Skip to content

Azure

This page describes the infrastructure and other prerequisites for deploying Seqera Platform Enterprise on Microsoft Azure.

Prerequisites#

You can run the Seqera container with Docker on an Azure VM instance or with Kubernetes on an Azure AKS cluster. Ensure that you satisfy the requirements for your installation target. Refer to this list of shared and target-specific prerequisites:

  • Resource group and storage account: A resource group and a storage account are required to use Azure. See the detailed instructions to provision these resources.

  • SMTP server: If you don't have an email server, you can use Microsoft 365 or a third party service such as SendGrid (recommended by Microsoft) for sending emails from Azure VMs.

  • MySQL database: An external database (i.e., external to your Docker Compose or Kubernetes deployment) is highly recommended for production deployments. If you don't have your own database service, you can use Azure Database for MySQL.

    If you decide to use an external database, you must create a MySQL user and database manually. See Configuration for more details.

    When creating a MySQL user, use the USER@HOSTNAME format for the TOWER_DB_USER environment variable.

    For Azure managed MySQL, it's recommended to pass an explicit serverTimezone to the TOWER_DB_URL environment variable, which (depending on your configuration) may be UTC. The connection string should therefore look like: jdbc:mysql://MYSQL_INSTANCE_NAME.mysql.database.azure.com/TOWER_DATABASE?serverTimezone=UTC.

  • SSL certificate (optional): An SSL certificate is required for your Seqera instance to handle HTTPS traffic.

    From version 22.1.1, HTTP-only implementations must set the TOWER_ENABLE_UNSAFE_MODE=true environment variable in the Seqera hosting infrastructure to enable user login. HTTP must not be used in production environments.

    While there are many ways to implement DNS and TLS-termination, Seqera recommends using the specialized native services offered by your cloud provider. In the case of Azure:

    • Use Application Gateway for TLS-termination and load-balancing.
    • Use App Service Domains for domain acquisition.
    • Use Azure DNS for domain record management.
    • Use Azure Vault for PKI certificate storage.

    These decisions should be made before you continue as they impact how Seqera configuration files are updated.

Prerequisites for Docker#

A Linux VM instance is required to deploy Seqera Enterprise via Docker Compose. See the detailed instructions to provision a VM instance for this purpose.

Prerequisites for AKS#

An Azure Kubernetes Service (AKS) cluster is required to deploy Seqera Enterprise via Kubernetes. See the AKS documentation to provision your own cluster.

To customize your cluster's Ingress Controller to support HTTPS redirects and TLS certificates, see these instructions.

Seqera container images#

Seqera Platform Enterprise is distributed as a collection of Docker containers available through the Seqera container registry (cr.seqera.io). Contact support to get your container access credentials. Once you've received your credentials, retrieve the Seqera container images:

  1. Retrieve the username and password you received from Seqera support.

  2. Run the following Docker command to authenticate to the registry (using the username and password values copied in step 1):

    1
    docker login -u '<USERNAME>' -p '<PASSWORD>' cr.seqera.io

  3. Pull the Seqera container images with the following commands:

    1
2
3
    docker pull cr.seqera.io/private/nf-tower-enterprise/backend:v23.2.0

docker pull cr.seqera.io/private/nf-tower-enterprise/frontend:v23.2.0

    cr.seqera.io is the default Seqera container image registry from version 22.4. Use of the AWS, Azure, and Google Cloud image registries in existing installations is still supported but is deprecated for new installations from June 2023. See here for steps to use the Seqera private Azure registry.

Azure setup#

This section provides step-by-step instructions for some commonly used Azure services for Seqera deployment. See the Azure documentation for up-to-date instructions and contact Azure support if you have any issues with provisioning Azure resources.

Azure Resource Group#

  1. Sign in to the Azure portal.

  2. Select Resource groups.

  3. Select Add.

  4. Enter the following values:

    • Subscription: Select your Azure subscription.

    • Resource group: Enter a new resource group name (e.g., seqerarg).

    • Region: Select the region where your assets will exist (e.g., East US).

  5. Select Review and Create.

  6. Select Create.

Azure Storage Account#

  1. Sign in to the Azure portal.

  2. Select Storage accounts.

  3. Select Create.

  4. Enter the following values:

    • Subscription: Select your Azure subscription.

    • Resource group: Enter your resource group name.

    • Storage account name: Enter a new storage account name (e.g., seqerastorage).

    • Region: Select the region where your Resource Group exists (e.g., East US).

    • Performance: Select Standard.

    • Redundancy: Select Geo-redundant storage (GRS).

  5. Select Review + create. Note that the default values are used in the other tabs. See the Azure documentation for further details on each setting.

  6. Select Create.

Azure Linux VM#

We recommend the following VM settings:

  1. Use default values unless otherwise specified.
  2. Provision at least 2 CPUS and 8GB RAM.
  3. Use the Ubuntu Server 20.04 LTS - Gen2 image.
  4. Ensure your VM is accessible by SSH.
  5. Do not implement DNS or Load Balancing directly against the VM (do so via Azure Application Gateway instead).

To create a VM:

  1. Configure the Basics tab:

    • Ensure your Region is the same as your Resource group.
    • Do not set the VM as an Azure Spot instance.
    • Ensure your Security Group allows ingress on Port 8000.

  2. Configure the Disks tab:

    • Ensure your OS disk type is Standard SSD.

  3. Configure the Network tab:

    • Ensure that a Public IP is assigned to the VM.
    • Do not place the VM in the backend pool of an existing load balancing solution.

  4. Select Review + create.

  5. Select Create.

To make the VM's IP address static:

  1. Enter Public IP addresses in the search.

  2. Under Services, select Public IP addresses.

  3. On the Public IP addresses page, select the entry containing your VM name. A page opens with that IP's details.

  4. Select Configuration from the left-hand navigation panel.

  5. Ensure that your IP address assignment is Static.

  6. Do not add a custom DNS name label to the VM.

To allow ingress on port 8000:

  1. Enter Virtual Machines in the search bar.

  2. Under Services, select Virtual machines.

  3. On the Virtual machines page, select your VM name to navigate to the VM details.

  4. Select Networking from the left-hand navigation panel.

  5. Add inbound port rule for port 8000.

Back to top