Skip to main content
Install Qovery on your Azure account and deploy a fully managed Kubernetes cluster (AKS) in less than 20 minutes.

Overview

Qovery simplifies Azure Kubernetes Service (AKS) management by:
  • Automating cluster creation and configuration
  • Managing networking, load balancers, and DNS
  • Providing built-in monitoring and logging
  • Handling rolling updates and scaling
  • Securing your infrastructure with best practices

Fully Managed

Qovery creates and manages your AKS cluster automatically

Production Ready

Best practices for security, networking, and reliability

Auto-Scaling

Automatic node scaling based on workload

Multi-Region

Deploy across Azure regions worldwide

Prerequisites

Before you begin, ensure you have:
Azure Account: Active Azure subscription with admin access
Azure Tenant: Access to an Azure Active Directory tenant
Qovery Account: Free account at console.qovery.com
Permissions: Ability to create service principals and assign roles

Required Azure Permissions

Your Azure account needs these permissions:
  • Create and manage AKS clusters
  • Create service principals
  • Assign contributor role
  • Manage virtual networks
  • Create resource groups

Step 1: Create Azure Credentials

Qovery needs credentials to manage resources in your Azure subscription. We use a secure service principal approach that avoids storing long-lived credentials.

Get Your Azure IDs

1

Find Tenant ID

  1. Go to Azure Portal
  2. Navigate to Azure Active Directory
  3. Click Overview in the left sidebar
  4. Copy your Tenant ID (also called Directory ID)
You can also find it directly at: portal.azure.com/#view/Microsoft_AAD_IAM/TenantProperties.ReactView
The Tenant ID is a GUID that looks like: 12345678-1234-1234-1234-123456789abc
2

Find Subscription ID

  1. In Azure Portal, go to Subscriptions
  2. Click on the subscription you want to use
  3. Copy the Subscription ID from the overview page
You can also find it at: portal.azure.com/#view/Microsoft_Azure_Billing/SubscriptionsBlade
Make sure the subscription is active and has billing enabled. Qovery cannot create resources in disabled subscriptions.

Generate Installation Command

1

Start Cluster Creation

  1. Go to Qovery Console
  2. Click Clusters in the left sidebar
  3. Click Create Cluster
  4. Select Azure as the cloud provider
2

Enter Azure Details

  1. Enter your Tenant ID
  2. Enter your Subscription ID
  3. Click Next
Qovery will generate a secure installation command for you.
3

Copy the Command

Copy the generated command to your clipboard.
This command creates a service principal using Azure’s app registration. It’s completely secure and you can inspect the script at: hub.qovery.com/files/create_credentials_azure.sh

Run Installation Script

1

Open Azure Cloud Shell

  1. In Azure Portal, click the Cloud Shell icon (>_) in the top navigation bar
  2. Important: Select Bash mode (not PowerShell) Azure Cloud Shell
The script must run in Bash mode. If you’re in PowerShell, click the dropdown and switch to Bash.
2

Run the Command

  1. Paste the command from Qovery into Azure Cloud Shell
  2. Press Enter
  3. Review the subscription details displayed
  4. The script will create a service principal and assign necessary permissions
Example output:
Creating service principal for Qovery...
Service principal created successfully!
Assigning Contributor role...
 Credentials configured successfully

Subscription ID: 12345678-1234-1234-1234-123456789abc
Tenant ID: 87654321-4321-4321-4321-cba987654321
3

Verify in Qovery

The credentials are automatically linked to your Qovery organization.
If you have multiple subscriptions, you can specify which one to use by passing it as a parameter to the script.
Source: Content above is maintained in /snippets/azure-credentials.mdx. Update snippet first, then copy to all usage locations.

Step 2: Configure Your Cluster

Now configure your AKS cluster settings in the Qovery console.

Basic Configuration

1

Cluster Name

Choose a descriptive name for your cluster:
  • production-aks
  • staging-azure
  • dev-aks-eastus
Use naming conventions that indicate environment and region for easier management.
2

Select Region

Choose an Azure region closest to your users:North America:
  • eastus - East US (Virginia)
  • eastus2 - East US 2 (Virginia)
  • westus2 - West US 2 (Washington)
  • centralus - Central US (Iowa)
Europe:
  • westeurope - West Europe (Netherlands)
  • northeurope - North Europe (Ireland)
  • uksouth - UK South (London)
  • francecentral - France Central (Paris)
Asia Pacific:
  • southeastasia - Southeast Asia (Singapore)
  • eastasia - East Asia (Hong Kong)
  • japaneast - Japan East (Tokyo)
  • australiaeast - Australia East (Sydney)
Choose a region that complies with your data residency requirements.
3

Attach Credentials

Select the Azure credentials you created in Step 1.If you need to create new credentials, click Add new credentials and repeat Step 1.

Node Pool Configuration

Configure the VM sizes for your AKS node pools:
Development/Testing:
  • Standard_B2s (2 vCPU, 4GB RAM)
  • Standard_B2ms (2 vCPU, 8GB RAM)
General Purpose Production:
  • Standard_D2s_v3 (2 vCPU, 8GB RAM)
  • Standard_D4s_v3 (4 vCPU, 16GB RAM)
  • Standard_D8s_v3 (8 vCPU, 32GB RAM)
Compute Optimized:
  • Standard_F2s_v2 (2 vCPU, 4GB RAM)
  • Standard_F4s_v2 (4 vCPU, 8GB RAM)
Memory Optimized:
  • Standard_E2s_v3 (2 vCPU, 16GB RAM)
  • Standard_E4s_v3 (4 vCPU, 32GB RAM)
Select multiple VM sizes to give the cluster autoscaler flexibility in choosing the most cost-effective options.
Example Configuration: 
Node Pool Settings:
  - Standard_B2s (2 vCPU, 4GB) - Development workloads
  - Standard_D2s_v3 (2 vCPU, 8GB) - General purpose
  - Standard_D4s_v3 (4 vCPU, 16GB) - Larger workloads
  - Standard_F4s_v2 (4 vCPU, 8GB) - CPU-intensive tasks

