Skip to content

OSDU Community Implementation

Provision and operate the OSDU data platform on Azure with transparent automation and built-in platform safeguards.

One Command ·  One Platform  · Production Ready

Simple -- Single command deploys the full stack. Isolated developer environments. No manual platform wiring.

Secure -- Hardened by default. Managed Istio, workload identity, policy enforcement with native monitoring.

Fast -- Full OSDU stack in minutes. Feature flags for every component. No fork required.

How does it work?

%%{init: {'theme': 'base', 'themeVariables': {'primaryColor': '#1a5276', 'primaryTextColor': '#fff', 'primaryBorderColor': '#154360', 'lineColor': '#1a5276', 'secondaryColor': '#1f6f8b', 'tertiaryColor': '#1f6f8b'}}}%%
graph LR
    A[Run\nazd up] --> B[Provision\nAKS Automatic] --> C[Bootstrap\nFoundation] --> D[Deploy\nOSDU Stacks]

  • Provision

    Azure Developer CLI provisions the azure resources then bootstraps the necessary operators.

  • Deploy

    Software stacks deploy middleware and all OSDU services with automatic compliance patching.

Why OSDU on Azure?

  • Transparent

    Open-source Terraform with every design decision documented. No hidden scripts, no black-box modules.

  • Automated

    One command deploys infrastructure, platform operators, and 20+ microservices with policy compliance at every layer.

  • Configurable

    Feature flags control every component. Toggle any service with a single variable. No fork required.

  • Compliant

    Built for AKS Automatic with deployment safeguards, managed Istio, pod security standards, and Azure RBAC.

Who is it for?

  • Platform Operators

    Stand up a running OSDU instance on Azure. One command to deploy, one command to tear down.

  • Service Developers

    Your own OSDU environment to code against, deploy to, and test with.

What can it do?

One-command deployment -- azd up orchestrates infrastructure, platform, and services through three independent Terraform layers with automatic credential and secret management.

Hardened by default -- AKS Automatic provides managed Istio, managed Prometheus/Grafana, deployment safeguards, and auto-upgrade with no additional configuration.

Safeguards compliance pipeline -- Helm postrender + Kustomize automatically patches any upstream chart to meet AKS admission policies without chart forking.

Zero-secret identity -- Workload Identity with federated credentials eliminates stored secrets for cross-subscription DNS, storage, and service authentication.

Zone-resilient scheduling -- Karpenter Node Auto Provisioning dynamically selects VM SKUs per availability zone, eliminating capacity allocation failures.

Config-driven multi-stack -- Deploy isolated OSDU instances on a shared cluster from a single Terraform root with one environment variable.

Inner-loop dev-test cycle -- Private container registry lets developers build, deploy, and validate service changes on a live cluster before opening a merge request.