Azimuth All Alone: Standalone Mode

For optimal reading, please switch to desktop mode.

Raine is a 2025 summer intern, returning next summer. This blog post presents her primary internship project.

Since its creation, OpenStack has been the core dependency of StackHPC's Azimuth self-service portal. While this allows us to offer a wide range of platforms using OpenStack as an infrastructure provider, such as Linux workstation VMs or Cluster API Kubernetes clusters, it does limit who can deploy Azimuth, and poses high barriers to entry if an organisation does not have an existing OpenStack deployment. This is an issue as we have received consistent interest in Azimuth from organisations without OpenStack deployments for its features for self-servicing Kubernetes applications, such as Kubeflow and containerised Jupyter notebooks, without the need to provide users access to the underlying cluster.

So what changed?

Thanks to new developments such as support for OIDC user authentication and the integration of infrastructure-as-code tools Crossplane and Flux for cluster management, it has now become possible to change this and begin the process of opening up options for Azimuth through removing the hard requirement for it to be hosted on OpenStack.

OIDC support decouples Azimuth's platform admin authentication from OpenStack, allowing Azimuth tenancies to be created independently of OpenStack tenancies. This means that Azimuth's authentication now has the potential to be used for arbitrary backends, which has been taken advantage of to add support for creating Kubernetes-only tenancies for deploying Kubernetes apps. For the existing OpenStack-based tenancies, authentication being decoupled from OpenStack also means that users can be onboarded onto Azimuth and create OpenStack-backed platforms without them requiring access to the underlying cloud. Crossplane is used to manage the Keycloak configuration required to support these tenancies as code. FluxCD is then used to provide continuous deployment for these tenancies (as well as templates for Kubernetes apps available in the tenancies) to simplify and streamline management through GitOps. For the new Standalone mode, we have recommended providing authentication to one of the new Kubernetes-only tenancies, implemented as Keycloak realms, using Keycloak's supported social providers to provide SSO through external OIDC providers. This preserves the lack of need for credential management which was previously gained by delegating authentication to OpenStack.

This project started out aimed at the large organisations with existing, highly-available production Kubernetes clusters. However as development continued it became clear this project is a game changer for developers and enthusiasts. As well as being able to deploy Azimuth in any existing cluster using just a few commands and virtually no setup, new playbooks have been added to install prerequisites and deploy Azimuth onto any Ubuntu system. Organisations and developers can now create an Ubuntu VM and have a single command deploy Azimuth into a fungible environment without requiring this be done through OpenStack infrastructure.

Most of this work was configuration, going through every stage of deploying Azimuth and figuring out where dependencies were, and how they could be isolated. Removing such a fundamental assumption caused a lot of things to break, some of which could be easily disabled but others required modifying the deployment playbooks to add overrides and make them more modular. Given this project is useful for non-prod development or testing clusters, more options have also been added for disabling production features such as monitoring to lighten the load on smaller hardware or VMs.

Further development

Currently, Standalone mode only supports Kubernetes apps as Azimuth uses OpenStack as a backend for its CaaS/Slurm/Workstation apps. However, this is still a useful subset of apps, and enough to test the Azimuth concept and deploy useful services for users. We are also hoping to investigate an alternatives to some of the OpenStack backed deployment stacks. Azimuth's Cluster-as-a-Service (CaaS) operator currently uses Terraform exclusivley to provision OpenStack platforms, but could potentially be expanded to support using a Kubernetes modules to provision VMs Kubevirt, a stack that has been gaining popularity recently.

Our hope is that these updates make Azimuth more accessible than ever before, providing a springboard for bringing in new users, developers, and ideas. We hope this will give opportunities to broaden the feature set of the platform, while also adding new flexibility and features to existing users as these changes make their way downstream.

Try it out

Documentation for deploying Azimuth in standalone mode on your VM or Kubernetes cluster is available here.

Get in touch

If you would like to get in touch we would love to hear from you. Reach out to us via BlueSky, LinkedIn or directly via our contact page.