Networking Configuration

Qovery automatically configures Azure networking: What’s Created:
  • Virtual Network (VNet) with CIDR 10.0.0.0/16
  • Public subnet for load balancers
  • Private subnets for nodes
  • NAT Gateway for outbound internet access
  • Network Security Groups (NSGs)
  • Azure Load Balancer for ingress
VNet Peering: Configure VNet peering to connect to existing Azure resources (databases, storage, etc.).Custom CIDR: Change the default VNet CIDR if it conflicts with your existing networks.Private Cluster: Enable private cluster mode to remove public API endpoints (requires VPN or ExpressRoute).

Step 3: Deploy Your Cluster

1

Review Configuration

Review all your cluster settings:
  • Cluster name
  • Region
  • VM sizes
  • Networking options
2

Create and Deploy

Click Create and Deploy
You can start configuring applications immediately! The cluster will be available once deployment completes.
3

Monitor Progress

Watch the deployment progress in the Qovery console.Timeline:
  • 0-5 min: Creating Azure resources (Resource Group, VNet, NSGs)
  • 5-10 min: Provisioning AKS control plane
  • 10-15 min: Creating node pools
  • 15-20 min: Installing Qovery components (ingress, monitoring, etc.)
Status indicators:
  • 🟡 Creating: Infrastructure provisioning in progress
  • 🟢 Running: Cluster is ready to use
  • 🔴 Error: Check logs for troubleshooting
4

Verify Installation

Once complete, your cluster will appear in the cluster list with status Running.Azure Cluster Running

What Gets Created

Qovery automatically provisions these Azure resources:
  • Resource Group: Dedicated group for all cluster resources
  • AKS Cluster: Managed Kubernetes cluster
  • Virtual Network: Isolated network for your cluster
  • Subnets: Public and private subnets
  • NAT Gateway: Outbound internet connectivity
  • Network Security Groups: Firewall rules
  • Azure Load Balancer: Layer 4 load balancing
  • Application Gateway (optional): Layer 7 load balancing
  • Public IP Addresses: For ingress traffic
  • Private DNS Zone: Internal service discovery
  • Virtual Machine Scale Sets: Auto-scaling node pools
  • Managed Disks: Persistent storage for nodes
  • System Node Pool: Kubernetes system components
  • User Node Pools: Your application workloads
  • NGINX Ingress Controller: HTTP/HTTPS routing
  • Cert-Manager: Automatic SSL/TLS certificates
  • Qovery Agent: Cluster management
  • Monitoring Stack: Metrics and logging
  • DNS Management: Automatic domain configuration

Post-Installation Steps

Once your cluster is running:
1

Deploy Your First Application

Follow the Deploy Your First App guide
2

Configure Custom Domain

Set up your own domain instead of the default Qovery domain
3

Set Up Monitoring

Configure Azure Monitor or Datadog
4

Configure Backups

Set up backup policies for persistent data

Troubleshooting

Error: “Failed to create service principal”Solutions:
  • Verify you have permissions to create service principals
  • Check that your Azure subscription is active
  • Ensure you’re using Bash mode (not PowerShell) in Cloud Shell
  • Verify Tenant ID and Subscription ID are correct
Issue: Cluster stuck in “Creating” state for over 30 minutesSolutions:
  • Check Azure quotas for your subscription (vCPUs, Public IPs)
  • Verify the selected region has capacity
  • Check Azure status page for outages
  • Contact Qovery support if issue persists
Error: “Quota exceeded for resource”Solutions:
  1. Check your Azure quotas: portal.azure.com/#view/Microsoft_Azure_Capacity/QuotaMenuBlade
  2. Request quota increase through Azure Portal
  3. Choose a different VM size or region
  4. Reduce the number of nodes
Common quota limits:
  • Total Regional vCPUs
  • VM family specific vCPUs (D-series, F-series, etc.)
  • Public IP addresses
  • Load balancers
Issue: Applications can’t access external servicesSolutions:
  • Verify NAT Gateway is properly configured
  • Check Network Security Group rules
  • Ensure subnet routing tables are correct
  • Test connectivity from a pod: kubectl run -it debug --image=nicolaka/netshoot --rm

Advanced Configuration

Private Cluster Mode

For enhanced security, enable private cluster mode:
Private clusters require VPN or ExpressRoute to access the Kubernetes API. Plan your network connectivity before enabling.

VNet Peering

Connect your AKS cluster to existing Azure resources:
  1. Create VNet peering from Qovery VNet to your VNet
  2. Configure route tables
  3. Update Network Security Groups
  4. Test connectivity

Custom DNS

Use your own DNS servers:
  1. Configure custom DNS in VNet settings
  2. Update CoreDNS configuration
  3. Test name resolution

Best Practices

Right-Size VMs

Start with smaller VMs and scale up based on actual usage patterns

Enable Monitoring

Configure Azure Monitor or third-party monitoring from day one

Implement RBAC

Use Azure AD integration and Kubernetes RBAC for access control

Regular Updates

Keep your AKS cluster updated with the latest Kubernetes versions

Backup Strategy

Implement automated backups for persistent data and configurations

Next Steps

Deploy Your First App

Complete step-by-step deployment guide

Configure RBAC

Set up team access control

Set Up CI/CD

Automate deployments with GitHub Actions or Azure DevOps

Monitor Your Cluster

Configure monitoring and alerting

Additional Resources