User's Guide: Run the Workflow - Web Interface - ACI Applications

1.0 Introduction

This article describes how to execute an ACI application in a Workflow using the Workflow RUN button that allows users to start the application job and monitor it.

2.0 Execute the ACI Application using Azure Service Principal

2.1 Prerequisites

Ensure that the Compute Clusters are configured in Fortanix Confidential Computing Manager. A compute cluster is a set of nodes that run containerized applications. Compute clusters are used to run Fortanix Confidential Computing Manager workflows. For more information on how to configure a compute cluster in Fortanix CCM and access the cluster, refer to Section 3.0: Configure the Cluster using Azure Service Principal.

2.2 Create a Cluster

Ensure that you have set up a cluster using Azure Service Principal as a worker node in the Fortanix CCM. For more information, refer to the Administrator's Guide: Fortanix CCM with Azure Service Principal.

3.0 Configure the Cluster using Azure Service Principal

Perform the following steps to configure the Azure Service Principal credentials in Fortanix CCM:

  1. Click the Infrastructure → Compute Clusters menu item in the Fortanix CCM UI left navigation bar and click the + ADD COMPUTE CLUSTER button to configure a new compute cluster.

    Add-Compute-Cluster.png

    Figure 1: Add Compute Cluster

  2. On the Add Cluster page, enter the following details:

    • Name: Enter a required name of the cluster.

    • Description: Enter the required details about the cluster. However, this is optional.

    • Type: Select the ACI via Service Principal option from the drop down menu.

      Screenshot (108).png

      Figure 2: Add Cluster Form

  3. After you select the ACI via Service Principal option, rest of the parameters appear on the screen.

    • Location: The Azure region where the deployment occurs . If the required location is not available in the provided list, select the Other option and manually enter the specific location.

    • ACI configuration:

      • App ID: The Azure Active Directory application ID or client ID used for application identification.

      • App Passcode: The application secret required for authentication.

      • Tenant ID: The unique identifier of the Azure Active Directory instance, known as the Directory ID.

      • Subscription: The subscription ID where all resources are managed; it contains information related to resources.

      • Resource Group: The resource group designated for managing all containers and deployments. 

        Add-Cluster-Form-1.png
        Add-Cluster-Form-2.png

        Figure 3: Other Parameters

  4. Click the ADD CLUSTER button to save the cluster configuration.

    Compute-Cluster-Created.png

    Figure 4: Compute Cluster Created

The compute cluster is now successfully created.

4.0 Configure the ACI Application Workflow

Ensure that you have created a workflow using ACI app in the Fortanix CCM UI.

For more information, refer to the User's Guide: Create, Update, Clone, and Delete Workflows.

Perform the following steps to configure the workflow:

  1. Navigate to the Workflows → Approved menu item in the Fortanix CCM UI left navigation bar.

  2. From the list of approved workflows, select a workflow that has a single application since Fortanix CCM supports only single job deployments.

    Fig-5.png

    Figure 5: Select Approved Workflow

  3. In the detailed view of the selected workflow, you will notice the disabled RUN button. The RUN button will be disabled if you have not configured the Azure account and Location. Click the  Screenshot from 2024-01-24 13-29-18 - Copy.png icon to configure these details and enable the RUN button.
     

    Fig-6.png


    Figure 6: Configuration Button

  4. In the RUN WORKFLOW window, enter the following details:

    • Deployment Type: The workflow deployment type. Select the Azure Confidential Instances (Single Job) option from the drop down menu.

    • Azure account: Select the ACI cluster option from the drop down menu.

    • Location: The Azure region where the deployment occurs.
       Run-Workflow-Form.png
      Figure 7: Configure Specification

  5. Click the SAVE CONFIGURATION button to save the changes.

The RUN button is now enabled on the screen.

Fig-5 - Copy.png

Figure 8: Run Button Enabled

5.0 Run the ACI Application Workflow

Ensure that you have created an image registry in the Fortanix CCM UI. For more information, refer to User's Guide: Image Registry. A registry for the image used in the ACI application workflow is required to be created in the Fortanix CCM account, so at runtime, the credentials are passed to the Azure container instance to pull the image.

Perform the following steps to run the ACI workflow application:

  1. Configure the image pull secret.

  2. Click the RUN button in the detailed view of an approved workflow enabled in the Section 4.0: Configuring the ACI Application Workflow.

    Fig-9.png

    Figure 9: Run the application

  3. In the RUN WORKFLOW window, confirm the values of each parameter and click the RUN button to run the workflow.

    Screenshot (116).png

    Figure 10: Run workflow

    Observe the running indicator at the bottom of the workflow.

    NOTE

    The workflow execution status is not updated in real-time and must be fetched from the cluster manually. Therefore, click the Refresh icon to get the latest execution status.

    If there is a need to halt the execution at any point, click the STOP button. This action will re-enable the RUN button.

  4. The Execution Log will display the execution status if the application executes successfully.  

    Fig-11.png

    Figure 11: Running workflow

    The EXECUTION LOG window provides a detailed log of the run. You can also download the log using the DOWNLOAD button.

    Fig-12.png

    Figure 12: Log details