Microsoft Azure AKS Deployment

Description

Deploy on Azure Kubernetes Service with AI Foundry and dual AI model support

Difficulty

Advanced

Duration

2 - 4 hr

You will need

• Azure account with active subscription (see below for setup)
• Azure CLI installed and configured
• Pulumi installed locally
• kubectl command-line tool
• Python 3.11+ for CLI tools
• Basic command-line and Kubernetes familiarity

Goal

Deploy a production-ready TrustGraph environment on Azure Kubernetes Service with AI Foundry and dual AI model support using Infrastructure as Code.

Overview

This guide walks you through deploying TrustGraph on Microsoft Azure’s Kubernetes Service (AKS) using Pulumi (Infrastructure as Code). The deployment automatically provisions a production-ready Kubernetes cluster integrated with Azure’s AI services including AI Foundry and Cognitive Services.

Pulumi is an open-source Infrastructure as Code tool that uses general-purpose programming languages (TypeScript/JavaScript in this case) to define cloud infrastructure. Unlike manual deployments, Pulumi provides:

• Reproducible, version-controlled infrastructure
• Testable and retryable deployments
• Automatic resource dependency management
• Simple rollback capabilities

Once deployed, you’ll have a complete TrustGraph stack running on Azure infrastructure with:

• Azure Kubernetes Service (AKS) cluster (2-node pool, configurable)
• Azure AI Foundry integration with Phi-4 model
• Azure Cognitive Services with OpenAI GPT-4o-mini
• Complete monitoring with Grafana and Prometheus
• Web workbench for document processing and Graph RAG
• Secure secrets management with Azure Key Vault

Why Microsoft Azure for TrustGraph?

Azure offers unique advantages for enterprise organizations:

• Dual AI Models: Choose between Azure AI Foundry (Phi-4) and OpenAI (GPT-4o-mini)
• Enterprise Integration: Native integration with Microsoft 365, Active Directory, and enterprise services
• Hybrid Cloud: Seamless hybrid cloud capabilities with Azure Arc
• Compliance: Extensive compliance certifications (ISO, SOC, HIPAA, FedRAMP, etc.)
• Global Scale: 60+ regions worldwide with Microsoft’s global network

Ideal for organizations in the Microsoft ecosystem requiring enterprise-grade AI and compliance.

Getting ready

Azure Account

You’ll need an Azure account with an active subscription. If you don’t have one:

1. Sign up at https://azure.microsoft.com/
2. Complete account verification
3. Create or select a subscription
4. New users receive $200 in free credits for 30 days

Create a Resource Group (Optional)

While Pulumi will create a resource group, you may want to pre-create one for organizational purposes:

az group create --name trustgraph-rg --location eastus

Install Azure CLI

Install the Azure command-line tool:

Linux

curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash

MacOS

brew update && brew install azure-cli

Windows

Download the installer from aka.ms/installazurecliwindows

Verify installation:

az --version

Configure Azure Authentication

Authenticate with your Azure account:

az login

This will open a browser for authentication. After successful login, set your default subscription:

az account set --subscription "YOUR_SUBSCRIPTION_ID"

You can list your subscriptions with:

az account list --output table

Register Required Resource Providers

Ensure necessary Azure resource providers are registered:

az provider register --namespace Microsoft.ContainerService
az provider register --namespace Microsoft.Compute
az provider register --namespace Microsoft.Network
az provider register --namespace Microsoft.Storage
az provider register --namespace Microsoft.KeyVault
az provider register --namespace Microsoft.CognitiveServices

Python

You need Python 3.11 or later installed for the TrustGraph CLI tools.

Check your Python version

python3 --version

If you need to install or upgrade Python, visit python.org.

Pulumi

Install Pulumi on your local machine:

Linux

curl -fsSL https://get.pulumi.com | sh

MacOS

brew install pulumi/tap/pulumi

Windows

Download the installer from pulumi.com.

