doc: Add Azure kubernetes section

doc/content/the-things-stack/host/kubernetes/azure/_index.md

@@ -0,0 +1,11 @@
+---
+title: "Azure"
+description: ""
+weight: 1
+---
+
+{{% tts %}} can be deployed to Azure as a set of highly available services on Azure Kubernetes Service using Terraform and Helm.
+
+This guide gives an overview of the architecture and shows how to deploy your own highly available {{% tts %}} cluster.
+
+<!--more-->

doc/content/the-things-stack/host/kubernetes/azure/configuration/_index.md

@@ -0,0 +1,76 @@
+---
+title: "Configuration"
+description: ""
+weight: 2
+aliases: [/getting-started/kubernetes/azure/configuration]
+---
+
+{{% tts %}} requires a few configuration files to be prepared. In this step, we create them and store them for further use.
+
+<!--more-->
+
+## Terraform Backend
+
+Create a `config.azurerm.tfbackend` file and put it in `1-infrastructure`, `2-kubernetes` and one of the chosen DNS provider templates directories. We recommend `azure-dns` provider for this deployment.
+
+```
+storage_account_name = <storage_account_name>
+container_name       = <storage_container_name>
+key                  = <terraform_state_file>
+use_azuread_auth     = true
+```
+
+## Deployment Configuration
+
+Create a `deployment.auto.tfvars.json` file in `1-infrastructure` directory.
+
+The following contains only the minimum mandatory fields for this configuration file. For a full list of possible values check the `variables.tf` file in this directory.
+
+```
+{
+    "azure_ad_admin_group_object_id": # Object ID of the AKS admin group.
+    "deployment_name":                # Name of the deployment.
+    "environment":                    # 'prod', 'staging' or 'dev'.
+    "cluster":                        # Cluster identifier for multi-cluster deployments.
+    "location":                       # Azure location
+    "resource_group": {
+        "create":                     # If set to `true` a new Resource Group will be created on deployment.
+                                      # Otherwise a Resource Group is going to be imported based on "name" parameter.
+        "name":                       # Optional custom Azure Resource Group name. Mandatory when "create" is set to `false`.
+    },
+    "domain": {
+        "name":                       # Domain where The Things Stack is available.
+        "dns_zone":                   # Azure DNS zone.
+    }
+}
+```
+
+## ACME Configuration
+
+Create an `acme.auto.tfvars.json` file in the DNS templates directory.
+
+It is only required to set the `acme_email` field.
+
+```
+{
+    "acme_email":   # ACME email that will receive notifications about expiring Certificates.
+}
+```
+
+## The Things Stack Values
+
+Create a `tts.values.yaml` file in the `2-kubernetes` templates directory.
+
+The following contains only the minimum mandatory fields for this values file. For a full list of possible values check the `values.yaml` file of {{% tts %}} Helm chart.
+
+```yaml
+license:
+  key:               # TTS license key
+global:
+  deployment:
+    initialTenant:
+      tenantID:      # Initial tenant ID
+      adminEmail:    # Admin email
+      adminUserID:   # Admin ID
+      adminPassword: # Admin password
+```

