Azure
Deploy M3 Forge on Azure using AKS for Kubernetes and Azure Database for PostgreSQL, with an S3-compatible object storage layer for the current runtime contract.
Recommended Azure mapping
| M3 Forge dependency | Azure service |
|---|---|
| Kubernetes | Azure Kubernetes Service |
| PostgreSQL | Azure Database for PostgreSQL |
| Object storage | MinIO on AKS, or another S3-compatible service |
| Secrets | Azure Key Vault with External Secrets Operator or CSI driver |
| Analytics | ClickHouse Cloud or self-managed ClickHouse |
| Ingress | Application Gateway for Containers, NGINX Ingress, or Gateway API implementation |
Important storage note
Native Azure Blob Storage is not the current default object-storage contract for M3 Forge. Today the chart expects an S3-compatible endpoint, so use MinIO or another S3-compatible layer in Azure environments.
Prerequisites
- an AKS cluster
- Azure Database for PostgreSQL
- an S3-compatible object storage endpoint
- ingress or Gateway API
- published API and frontend images
Installation
Provision infrastructure
Create:
- AKS
- Azure Database for PostgreSQL
- MinIO or another S3-compatible object store
- ClickHouse service
- ingress and DNS
Prepare values
cp deploy/helm/charts/m3forge/examples/self_hosted_external.yaml azure-m3forge-values.yamlCreate or sync the Kubernetes secret
Include:
DATABASE_URLJWT_ACCESS_SECRETJWT_REFRESH_SECRETS3_ACCESS_KEY_IDS3_SECRET_ACCESS_KEY
Install the chart
helm install m3forge ./deploy/helm/charts/m3forge \
-f azure-m3forge-values.yamlExample values shape
config:
public:
frontendUrl: https://forge.example.com
apiUrl: https://forge.example.com
appUrl: https://forge.example.com
storage:
s3EndpointUrl: https://minio.example.internal
s3BucketName: m3forge
s3Region: eastus
secrets:
existingSecret: m3forge-secrets
create: false
ingress:
enabled: true
host: forge.example.comAzure-specific notes
Secrets
Azure Key Vault is a strong fit for secret storage, but the chart currently consumes Kubernetes secrets or existing secret references. Use a controller or CSI sync pattern to bridge that cleanly.
Next steps
Last updated on