Verify installation:

pulumi version

Full installation details are at pulumi.com.

kubectl

Install kubectl to manage your Kubernetes cluster:

• Linux: Install kubectl on Linux
• MacOS: brew install kubectl
• Windows: Install kubectl on Windows

Verify installation:

kubectl version --client

Node.js

The Pulumi deployment code uses TypeScript/JavaScript, so you’ll need Node.js installed:

• Download: nodejs.org (LTS version recommended)
• Linux: sudo apt install nodejs npm (Ubuntu/Debian) or sudo dnf install nodejs (Fedora)
• MacOS: brew install node

Verify installation:

node --version
npm --version

Azure AI Services Access

The deployment supports two AI configurations:

Option 1: Azure AI Foundry (Machine Learning)

• Model: Phi-4 (serverless endpoint)
• Configuration: Uses resources.yaml.mls
• Requirements: Azure subscription with AI Foundry access

Option 2: Azure Cognitive Services (OpenAI)

• Model: GPT-4o-mini
• Configuration: Uses resources.yaml.cs
• Requirements: Azure subscription with Cognitive Services access

You’ll choose your AI model during deployment preparation.

Prepare the deployment

Get the Pulumi code

Clone the TrustGraph Azure Pulumi repository:

git clone https://github.com/trustgraph-ai/pulumi-trustgraph-azure.git
cd pulumi-trustgraph-azure/pulumi

Choose your AI model configuration

Select which AI model to use:

For Azure AI Foundry (Phi-4):

cp resources.yaml.mls resources.yaml

For Azure Cognitive Services (OpenAI GPT-4o-mini):

cp resources.yaml.cs resources.yaml

You can switch between configurations by copying the appropriate template file to resources.yaml and re-deploying.

Install dependencies

Install the Node.js dependencies for the Pulumi project:

npm install

Configure Pulumi state

You need to tell Pulumi which state to use. You can store this in an S3 bucket, but for experimentation, you can just use local state:

pulumi login --local

When storing secrets in the Pulumi state, pulumi uses a secret passphrase to encrypt secrets. When using Pulumi in a production or shared environment you would have to evaluate the security arrangements around secrets.

We’re just going to set this to the empty string, assuming that no encryption is fine for a development deploy.

export PULUMI_CONFIG_PASSPHRASE=

Create a Pulumi stack

Initialize a new Pulumi stack for your deployment:

pulumi stack init dev

You can use any name instead of dev - this helps you manage multiple deployments (dev, staging, prod, etc.).

Configure the stack

Apply settings for Azure region and environment:

pulumi config set azure-native:location eastus
pulumi config set environment dev

Available Azure regions include:

• eastus (East US)
• westus2 (West US 2)
• northeurope (North Europe)
• westeurope (West Europe)
• uksouth (UK South)
• southeastasia (Southeast Asia)
• australiaeast (Australia East)

Refer to Azure Regions for a complete list.

Configure AI model settings

For Azure AI Foundry (Phi-4):

pulumi config set aiEndpointModel "azureml://registries/azureml/models/Phi-4"

For Azure Cognitive Services (OpenAI):

pulumi config set openaiModel gpt-4o-mini
pulumi config set openaiVersion "2024-07-18"
pulumi config set contentFiltering Microsoft.DefaultV2

Refer to the repository’s README for additional configuration options and model choices.

Deploy with Pulumi

Preview the deployment

Before deploying, preview what Pulumi will create:

pulumi preview

This shows all the resources that will be created:

• Resource group for all TrustGraph resources
• Azure Identity service principal
• AKS Kubernetes cluster
• Node pool with specified VM sizes
• Azure Key Vault for secrets
• Storage account for AI services
• Azure AI Foundry (AI hub, workspace, serverless endpoints) OR
• Cognitive Services (OpenAI deployment)
• Kubernetes secrets for Azure credentials
• TrustGraph deployments, services, and config maps

Review the output to ensure everything looks correct.

Deploy the infrastructure

Deploy the complete TrustGraph stack:

pulumi up

Pulumi will ask for confirmation before proceeding. Type yes to continue.

The deployment typically takes 15 - 25 minutes and progresses through these stages:

1. Creating Azure resources (8-12 minutes)
   • Creates resource group
   • Sets up service principal
   • Provisions Key Vault and Storage Account
2. Creating AKS cluster (8-10 minutes)
   • Provisions AKS cluster
   • Creates node pool
   • Configures networking
3. Configuring AI services (2-3 minutes)
   • Sets up Azure AI Foundry (Phi-4) OR Cognitive Services (OpenAI)
   • Creates AI endpoints
   • Configures authentication
4. Deploying TrustGraph (4-6 minutes)
   • Applies Kubernetes manifests
   • Deploys all TrustGraph services
   • Starts pods and initializes services

You’ll see output showing the creation progress of all resources.