doc/content/the-things-stack/host/kubernetes/azure/deployment/_index.md

@@ -0,0 +1,148 @@
+---
+title: "Deployment"
+description: ""
+weight: 3
+---
+
+This page describes the steps for deploying {{% tts %}} on Azure Kubernetes Service.
+
+<!--more-->
+
+## Azure Infrastructure
+
+Start with the `1-infrastructure` templates that create the foundation for your deployment.
+
+If you haven't done this before create a Terraform backend configuration file `config.azurerm.tfbackend`. You can read more about it in the [**Configuration**]({{< ref "/the-things-stack/host/kubernetes/azure/configuration#terraform-backend" >}}) section.
+
+Initialize the Terraform state.
+
+```bash
+$ make init
+```
+
+Plan the deployment and verify everything is going to be set up correctly.
+
+```bash
+$ make plan
+```
+
+Now apply the template.
+
+```bash
+$ make apply
+```
+
+Get the `kubeconfig` next.
+
+```bash
+# Set KUBECONFIG if you don't want to override the default kubeconfig.
+$ export KUBECONFIG='local.kubeconfig'
+
+# Set KUBE_CONFIG_PATH to the location of the kubeconfig.
+# If you didn't set the KUBECONFIG variable use '~/.kube/config' instead.
+# Ref https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs#file-config
+$ export KUBE_CONFIG_PATH="$(pwd)/${KUBECONFIG}"
+
+$ az aks get-credentials --resource-group $(terraform output -raw resource_group_name) --name $(terraform output -raw aks_cluster_name)
+```
+
+{{< warning >}}
+If `var.allow_cluster_admin_access` is disabled, then `kubelogin` must be installed.
+{{</ warning >}}
+
+Follow the promp to authenticate the `kubectl`.
+
+```bash
+$ kubectl get pods
+To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code xxxxxx to authenticate.
+```
+
+Export the DNS values used for [**DNS Infrastructure**]({{< relref "#dns-infrastructure" >}}). Use the provider chosen during the [**Configuration**]({{< ref "/the-things-stack/host/kubernetes/azure/configuration#acme-configuration" >}}).
+
+```bash
+$ DNS_PROVIDER='<provider>'
+$ make dns.values | jq > "$(git rev-parse --show-toplevel)/dns/${DNS_PROVIDER}/dns.auto.tfvars.json"
+```
+
+Export the Infrastructural values used for [**Kubernetes Templates**]({{< relref "#kubernetes-templates" >}}).
+
+```bash
+$ make infra.values | jq > '../2-kubernetes/infra.auto.tfvars.json'
+```
+
+## DNS Infrastructure
+
+Now we need to set up the DNS infrastructure. Head over to the directory of the provider you chose during the last steps of the [**Azure Infrastructure**]({{< relref "#azure-infrastructure" >}}) section.
+
+If you haven't done this before create a Terraform backend configuration file `config.azurerm.tfbackend`. You can read more about it in the section ... .
+
+Initialize the Terraform state.
+
+{{< note >}}
+`KUBE_CONFIG_PATH` should point to your `kubeconfig`.
+
+```bash
+# Example
+$ export KUBE_CONFIG_PATH='~/.kube/config'
+```
+
+{{</ note >}}
+
+```bash
+$ make init
+```
+
+Plan the deployment and verify everything is going to be set up correctly.
+
+```bash
+$ make plan
+```
+
+Now apply the template.
+
+```bash
+$ make apply
+```
+
+Verify the certificate is in ready state. This may take a couple of minutes after the deployment for the certificate to reach a ready state.
+
+```bash
+$ kubectl -n tts get cert
+```
+
+In case the certificate won't reach a ready state head over to [Troubleshooting Problems with ACME / Let's Encrypt Certificates](https://cert-manager.io/docs/troubleshooting/acme/).
+
+## Kubernetes Templates
+
+Head over to the `2-kubernetes` directory next.
+
+If you haven't done this before create a Terraform backend configuration file `config.azurerm.tfbackend`. You can read more about it in the section ... .
+
+Initialize the Terraform state.
+
+```bash
+$ make init
+```
+
+Plan the deployment and verify everything is going to be set up correctly.
+
+{{< note >}}
+`KUBE_CONFIG_PATH` should point to your `kubeconfig`.
+
+```bash
+# Example
+$ export KUBE_CONFIG_PATH='~/.kube/config'
+```
+{{</ note >}}
+
+```bash
+$ make plan
+```
+
+Now apply the template.
+
+```bash
+$ make apply
+```
+
+Once all the targets are healthy and if the configuration was correct, The Things Stack console will be accessible at `https://<tenantID>.<domain>`.

