Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
For your Agentic Retrieval deployment, install networking and observability components by configuring MetalLB and setting up certificate and trust managers. This article is part of the deployment prerequisites checklist.
Important
Agentic Retrieval in Foundry Local is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Install components for Agentic Retrieval
From the driver machine, install and configure MetalLB for the Azure Arc Azure Kubernetes Service (AKS) cluster and the observability dependency modules.
Install MetalLB
Skip this step if MetalLB is installed and configured in the current AKS Arc cluster.
To install and configure MetalLB, you can run the following commands on any of the cluster nodes in the Azure Local instance:
$lbName = "metallb" $ipRange = "" # <------ Provide the static IP address range that will be assigned to metalLB (format: CIDR format E.g. <IP address>-<IP address> or <IP address>/32) $sub = "<Subscription GUID>" $rg = "<Resource Group name>" $k8scluster = "<AKS Arc cluster name>" $resourceuri = "subscriptions/$sub/resourceGroups/$rg/providers/Microsoft.Kubernetes/connectedClusters/$k8scluster" az extension add -n k8s-runtime --upgrade az k8s-runtime load-balancer enable --resource-uri $resourceuri az k8s-runtime load-balancer create --load-balancer-name $lbName --resource-uri $resourceuri --addresses $ipRange --advertise-mode "ARP"Install observability dependency modules
Install the certificate manager and trust manager as an Azure Arc extension. This installation includes the trust-manager parameters required for Foundry Local certificate handling.
$sub = "<Subscription GUID>" $rg = "<Resource Group name>" $k8scluster = "<AKS Arc cluster name>" az k8s-extension create ` --cluster-name $k8scluster ` --name "azure-cert-manager" ` --resource-group $rg ` --cluster-type connectedClusters ` --extension-type Microsoft.CertManagement ` --scope cluster ` --release-train stable ` --config config.enableGatewayAPI=true ` --config cert-manager.crds.keep=true ` --config trust-manager.defaultPackage.enabled=false ` --config trust-manager.secretTargets.enabled=true ` --config trust-manager.secretTargets.authorizedSecretsAll=trueImportant
The
trust-manager.secretTargets.enabledandtrust-manager.secretTargets.authorizedSecretsAllparameters are required for Foundry Local to properly manage TLS certificates. Installing cert-manager without these parameters causes SSL certificate verification failures.