Configure and verify kubectl access

After deployment completes, configure kubectl to access your AKS cluster:

az aks get-credentials --resource-group trustgraph-rg --name trustgraph-aks

Verify access:

kubectl get nodes

You should see your AKS nodes listed as Ready.

Check pod status

Verify that all pods are running:

kubectl -n trustgraph get pods

You should see output similar to this (pod names will have different random suffixes):

NAME                                        READY   STATUS      RESTARTS   AGE
agent-manager-74fbb8b64-nzlwb               1/1     Running     0          5m
api-gateway-b6848c6bb-nqtdm                 1/1     Running     0          5m
cassandra-6765fff974-pbh65                  1/1     Running     0          5m
pulsar-d85499879-x92qv                      1/1     Running     0          5m
text-completion-58ccf95586-6gkff            1/1     Running     0          5m
workbench-ui-5fc6d59899-8rczf               1/1     Running     0          5m
...

All pods should show Running status. Some init pods (names ending in -init) may fail or be shown Completed status - this is normal, their job is to initialise cluster resources and then exit.

Access services via port-forwarding

Since the Kubernetes cluster is running on Scaleway, you’ll need to set up port-forwarding to access TrustGraph services from your local machine.

Open three separate terminal windows and run these commands (keep them running):

Terminal 1 - API Gateway:

export KUBECONFIG=$(pwd)/kubeconfig.yaml
kubectl -n trustgraph port-forward svc/api-gateway 8088:8088

Terminal 2 - Workbench UI:

export KUBECONFIG=$(pwd)/kubeconfig.yaml
kubectl -n trustgraph port-forward svc/workbench-ui 8888:8888

Terminal 3 - Grafana:

export KUBECONFIG=$(pwd)/kubeconfig.yaml
kubectl -n trustgraph port-forward svc/grafana 3000:3000

With these port-forwards running, you can access:

• TrustGraph API: http://localhost:8088
• Web Workbench: http://localhost:8888
• Grafana Monitoring: http://localhost:3000

Keep these terminal windows open while you’re working with TrustGraph. If you close them, you’ll lose access to the services.

Install CLI tools

Now install the TrustGraph command-line tools. These tools help you interact with TrustGraph, load documents, and verify the system.

Create a Python virtual environment and install the CLI:

python3 -m venv env
source env/bin/activate  # On Windows: env\Scripts\activate
pip install trustgraph-cli

Set the IAM bootstrap token so that CLI tools can authenticate:

export TRUSTGRAPH_TOKEN=$(pulumi stack output iamToken --show-secrets)

Grafana access

Login to Grafana with username admin and the password from:

pulumi stack output grafanaPassword --show-secrets

Startup period

It can take 2-3 minutes for all services to stabilize after deployment. Services like Pulsar and Cassandra need time to initialize properly.

Verify system health

tg-verify-system-status

If everything is working, the output looks something like this:

============================================================
TrustGraph System Status Verification
============================================================

Phase 1: Infrastructure
------------------------------------------------------------
[00:00] ⏳ Checking Pulsar...
[00:03] ⏳ Checking Pulsar... (attempt 2)
[00:03] ✓ Pulsar: Pulsar healthy (0 cluster(s))
[00:03] ⏳ Checking API Gateway...
[00:03] ✓ API Gateway: API Gateway is responding

Phase 2: Core Services
------------------------------------------------------------
[00:03] ⏳ Checking Processors...
[00:03] ✓ Processors: Found 34 processors (≥ 15)
[00:03] ⏳ Checking Flow Classes...
[00:06] ⏳ Checking Flow Classes... (attempt 2)
[00:09] ⏳ Checking Flow Classes... (attempt 3)
[00:22] ⏳ Checking Flow Classes... (attempt 4)
[00:35] ⏳ Checking Flow Classes... (attempt 5)
[00:38] ⏳ Checking Flow Classes... (attempt 6)
[00:38] ✓ Flow Classes: Found 9 flow class(es)
[00:38] ⏳ Checking Flows...
[00:38] ✓ Flows: Flow manager responding (1 flow(s))
[00:38] ⏳ Checking Prompts...
[00:38] ✓ Prompts: Found 16 prompt(s)

Phase 3: Data Services
------------------------------------------------------------
[00:38] ⏳ Checking Library...
[00:38] ✓ Library: Library responding (0 document(s))

Phase 4: User Interface
------------------------------------------------------------
[00:38] ⏳ Checking Workbench UI...
[00:38] ✓ Workbench UI: Workbench UI is responding

============================================================
Summary
============================================================
Checks passed: 8/8
Checks failed: 0/8
Total time: 00:38

✓ System is healthy!

