Skip to main content
Deploying Prisme.ai on Microsoft Azure leverages managed Azure services for scalability, reliability, and ease of management. This guide walks through setting up Prisme.ai using Azure Kubernetes Service (AKS) and other Azure-native resources.

Azure Prerequisites

Ensure these prerequisites are ready before deploying:
  • An active Azure subscription with sufficient privileges.
  • Azure CLI installed and authenticated.
  • Familiarity with Kubernetes and basic Azure services (AKS, CosmosDB/MongoDB/PostgreSQL, Redis, Blob storage).
Set up Prisme.ai using the following Azure-managed resources:
  • Service: Azure Kubernetes Service (AKS)
  • Recommended Configuration:
    • 3-5 nodes with at least Standard_D4s_v4 (4 vCPU, 16GB RAM each)
    • Cluster Autoscaler enabled
  • Best Practices:
    • Use Azure Availability Zones for high availability
    • Integrate Azure AD for AKS cluster authentication
  • Deployment Example: 
    az aks create --name prisme-ai-cluster --resource-group PrismeRG \
--node-count 3 --enable-cluster-autoscaler \
--min-count 3 --max-count 5 --node-vm-size Standard_D4s_v4
  • Service: Azure Cosmos DB API for MongoDB or Azure Database PostgreSQL
  • Recommended Configuration:
    • 3-node replication (multi-region optional)
    • Provision throughput according to your workload (400-10,000 RU/s)
  • Best Practices:
    • Enable Geo-replication for disaster recovery
    • Regularly monitor and scale throughput dynamically
    • Use Microsoft Entra ID authentication with PostgreSQL
  • Service: Elasticsearch on Elastic Cloud or ES/OS deployed via AKS-managed containers
  • Recommended Configuration:
    • Elasticsearch cluster with at least 3 nodes (8GB RAM per node)
  • Best Practices:
    • Snapshot regularly to Cloud Storage
    • Secure using private networking and access controls
  • Service: Azure Cache for Redis
  • Recommended Configuration:
    • Premium P1 or P2 tier for HA and clustering
    • Multi-zone redundancy enabled
  • Best Practices:
    • Regularly perform maintenance and updates
    • Integrate with Azure Monitor for metrics
    • Use Microsoft Entra ID authentication with Redis
  • Service: Azure Blob Storage
  • Configuration:
    • Separate containers for private uploads, public assets, and models
  • Best Practices:
    • Use Azure CDN to serve public assets efficiently
    • Enable lifecycle management policies
  • Service: Azure Files with Azure Storage Accounts
  • Recommended Configuration:
    • Premium SSD tier for optimal performance
    • Integration with AKS using CSI drivers for persistent volumes
  • Best Practices:
    • Secure access via Private Endpoints
    • Enable regular backups via Azure Backup

Azure Deployment Steps

1

Create Resource Group

Create a dedicated Azure Resource Group:
az group create --name PrismeRG --location westeurope
2

Deploy AKS Cluster

Provision your AKS cluster:
az aks create --name prisme-ai --resource-group PrismeRG --node-count 3 --generate-ssh-keys
3

Provision Managed Databases

Set up Cosmos DB, Azure Search, and Redis via Azure Portal or CLI:
az cosmosdb create --name prisme-ai-db --resource-group PrismeRG --kind MongoDB
az redis create --name prisme-ai-cache --resource-group PrismeRG --sku Premium --vm-size P1
4

Configure DNS & Networking

  • Configure Azure DNS for your domains:
    • api.yourdomain.com
    • studio.yourdomain.com
    • *.pages.yourdomain.com
  • Use Azure Application Gateway as ingress if desired.
5

Deploy Prisme.ai via Helm

Deploy Prisme.ai using Helm in AKS:
helm repo add prismeai https://helm.prisme.ai/charts
helm install prisme-core prismeai/prismeai-core --namespace prisme -f values.yaml
6

Set up Ingress and SSL

Set up Azure Application Gateway with AKS Ingress Controller:
kubectl apply -f ingress.yaml
Use Azure Key Vault to manage SSL certificates.

