Deploy on Azure AKS
This guide covers deploying the Hiya Voice Verification engine on Azure Kubernetes Service (AKS). It builds on the generic Kubernetes guide with AKS-specific configuration.
Prerequisites
- An AKS cluster (v1.24+) with
kubectlconfigured - Container image pulled and authenticated — see Getting the Container Image
- A valid
API_KEYfrom your Hiya account team - Azure CLI (
az) installed
Recommended VM Series
We recommend Intel Emerald Rapids-based VMs for optimal performance. The following Azure v6 VM series run on Intel Xeon Platinum 8573C (Emerald Rapids) at 3.0 GHz all-core turbo:
| VM Series | Category | Notes |
|---|---|---|
| Dsv6 / Ddsv6 | General-purpose | Up to 192 vCPUs |
| Dlsv6 / Dldsv6 | General-purpose (low memory) | Up to 128 vCPUs |
| Esv6 / Edsv6 | Memory-optimized | Up to 192 vCPUs, up to 1,832 GiB RAM |
| Ebsv6 / Ebdsv6 | Memory-optimized (storage bandwidth) | Up to 192 vCPUs |
| FXmsv2 / FXmdsv2 | Compute-optimized | 4.0 GHz all-core turbo |
| Lsv4 | Storage-optimized | High-throughput local NVMe |
Azure also offers AMD-based v6 families (e.g., Dasv6, Easv6). These are supported but Intel Emerald Rapids is recommended for best performance.
Ensure your node pool VMs have at least 8 GB of available RAM per pod.
Step 1 — Create Secrets
Create the image pull secret and API key secret:
kubectl create secret docker-registry hiya-registry \
--docker-server=europe-docker.pkg.dev \
--docker-username=_json_key \
--docker-password="$(cat key.json)"
kubectl create secret generic hiya-engine-config \
--from-literal=api-key=<your-api-key>
Alternative — Azure Container Registry Mirror
If you prefer to mirror the image in your own Azure Container Registry:
# Import directly from Google Artifact Registry
az acr import \
--name <your-acr-name> \
--source europe-docker.pkg.dev/loccus-platform/onpremise-images/engine-api-standalone:<version> \
--image hiya/engine-api-standalone:<version> \
--username _json_key \
--password "$(cat key.json)"
Then reference <your-acr-name>.azurecr.io/hiya/engine-api-standalone:<version> in your deployment manifest and attach the ACR to your AKS cluster:
az aks update \
--name <your-aks-cluster> \
--resource-group <your-resource-group> \
--attach-acr <your-acr-name>
Step 2 — Deploy
Apply the Deployment and Service manifests from the Kubernetes guide. No AKS-specific changes are needed.
Step 3 — Expose via Internal Load Balancer (Optional)
For clients outside the cluster, use an Azure internal load balancer:
# hiya-ilb-service.yaml
apiVersion: v1
kind: Service
metadata:
name: hiya-voice-verification-ilb
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
type: LoadBalancer
selector:
app: hiya-voice-verification
ports:
- name: grpc
protocol: TCP
port: 8080
targetPort: 8080
- name: ws
protocol: TCP
port: 8081
targetPort: 8081
Network Configuration
Ensure the following outbound access from your AKS cluster:
| Destination | Port | Protocol | Purpose |
|---|---|---|---|
europe-docker.pkg.dev | 443 | HTTPS | Image pulls |
api.hiya.com | 443 | HTTPS | License verification and billing |
For private AKS clusters, ensure your Azure Firewall or NSG rules allow outbound HTTPS to these destinations.
Scaling
Use the Horizontal Pod Autoscaler for automatic scaling:
kubectl autoscale deployment hiya-voice-verification \
--cpu-percent=50 \
--min=1 \
--max=10
For node-level scaling, enable the AKS cluster autoscaler on your node pool:
az aks nodepool update \
--resource-group <your-resource-group> \
--cluster-name <your-aks-cluster> \
--name <your-nodepool> \
--enable-cluster-autoscaler \
--min-count 1 \
--max-count 5