The Checks failed line is the most interesting and is hopefully zero. If you are having issues, look at the troubleshooting section later.

If everything appears to be working, the following parts of the deployment guide are a whistle-stop tour through various parts of the system.

Test LLM access

Test that Azure AI integration is working by invoking the LLM through the gateway:

tg-invoke-llm 'Be helpful' 'What is 2 + 2?'

You should see output like:

2 + 2 = 4

This confirms that TrustGraph can successfully communicate with your chosen Azure AI service (AI Foundry or Cognitive Services).

Load sample documents

Load a small set of sample documents into the library for testing:

tg-load-sample-documents

This downloads documents from the internet and caches them locally. The download can take a little time to run.

Workbench

TrustGraph includes a web interface for document processing and Graph RAG.

Access the TrustGraph workbench at http://localhost:8888 (requires port-forwarding to be running).

You will see a login page. Select the API Key tab and enter the IAM bootstrap token retrieved earlier, then click Connect.

After logging in, you should see the Workflows page showing the available workflows. At the top right of the screen is a Workflows button which brings you back to this page from anywhere in the workbench.

The guide will return to the workbench to load a document.

Monitoring dashboard

Access Grafana monitoring at http://localhost:3000 (requires port-forwarding to be running).

Default credentials:

• Username: admin
• Password: admin

All TrustGraph components collect metrics using Prometheus and make these available using this Grafana workbench. The Grafana deployment is configured with 2 dashboards:

• Overview metrics dashboard: Shows processing metrics
• Logs dashboard: Shows collated TrustGraph container logs

For a newly launched system, the metrics won’t be particularly interesting yet.

Check the LLM is working

If the tg-invoke-llm command worked earlier, you can skip this section. Otherwise, this is a quick way to verify LLM access through the workbench while introducing the prompt management workflow.

From the Workflows page, select Prompt Management. This screen is where all the prompt templates live. You can edit existing templates and construct your own.

To run a simple test, find the question prompt in the list on the left and select it. The template is straightforward — just {{question}} — which means the question variable is fed directly to the LLM.

On the right-hand side, change the TEST box from {} to:

{"question": "What is 2 + 2?"}

Click Run. You should see the answer to your question appear below.

If you want to experiment with prompts, try adding “Please provide a detailed explanation” to the prompt template, click Save, and run the test again to see a different response.

If LLM interactions are not working, check the Grafana logs dashboard for errors in the text-completion service.

Working with a document

Load a document

Back on the Workflows page, select Document Ingestion. If the sample documents were loaded earlier, you should see 7 documents listed.

Find Echoes of the Void and select it. You should see document information including a description, tags, and upload date.

Click Submit for Processing. The submission wizard has three steps:

1. Select a flow — choose the default flow which already exists.

2. Select a collection — use the existing default collection.

3. Confirm — review the details and click Submit for Processing.

If submission is successful, the main screen should show the document’s processing pipeline — the document flowing through the selected flow into the storage backends.

This is a short document and should process quickly, depending on the LLM resource you are using.

There is also an + Add Document button in the top right which can be used to submit your own documents.

Look at knowledge graph

From the Workflows page, select Graph Explorer. This shows what’s in the knowledge graph with tools for viewing and searching.

The graph can be easier to see in 3D — click the 3D button above the graph view.

If you click a node, it will be highlighted along with its related edges. A side panel also appears showing node properties and highlighted links that allow you to navigate to related nodes.

On the top left is a Search button which opens a search dialog. You can enter text for a similarity search against nodes in the graph. Matching nodes are listed and can be selected, which adds them to the graph along with their neighbours.

There is also a Clear button which resets the graph back to an empty state.

Query with Graph RAG

From the Workflows page, select Graph RAG Query. This console is more than your average chatbot — it has full Explainable AI enabled. This helps to understand and diagnose retrieval, but is not intended as an end-user experience.

Enter a query such as “What was the cause of the Bronze Age Collapse?” and after a short while you should see a response.

