Deploy on Azure AKS
This guide covers deploying the Hiya Voice Verification engine on Azure Kubernetes Service (AKS). It builds on the generic Kubernetes guide with AKS-specific configuration.
Prerequisites
- An AKS cluster (v1.24+) with
kubectlconfigured - Container image pulled and authenticated — see Getting the Container Image
- Runtime configuration values for
API_KEY,ORG_HANDLE,PLATFORM_REGION, andMIN_ALLOCATION - Azure CLI (
az) installed
Recommended VM Series
We recommend Intel Emerald Rapids-based VMs for optimal performance. The following Azure v6 VM series run on Intel Xeon Platinum 8573C (Emerald Rapids) at 3.0 GHz all-core turbo:
| VM Series | Category | Notes |
|---|---|---|
| Dsv6 / Ddsv6 | General-purpose | High vCPU counts available |
| Dlsv6 / Dldsv6 | General-purpose (low memory) | High vCPU counts available |
| Esv6 / Edsv6 | Memory-optimized | Memory-optimized series with large RAM capacity |
| Ebsv6 / Ebdsv6 | Memory-optimized (storage bandwidth) | Memory-optimized with high storage bandwidth |
| FXmsv2 / FXmdsv2 | Compute-optimized | 4.0 GHz all-core turbo |
| Lsv4 | Storage-optimized | High-throughput local NVMe |
Azure also offers AMD-based v6 families (e.g., Dasv6, Easv6). These are supported but Intel Emerald Rapids is recommended for best performance.
Ensure your node pool VMs have sufficient RAM per pod to hold the engine and ML models in memory. Contact Hiya for sizing guidance.
Step 1 — Create Secrets
Create the image pull secret and runtime configuration secret:
kubectl create secret docker-registry hiya-registry \
--docker-server=europe-docker.pkg.dev \
--docker-username=_json_key \
--docker-password="$(cat key.json)"
kubectl create secret generic hiya-engine-config \
--from-literal=api-key=<your-api-key> \
--from-literal=org-handle=<your-org-handle> \
--from-literal=platform-region=<eu-or-us> \
--from-literal=min-allocation=1m
Alternative — Azure Container Registry Mirror
If you prefer to mirror the image in your own Azure Container Registry:
# Import directly from Google Artifact Registry
az acr import \
--name <your-acr-name> \
--source europe-docker.pkg.dev/loccus-platform/onpremise-images/hiya-voice-verification:<version> \
--image hiya/hiya-voice-verification:<version> \
--username _json_key \
--password "$(cat key.json)"
Then reference <your-acr-name>.azurecr.io/hiya/hiya-voice-verification:<version> in your deployment manifest and attach the ACR to your AKS cluster:
az aks update \
--name <your-aks-cluster> \
--resource-group <your-resource-group> \
--attach-acr <your-acr-name>
Step 2 — Deploy
Apply the Deployment and Service manifests from the Kubernetes guide. No AKS-specific changes are needed.
Step 3 — Expose via Internal Load Balancer (Optional)
For clients outside the cluster, use an Azure internal load balancer:
# hiya-ilb-service.yaml
apiVersion: v1
kind: Service
metadata:
name: hiya-voice-verification-ilb
annotations:
service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
type: LoadBalancer
selector:
app: hiya-voice-verification
ports:
- name: health
protocol: TCP
port: 8080
targetPort: 8080
- name: ws
protocol: TCP
port: 8081
targetPort: 8081
Network Configuration
Ensure the following outbound access from your AKS cluster:
| Destination | Port | Protocol | Purpose |
|---|---|---|---|
europe-docker.pkg.dev | 443 | HTTPS | Image pulls |
api.hiya.com | 443 | HTTPS | License verification and billing |
For private AKS clusters, ensure your Azure Firewall or NSG rules allow outbound HTTPS to these destinations.
Scaling
Use the Horizontal Pod Autoscaler for automatic scaling:
kubectl autoscale deployment hiya-voice-verification \
--cpu-percent=50 \
--min=1 \
--max=10
For node-level scaling, enable the AKS cluster autoscaler on your node pool:
az aks nodepool update \
--resource-group <your-resource-group> \
--cluster-name <your-aks-cluster> \
--name <your-nodepool> \
--enable-cluster-autoscaler \
--min-count 1 \
--max-count 5