Scrydon
DeploymentLocation

Azure Marketplace

Deploy Scrydon on AKS via the Azure Marketplace

If your organization uses Azure Kubernetes Service (AKS), you can deploy Scrydon directly from the Azure Marketplace. The deployment uses a CNAB-packaged Cluster Extension — no Helm CLI or registry credentials required.

Prerequisites

Before deploying from the Marketplace:

  • AKS cluster running Kubernetes 1.28+
  • Azure Application Gateway Ingress Controller (AGIC) add-on enabled on the cluster
  • cert-manager installed for automatic TLS certificate provisioning
  • DNS access to create A or CNAME records for your domain

Step 1: Deploy from the Azure Portal

  1. Find Scrydon in the Azure Marketplace
  2. Click Deploy and fill in the wizard:
    • AKS Cluster — select your target cluster
    • Base Domain — e.g., app.example.com (subpath routing — one DNS record covers every Scrydon app)
    • TLS — enable for automatic HTTPS certificates
    • Analytics — optionally enable the analytics module
    • Database Password — for the bundled PostgreSQL instance
    • Auth Secret — session signing key (use a strong random value)
  3. Click Create to start the deployment

The deployment creates all Scrydon services in the scrydon-platform namespace. The Marketplace package bundles every Scrydon image into Microsoft Container Registry (MCR), so AKS pulls images without needing your ACR token.

Third-party data plane on Azure: the chart auto-disables the bundled StarRocks and SeaweedFS in Azure mode (their upstream third-party images are not re-tagged into MCR by the CPA tool). For data-plane equivalents on Azure:

  • Object storage — configure Azure Blob via the S3-compatible API under https://app.<domain>/settings/platform/storage after install.
  • Managed Tables (StarRocks) — either set apiTable.enabled: false to disable Tables, or point apiTable.starrocks.host at a customer-managed StarRocks (e.g., the starrocks-kubernetes-operator deployed in a separate namespace, or a managed StarRocks instance).

Step 2: Configure DNS

The default Marketplace install uses subpath routing — one DNS record covers every Scrydon app at path prefixes (/cortex, /agentic, /analytics, …). Create one A or CNAME pointing to the Application Gateway public IP:

HostnameTypeRoutes
app.<domain>A or CNAME/cortex, /agentic, /analytics, /platform, /api/auth, /api/ontology, /api/table, /agentic/realtime, /marimo

(If you instead chose subdomain routing in the wizard, create one A or CNAME per app — cortex.<domain>, agentic.<domain>, etc.)

To find the Application Gateway IP:

az network application-gateway show \
  --resource-group <your-rg> \
  --name <your-appgw> \
  --query "frontendIPConfigurations[0].publicIPAddress.id" -o tsv | \
  xargs az network public-ip show --ids --query "ipAddress" -o tsv

Step 3: Complete Setup

Once all pods are running and DNS has propagated, navigate to:

https://app.<your-domain>/platform/setup

(Or https://app.<your-domain>/setup if you mounted platform at the root.)

The setup wizard guides you through five steps:

  1. License — paste or drop your { jwt, publicKey } license bundle JSON
  2. Admin account — create the first administrator (email + password)
  3. Organization — name your root tenant
  4. Email — configure email delivery (Resend / SMTP / skip)
  5. Complete — redirected to the platform home

See Helm → Run the setup wizard for the bundle format and what the wizard does at each step.

All options

The Marketplace wizard exposes the common settings (domain, TLS, analytics, database password, auth secret). The deployment runs the same Helm chart underneath, so every value it supports — routing modes, BYO database, scheduling, and the rest — is documented in the Helm reference. If you need an override the wizard does not surface, deploy via Helm on AKS instead, where you control the full values.customer.yaml.

Upgrades

Azure Marketplace deployments support automatic minor version upgrades via the AKS Cluster Extension. Major version upgrades are published as new Marketplace versions — the Azure Portal notifies you when updates are available.

Troubleshooting

Pods stuck in ImagePullBackOff

The Cluster Extension bundles all container images. If pods can't pull:

  • Verify the extension installed successfully: az k8s-extension show --name scrydon --cluster-name <aks> --resource-group <rg> --cluster-type managedClusters
  • Check for network policies blocking Microsoft Container Registry (MCR)

TLS certificates not provisioning

  • Verify cert-manager is installed: kubectl get pods -n cert-manager
  • Check certificate status: kubectl get certificates -n scrydon-platform

Setup wizard unreachable

  • Verify DNS records resolve: nslookup platform.<domain>
  • Check pod status: kubectl get pods -n scrydon-platform
  • Verify AGIC is healthy: kubectl get pods -n kube-system -l app=ingress-appgw
On this page

On this page

PrerequisitesStep 1: Deploy from the Azure PortalStep 2: Configure DNSStep 3: Complete SetupAll optionsUpgradesTroubleshootingPods stuck in ImagePullBackOffTLS certificates not provisioningSetup wizard unreachable
Edit on GitHubCreate documentation issue