doc/content/the-things-stack/host/kubernetes/azure/prerequisites/_index.md

@@ -0,0 +1,31 @@
+---
+title: "Prerequisites"
+description: ""
+weight: 1
+aliases: [/getting-started/kubernetes/azure/prerequisites]
+---
+
+The following are required for {{% tts %}} on Azure Kubernetes Service.
+
+<!--more-->
+
+# Tools
+
+1. [Terraform](https://www.terraform.io/)
+2. [`kubectl`](https://kubernetes.io/docs/reference/kubectl/)
+3. [Helm version 3](https://helm.sh/docs/intro/). Check the version of Helm installed using `helm version`. Helm v3.8 or above is required.
+
+## License
+
+The Things Stack requires a license key to run. Please [contact our sales team](mailto:[email protected]) for your license key.
+
+## (Optional) Packet Broker Access
+
+The Things Stack contains the Packet Broker Agent component that can communicate with [Packet Broker](https://packetbroker.net/).
+
+Packet Broker is disabled by default in the Helm charts. When enabled, it can operate either only a Forwarder or as both a Forwarder and a Home Network. Check the [The Things Stack Documentation](https://www.thethingsindustries.com/docs/the-things-stack/packet-broker/) for more details.
+
+- If the cluster acts simply as a forwarder that forwards traffic to Packet Broker, then all that is needed are access credentials.
+- If the cluster also needs to work as a Packer Broker Home Network, in addition to the access credentials, the cluster either needs a NetID from the LoRa Alliance or The Things Industries can lease a DevAddr Block.
+
+Please [contact our sales team](mailto:[email protected]) for access credentials and a Device Address Block (if necessary).

doc/content/the-things-stack/host/kubernetes/azure/troubleshooting/_index.md

@@ -0,0 +1,8 @@
+---
+title: "Troubleshooting"
+description: ""
+weight: 9
+aliases: [/getting-started/kubernetes/azure/troubleshooting]
+---
+
+This guide contains general troubleshooting information.

doc/content/the-things-stack/host/kubernetes/self-managed/_index.md

@@ -0,0 +1,9 @@
+---
+title: "Self Managed"
+description: ""
+weight: 2
+---
+
+This guide is meant for people who want to deploy {{% tts %}} on Kubernetes with self-hosted infrastructure. It gives an overview of the Helm charts and the steps required to deploy them.
+
+<!--more-->

doc/content/the-things-stack/host/kubernetes/configuration/_index.md → doc/content/the-things-stack/host/kubernetes/self-managed/configuration/_index.md

@@ -7,6 +7,8 @@ aliases: [/getting-started/kubernetes/configuration]
 
 {{% tts %}} Helm chart is configured using `yaml` files. This guide assumes that these fields are saved in a `<deployment>.values.yaml` file and used for deployment/updates.
 
+<!--more-->
+
 The following is a list of mandatory minimum fields. For a full list of possible values, check the `values.yaml` file at the root of the {{% tts %}} Helm chart.
 
 {{< warning >}} Some values in this file are secrets. Make sure to check this file into a secure repository.{{</ warning >}}
@@ -28,6 +30,7 @@ global:
       region: # region
     azure: # Set only if provider is "azure".
       accountName: # account name
+      clientID: # client ID
     gcp: # Set only if provider is "gcp".
       # Base64 encoded GCP credentials.json file.
       # One option is to run `$ cat <credentials>.json | base64`.

doc/content/the-things-stack/host/kubernetes/install-charts/_index.md → doc/content/the-things-stack/host/kubernetes/self-managed/install-charts/_index.md

@@ -9,6 +9,8 @@ aliases: [/getting-started/kubernetes/install-charts]
 
 Use the following steps to install the chart.
 
+<!--more-->
+
 1. Login to the registry. This step can be skipped if you've already logged in via Docker Client.
 
 ```bash

doc/content/the-things-stack/host/kubernetes/monitoring/_index.md → doc/content/the-things-stack/host/kubernetes/self-managed/monitoring/_index.md

@@ -7,6 +7,8 @@ aliases: [/getting-started/kubernetes/monitoring]
 
 {{% tts %}} exposes Prometheus metrics at the `/metrics` endpoint. This route is protected by Basic Auth with username `metrics` and password `global.http.metrics.password`.
 
+<!--more-->
+
 To scrape these metrics, you can install Prometheus in the cluster. The installation details are outside the scope of this document.
 
 The following scrape config can be used to scrape metrics from each of the components of The Things Stack.