local machine to create the cluster. This will take around 40-50 minutes to complete.
4

Create DNS Record

Once the script is executed, create the DNS record for the control plane url. To get the load balancer IP address, you can check the kubernetes service of type LoadBalancer in the istio-system namespace. You can run the following command to get the IP address.
kubectl get svc -n istio-system tfy-istio-ingress -ojsonpath='{.status.loadBalancer.ingress[0].hostname}'
This will give you the login screen to the control plane through which you can login via the same credentials used to register the tenant. Create a DNS record in your route 53 or your DNS provider with the following details
Record TypeRecord NameRecord Value
ACONTROL_PLANE_DOMAINLOADBALANCER_IP_ADDRESS
5

Attach the compute plane to the control plane

We will need to attach the same cluster as compute plane so that we can manage it from the platform. For this, you need to go to the platform section in the left panel and click on Clusters. Click on Attach Existing Cluster and fill in the details of the control plane cluster. The key fields to fill up here are:
  • Location - The location of the control plane cluster.
  • Resource Group - The resource group where the control plane cluster is created.
  • Cluster Name - The name of the control plane cluster.
  • Cluster Addons - Unselect all the addons as we have installed them while bringing up the control plane.
  • Network Configuration - Networking configuration of the control plane cluster.
  • GStorage account (container) for OpenTofu/Terraform State - OpenTofu/Terraform state will be stored in this container. It can be a preexisting container or a new container name. You can use the same container that we used for the control plane and change the state key to be used for OpenTofu/Terraform state file.
  • Platform Features - This is to decide which features like BlobStorage, ClusterIntegration, ParameterStore, DockerRegistry and SecretsManager will be enabled for your cluster. To read more on how these integrations are used in the platform, please refer to the platform features page.
6

Copy the curl command and execute it on your local machine

You will be presented with a curl command to download and execute the script. The script will take care of installing the pre-requisites, downloading OpenTofu/Terraform code and running it on your local machine to create the cluster. This will take around 40-50 minutes to complete.
7

Verify the cluster is showing as connected in the platform

Once the script is executed, the cluster will be shown as connected in the platform.
8

Start deploying workloads to your cluster

You can start by going here

FAQ

Yes, please consult this guide to add your own certificate and key files to the load balancer.