Skip to main content

Overview

Use this guide to provision baseline Azure infrastructure for CrewAI Platform with Terraform, then continue with Helm installation.
Request the Terraform files from the CrewAI Factory Engineering team before following this guide.
This flow aligns with the Azure Terraform example in the installer and covers:
  • AKS cluster
  • Azure Database for PostgreSQL Flexible Server
  • Azure Storage for platform data and logs
  • Azure Container Registry for crew image builds
  • Application Gateway integration for ingress

Prerequisites

  • Terraform >= 1.13.4
  • Azure CLI installed and authenticated
  • kubectl and Helm installed
  • Azure subscription permissions to create compute, network, database, storage, registry, and identity resources
  • Sufficient regional quotas for AKS and networking components

Step 1: Authenticate and Select Subscription

az login
az account set --subscription "YOUR_SUBSCRIPTION_ID"
az account show

Step 2: Configure Terraform State

From your crewai-installer checkout, open terraform/examples/azure/main.tf. The example uses an Azure Storage backend for remote state: 
backend "azurerm" {
  storage_account_name = "YOUR-UNIQUE-STATE-STORAGE-NAME"
  container_name       = "tfstate"
  key                  = "crewai/terraform.tfstate"
  use_azuread_auth     = true
  use_cli              = true
}
  • Create state storage before running terraform init.
  • For temporary testing only, you can comment out the backend block and use local state.

Step 3: Configure Variables

cd terraform/examples/azure
cp terraform.tfvars.example terraform.tfvars
Update at least:
  • resource_group_name
  • location
  • db_server_name (globally unique)
  • data_storage_account_name (globally unique, lowercase alphanumeric)
  • logs_storage_account_name (globally unique, lowercase alphanumeric)
The example also auto-detects the Terraform runner public IP and includes it in AKS authorized IP ranges.

Step 4: Apply Infrastructure

terraform init
terraform plan
terraform apply
After apply, configure kubectl using Terraform output: 
terraform output configure_kubectl_command

Step 5: Map Terraform Outputs to Helm Values

Use Terraform outputs to populate your my-values.yaml:
  • database_server_fqdn -> envVars.DB_HOST
  • registry_login_server -> envVars.CREW_IMAGE_REGISTRY_OVERRIDE
  • data_storage_account_name -> envVars.AZURE_STORAGE_ACCOUNT_NAME
You will also need a valid storage access key value for secrets.AZURE_STORAGE_ACCESS_KEY. Continue with the Installation Guide.

Step 6: Destroy Safely (When Needed)

Before terraform destroy, delete Kubernetes Ingress resources managed through AGIC/Application Gateway integration. If Ingress resources remain, destroy can fail or hang due to remaining gateway dependencies.

Troubleshooting Notes

  • If deployment fails with quota errors, request increases before retrying.
  • If kubectl cannot reach the AKS API server, verify your source IP is authorized.
  • If image pushes fail, validate envVars.CREW_IMAGE_REGISTRY_OVERRIDE points to a writable ACR registry path.

Next Steps