Passwordless authentication

Microsoft Entra ID authentication enable passwordless authentication using system-assigned or user-assigned managed identities. For both Redis and PostgreSQL, start following these common steps :
  1. Create a managed identity :
az identity create --name PrismeaiIdentity --resource-group RESOURCE_GROUP
  1. Allow our future Kubernetes deployments to endorse this manage identity using one of these 2 methods :
2a. Bind this identity with your Azure Kubernetes Cluster : 
az aks update  --resource-group RESOURCE_GROUP  --name CLUSTER_NAME  --enable-managed-identity  --assign-identity IDENTITY_ID  --assign-kubelet-identity IDENTITY_ID
With this method, managed identity authentication can be enabled from prismeai Helm value files by defining all azureSystemIdentity values to true. 2b. Or, create a federated identity : This will bind the managed identity with the Kubernetes service account which will be used our backend deployments : 
az identity federated-credential create    --name prismeai-core-fic  --identity-name PrismeaiIdentity    --resource-group RESOURCE_GROUP    --issuer <aks_oidc_issuer>    --subject system:serviceaccount:CORE_NAMESPACE:prismeai-backends-sa    --audiences api://AzureADTokenExchange
az identity federated-credential create    --name prismeai-apps-fic  --identity-name PrismeaiIdentity    --resource-group RESOURCE_GROUP    --issuer <aks_oidc_issuer>    --subject system:serviceaccount:APPS_NAMESPACE:prismeai-backends-sa    --audiences api://AzureADTokenExchange
  • Here, all Prismeai backends services (everything except prismeai-console and prismeai-pages) will need a serviceAccount.name: prismeai-backends-sa value in Helm value files.
  • CORE_NAMESPACE and APPS_NAMESPACE must be replaced with the expected core and apps namespace names.
From there, managed identity authentication can be enabled from prismeai Helm value files by defining all azureManagedIdentityClientId values to the managed identity clientId.

Redis

  1. Open your Azure Managed Redis or Azure Cache For Redis
  2. Open Settings > Authentication in left menu
  3. Enable Microsoft Entra ID authentication and select your created managed identity
This is all !

PostgreSQL

  1. Connect to the Postgres cluster with your Entra admin user :
export AZ_DATABASE_SERVER_NAME=prismeai
export CURRENT_USERNAME=$(az ad signed-in-user show --query userPrincipalName --output tsv)
export AZ_DATABASE_NAME="db server name"
psql "host=$AZ_DATABASE_SERVER_NAME.postgres.database.azure.com user=$CURRENT_USERNAME dbname=$AZ_DATABASE_NAME port=5432 password=$(az account get-access-token --resource-type oss-rdbms --output tsv --query accessToken) sslmode=require"
  1. Create a postgres user attached to our managed identity (by using the same name) :
select * from pgaadauth_create_principal('PrismeaiIdentity', false, false);
  1. Assign permissions :
GRANT CREATE ON SCHEMA public TO "PrismeaiIdentity";
GRANT USAGE ON SCHEMA public TO "PrismeaiIdentity";
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO "PrismeaiIdentity";
# Give default permissions for future tables
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO "PrismeaiIdentity";
PrismeaiIdentity must match the managed identity name you created in first step.
  1. In Helm value files, specify the managed identity username (PrismeaiIdentity) for all 3 PostgreSQL clients :
  • global.permissions.user
  • prismeai-api-gateway.storage.users.user
  • prismeai-runtime.storage.collections.user

Security Best Practices

Azure AD Integration

  • Secure your AKS cluster using Azure Active Directory integration.
  • Implement RBAC for access management.

Private Networking

  • Deploy AKS within a private Virtual Network (VNet).
  • Utilize Azure Firewall or Network Security Groups (NSGs) for controlled access.

Secrets Management

  • Store sensitive configurations in Azure Key Vault.
  • Regularly rotate keys and passwords.

Monitoring & Alerts

  • Utilize Azure Monitor and Azure Log Analytics.
  • Set alerts for resource anomalies.

Next Steps

Helm Deployment

Deploy Prisme.ai using Helm on Kubernetes

Products Configuration

Configure your Prisme.ai AI products

Operations Management

Learn about scaling operations efficiently