Getting started with Vespa Cloud Enclave in Azure

Setting up Vespa Cloud Enclave requires:

Registration at Vespa Cloud, or use a pre-existing Vespa tenant.
Running a Terraform configuration to provision necessary Azure resources in the subscription.
Registration of the Azure subscription in Vespa Cloud.
Deployment of a Vespa application.

1. Vespa Cloud Tenant setup

2. Configure Azure subscription

Choose an Azure subscription to use for Vespa Cloud Enclave.

Note: We recommend using a dedicated subscription for your Vespa Cloud Enclave. Resources in this subscription will be fully managed by Vespa Cloud.

One subscription can host all your Vespa applications, there is no need for multiple Vespa tenants or Azure subscriptions.

The subscription must be prepared for deploying Vespa applications. Use Terraform to set up the necessary resources using the modules published by the Vespa team.

Feel free to use the multi-region example to get started.

If you are unfamiliar with Terraform: It is a tool to manage resources and their configuration in various cloud providers, like AWS, Azure, and GCP. Terraform has published a Get Started - Azure tutorial, and we strongly encourage enclave users to read and follow the Terraform recommendations for CI/CD.

The Terraform module we provide is regularly updated to add new required resources or extra permissions for Vespa Cloud to automate the operations of your applications. In order for your enclave applications to use the new features you must re-apply your terraform templates with the latest release. The notification system will let you know when a new release is available.

3. Onboarding

Contact support@vespa.ai and provide the enclave_config output after applying the Terraform, see Outputs. The enclave_config includes which Vespa tenant should be on-boarded to use Vespa Cloud Enclave. And the Azure tenant ID, the subscription ID, and a client ID of an Athenz identity the Terraform created.

4. Deploy a Vespa application

By default, all applications are deployed on resources in Vespa Cloud accounts. To deploy in your Azure enclave subscription instead, update deployment.xml to reference the subscription ID from step 2:

<deployment version="1.0" cloud-account="azure:11111111-1111-1111-1111-111111111111">
    <dev />
</deployment>

Useful resources are getting started and migrating to Vespa Cloud - put deployment.xml next to services.xml.

Next steps

After a successful deployment to the dev environment, iterate on the configuration to implement your application on Vespa. The dev environment is ideal for this, with rapid deployment cycles.

For production serving, deploy to the prod environment - follow the steps in production deployment.

Enclave teardown

To tear down a Vespa Cloud Enclave system, do the steps above in reverse order:

Undeploy the application(s)
Undeploy the Terraform changes

It is important to undeploy the Vespa application(s) first. After running the Terraform, Vespa Cloud cannot manage the resources allocated, so you must clean up these yourself.