There is a lot to see here if you are interested. The bottom right part of the screen shows the various explainability events, starting from the question:

• Grounding — where retrieval selects key concepts for discovery
• Exploration — where graph nodes are selected for analytics
• Focus — where the system decides on a core set of graph edges to resolve the question
• Synthesis — where this is processed to provide an answer

On the left-hand side you see the actual answer to the query. The Focus event may be of particular interest as you can trace graph edges all the way back to the source documents. For example, the graph edge (Systems Collapse Model → proposed by → Joseph Tainter) has a link to source below which, when followed, shows the original source text.

Troubleshooting

Deployment Issues

Pulumi deployment fails

Diagnosis:

Check the Pulumi error output for specific failure messages. Common issues include:

# View detailed error information
pulumi stack --show-urns
pulumi logs

Resolution:

• Authentication errors: Verify az login was successful and you have an active subscription
• Provider not registered: Ensure all required Azure resource providers are registered (see “Register Required Resource Providers” section)
• Quota limits: Check your Azure subscription hasn’t hit resource quotas (AKS clusters, VMs, cores)
• Permission issues: Ensure your account has Contributor or Owner role on the subscription
• Region capacity: Try a different Azure region if resources aren’t available

Pods stuck in Pending state

Diagnosis:

kubectl -n trustgraph get pods | grep Pending
kubectl -n trustgraph describe pod <pod-name>

Look for scheduling failures or resource constraints in the describe output.

Resolution:

• Insufficient resources: Increase node count or VM size in your Pulumi configuration
• PersistentVolume issues: Check PV/PVC status with kubectl -n trustgraph get pv,pvc
• Node issues: Check node status with kubectl get nodes
• Azure disk limits: Verify you haven’t exceeded disk attachment limits per VM

Azure AI integration not working

Diagnosis:

Test LLM connectivity:

tg-invoke-llm '' 'What is 2+2'

A timeout or error indicates AI service configuration issues. Check the text-completion pod logs:

kubectl -n trustgraph logs -l app=text-completion

Resolution:

• Verify the correct resources.yaml file is being used (.mls for AI Foundry, .cs for Cognitive Services)
• Check that AI services are properly deployed in Azure Portal
• Verify service principal has appropriate permissions for AI services
• Ensure API keys are correctly stored in Kubernetes secrets
• Review Pulumi outputs: pulumi stack output
• Check Azure AI Foundry or Cognitive Services quotas in Azure Portal

Port-forwarding connection issues

Diagnosis:

Port-forward commands fail or connections time out.

Resolution:

• Verify kubectl is configured: kubectl config current-context
• Check that the target service exists: kubectl -n trustgraph get svc
• Ensure no other process is using the port (e.g., port 8088, 8888, or 3000)
• Try restarting the port-forward with verbose logging: kubectl port-forward -v=6 ...
• Check AKS cluster status: az aks show --resource-group trustgraph-rg --name trustgraph-aks

Service Failure

Pods in CrashLoopBackOff

Diagnosis:

# Find crashing pods
kubectl -n trustgraph get pods | grep CrashLoopBackOff

# View logs from crashed container
kubectl -n trustgraph logs <pod-name> --previous

Resolution:

Check the logs to identify why the container is crashing. Common causes:

• Application errors (configuration issues)
• Missing dependencies (ensure all required services are running)
• Incorrect secrets or environment variables
• Resource limits too low
• Azure credentials not properly configured

Service not responding

Diagnosis:

Check service and pod status:

kubectl -n trustgraph get svc
kubectl -n trustgraph get pods
kubectl -n trustgraph logs <pod-name>

Resolution:

• Verify the pod is running and ready
• Check pod logs for errors
• Ensure port-forwarding is active for the service
• Use tg-verify-system-status to check overall system health
• Check AKS cluster health: az aks show --resource-group trustgraph-rg --name trustgraph-aks

Azure-Specific Issues

AKS cluster creation fails

Diagnosis:

Check Azure subscription and permissions:

az account show
az role assignment list --assignee YOUR_USER_ID

Resolution:

• Verify you have sufficient quota for AKS in your region
• Request quota increases via Azure Portal if needed
• Ensure your account has Microsoft.ContainerService/managedClusters/write permission
• Try a different Azure region if capacity is unavailable
• Check service health: Azure Status

Azure AI Foundry quota exceeded

Diagnosis:

Error messages about Azure AI quota or rate limits.

