Setting up the WorkZone container infrastructure

Prerequisite: You must have a running Kubernetes platform. The steps vary depending on the platform you use. Please refer to the platform-specific guides for platform details (for example, Running WorkZone on Azure).

To run WorkZone, you need to run both Windows and Linux node pools. See Sizing guidelines for nodes for details on how to size the node pools and the platform-specific guides for details on the individual platform. Once the node pools are ready, you can deploy WorkZone in the Kubernetes instance.

To prepare deployment of WorkZone, you must connect to the WorkZone container registry. You can read more about the container registry, how to get access, and how to use the registry for deploying WorkZone in the following sections.

WorkZone Container Registry (kmdworkzone.azurecr.io)
Accessing the container registry

Individual login
Headless access

Using the container registry
Installation using werf and Helm
Installation using werf and Helm
Establish user synchronization. See Enroll WorkZone - Cloud Edition in Azure and set up SCIM provisioning.

WorkZone Container Registry (kmdworkzone.azurecr.io)

You can find the WorkZone container registry on kmdworkzone.azurecr.io. The container registry is a private registry that uses Azure Container Registry.

Name: kmdworkzone

Loginserver: kmdworkzone.azurecr.io

The container registry contains all containers required for deploying WorkZone and the relevant Helm chart(s) for deploying WorkZone in a Kubernetes cluster.

Note: Customers or partners that already host, or wish to host,WorkZone in a private cloud, must take a certification on managing WorkZone before they can access the WorkZone container registry.

Accessing the container registry

Before you can access the registry, you need to request access. Please contact your KMD WorkZone contact to get a Azure Entra ID user name that you will use for access.

Two access models are supported:

Individual login
Headless using a service principal between tenants

Note: It is required that you have a WorkZone Hosting certification before you can be granted access to the WorkZone Container Registry.

KMD will make you a guest on the Azure tenant for the kmdworkzone Azure container Registry that allows you to access the tenant. You will need to accept an invite from the Azure tenant called cloudrunners.

When the access is accepted, KMD will ensure that proper access is granted to the user to be able to access and do pull requests.

Individual login

Once you have access to the kmdworkzone Azure container registry, you can get access to the registry for individual login. You can access the container registry directly from the Azure CLI. Please see the Microsoft article Individual login with Microsoft Entra ID for instructions.

Parameter	Description
Login	The user name you requested access for.
acrName	kmdworkzone.azurecr.io

Headless access

Headless access to the container registry differs depending on the platform, please refer to the platform specific guides for more information on the headless access.

See XXX for Azure Specific