Resolution:

• Check AI service quotas in Azure Portal under “Quotas”
• Request quota increases if needed
• Switch to Cognitive Services (OpenAI) if AI Foundry quota is unavailable
• Implement rate limiting in your application
• Consider upgrading to a higher pricing tier

Key Vault access denied

Diagnosis:

Errors related to Azure Key Vault access when deploying or running services.

Resolution:

• Verify the service principal has appropriate Key Vault permissions
• Check Key Vault access policies in Azure Portal
• Ensure Key Vault firewall settings allow AKS access
• Review service principal role assignments: az role assignment list --assignee SERVICE_PRINCIPAL_ID

Shutting down

Clean shutdown

When you’re finished with your TrustGraph deployment, clean up all resources:

pulumi destroy

Pulumi will show you all the resources that will be deleted and ask for confirmation. Type yes to proceed.

The destruction process typically takes 10-15 minutes and removes:

• All TrustGraph Kubernetes resources
• The AKS cluster
• Node pools
• Azure AI services (AI Foundry or Cognitive Services)
• Service principal
• Key Vault
• Storage account
• Resource group (if created by Pulumi)

Cost Warning: Azure charges for running AKS clusters, VMs, AI services, and storage. Make sure to destroy your deployment when you’re not using it to avoid unnecessary costs. AKS charges include cluster management fees plus compute and storage costs.

Verify cleanup

After pulumi destroy completes, verify all resources are removed:

# Check Pulumi stack status
pulumi stack

# Verify no resources remain
pulumi stack --show-urns

# Check Azure for remaining resources
az aks list --output table
az group show --name trustgraph-rg

Delete the Pulumi stack

If you’re completely done with this deployment, you can remove the Pulumi stack:

pulumi stack rm dev

This removes the stack’s state but doesn’t affect any cloud resources (use pulumi destroy first).

Cost Optimization

Monitor Costs

Keep track of your Azure spending:

1. Navigate to Cost Management + Billing in Azure Portal
2. View cost analysis and breakdown by resource
3. Set up budget alerts

Cost-Saving Tips

• Spot VMs: Use Azure Spot VMs for non-production workloads (up to 90% cheaper)
• Reserved Instances: Purchase 1 or 3-year reserved instances for production (up to 72% savings)
• Autoscaling: Configure cluster autoscaler to scale down during idle periods
• Dev/Test pricing: Use Azure Dev/Test subscription for development environments
• Shut down non-production: Stop dev/test clusters when not in use
• Right-size VMs: Choose appropriate VM sizes based on actual usage

Example cost estimates (East US):

• AKS management: Free (only pay for VMs)
• 2 x Standard_D2s_v3 nodes: ~$140/month
• Azure AI Foundry: Pay per use (varies by model and requests)
• Cognitive Services: Pay per use (varies by model and requests)
• Storage & Key Vault: ~$10-20/month
• Total estimated: ~$150-200/month for basic deployment (plus AI usage)

Switching Between AI Models

You can switch between Azure AI Foundry and Cognitive Services:

1. Copy the desired configuration:

   # For AI Foundry (Phi-4)
   cp resources.yaml.mls resources.yaml
   
   # For Cognitive Services (OpenAI)
   cp resources.yaml.cs resources.yaml
   

2. Update Pulumi configuration:

   # Update the stack config based on your choice
   pulumi config set aiEndpointModel "azureml://registries/azureml/models/Phi-4"
   # OR
   pulumi config set openaiModel gpt-4o-mini
   

3. Re-deploy:

   pulumi up
   

Next Steps

Now that you have TrustGraph running on Azure:

• Guides: See Guides for things you can do with your running TrustGraph
• Scale the cluster: Configure AKS autoscaling or increase node pool size
• Production hardening: Set up Azure Front Door, Application Gateway, and private AKS cluster
• Integrate Azure services: Connect to Azure Storage, Azure SQL, or Cosmos DB
• CI/CD: Set up Azure DevOps or GitHub Actions for automated deployments
• Monitoring: Integrate with Azure Monitor and Application Insights
• Multi-region: Deploy across multiple Azure regions for high availability
• Azure AD integration: Configure authentication with Azure Active Directory
• Advanced AI: Explore Azure OpenAI fine-tuning or custom models

Additional Resources

• TrustGraph Azure Pulumi Repository - Full source code and configuration
• AKS Best Practices - Microsoft’s recommendations
• Azure AI Foundry Documentation - Learn more about Azure’s AI platform
• Azure Free Account - Information about free credits and services