Changes to deploy and restart the SR pods

Author: SoniaLopezBravo

articles/iot-operations/deploy-iot-ops/howto-deploy-iot-operations.md

@@ -1,5 +1,5 @@
 ---
-title: Deploy Azure IoT Operations to a cluster
+title: Deploy Azure IoT Operations to a Production Cluster
 description: Use the Azure portal to deploy Azure IoT Operations to an Arc-enabled Kubernetes cluster.
 author: SoniaLopezBravo
 ms.author: sonialopez
@@ -10,11 +10,15 @@ ms.date: 04/08/2025
 #CustomerIntent: As an OT professional, I want to deploy Azure IoT Operations to a Kubernetes cluster.
 ---
 
-# Deploy Azure IoT Operations to an Arc-enabled Kubernetes cluster
+# Deploy Azure IoT Operations to a production cluster
 
-Learn how to deploy Azure IoT Operations to a Kubernetes cluster using the Azure portal.
+Learn how to deploy Azure IoT Operations to a Kubernetes cluster with secure settings using the Azure portal.
 
-In this article, we discuss Azure IoT Operations *deployments* and *instances*, which are two different concepts:
+If you deployed a [test instance](./howto-deploy-iot-test-operations.md) of Azure IoT Operations to a cluster want to use the same cluster for production scenarios, follow the steps in [Enable secure settings on an existing Azure IoT Operations instance](./howto-enable-secure-settings.md).
+
+## Before you begin
+
+This article discusses Azure IoT Operations *deployments* and *instances*, which are two different concepts:
 
 * An Azure IoT Operations *deployment* describes all of the components and resources that enable the Azure IoT Operations scenario. These components and resources include:
   * An Azure IoT Operations instance
@@ -58,7 +62,9 @@ A cluster host:
 
 The Azure portal deployment experience is a helper tool that generates a deployment command based on your resources and configuration. The final step is to run an Azure CLI command, so you still need the Azure CLI prerequisites described in the previous section.
 
-1. In the [Azure portal](https://portal.azure.com), search for and select **Azure IoT Operations**.
+1. Sign in to [Azure portal](https://portal.azure.com).
+
+1. In the search box, search for and select **Azure IoT Operations**.
 
 1. Select **Create**.
 
@@ -106,78 +112,9 @@ The Azure portal deployment experience is a helper tool that generates a deploym
 
    1. Select **Apply** to confirm the schema registry configurations.
 
-1. On the **Dependency management** tab, select either the **Test settings** or the **Secure settings** deployment option. If you aren't sure which is right for your scenario, review the guidance in [Deployment details > Choose your features](overview-deploy.md#choose-your-features).
-
-   Depending on your choice, follow the steps to either:
-
-   * [Deploy with test settings](#deploy-with-test-settings), or
-   * [Deploy with secure settings](#deploy-with-secure-settings)
-
-### Deploy with test settings
-
-Use these steps if you chose the **Test settings** option on the **Dependency management** tab.
-
-1. Select **Next: Automation**.
-
-1. One at a time, run each Azure CLI command on the **Automation** tab in a terminal:
-
-   1. Sign in to Azure CLI interactively with a browser even if you already signed in before. If you don't sign in interactively, you might get an error that says *Your device is required to be managed to access your resource*.
-
-      ```azurecli
-      az login
-      ```
-
-   1. Install the latest Azure IoT Operations CLI extension if you haven't already.
-
-      ```azurecli
-      az extension add --upgrade --name azure-iot-ops
-      ```
-
-   1. Create a schema registry which will be used by Azure IoT Operations components. Copy and run the provided [az iot ops schema registry create](/cli/azure/iot/ops/schema/registry#az-iot-ops-schema-registry-create) command.
-
-      If you chose to use an existing schema registry, this command isn't displayed on the **Automation** tab.
-
-   1. Prepare the cluster for Azure IoT Operations deployment. Copy and run the provided [az iot ops init](/cli/azure/iot/ops#az-iot-ops-init) command.
-
-      >[!TIP]
-      >The `init` command only needs to be run once per cluster. If you followed the optional prerequisite to set up your own certificate authority issuer, follow the steps in [Bring your own issuer](../secure-iot-ops/howto-manage-certificates.md#bring-your-own-issuer).
-
-      This command might take several minutes to complete. You can watch the progress in the deployment progress display in the terminal.
-
-   1. Deploy Azure IoT Operations. Copy and run the provided [az iot ops create](/cli/azure/iot/ops#az-iot-ops-create) command.
-   
-      * If you want to use the preview connector configuration, add the following parameter to the `create` command:
+1. On the **Dependency management** tab, select the **Secure settings** deployment option.
 
-        ```bash
-        --feature connectors.settings.preview=Enabled
-        ```
-
-      * If you followed the optional prerequisites to prepare your cluster for observability, add the following parameters to the `create` command:
-
-        | Parameter | Value | Description |
-        | --------- | ----- | ----------- |
-        | `--ops-config` | `observability.metrics.openTelemetryCollectorAddress=<FULLNAMEOVERRIDE>.azure-iot-operations.svc.cluster.local:<GRPC_ENDPOINT>` | Provide the OpenTelemetry (OTel) collector address you configured in the otel-collector-values.yaml file.<br><br>The sample values used in [Configure observability](../configure-observability-monitoring/howto-configure-observability.md) are **fullnameOverride=aio-otel-collector** and **grpc.endpoint=4317**. |
-        | `--ops-config` | `observability.metrics.exportInternalSeconds=<CHECK_INTERVAL>` | Provide the **check_interval** value you configured in the otel-collector-values.yaml file.<br><br>The sample value used in [Configure observability](../configure-observability-monitoring/howto-configure-observability.md) is **check_interval=60**. |
-  
-      * If you followed the optional prerequisites to set up your own certificate authority issuer, add the `--trust-settings` parameters to the `create` command:
-
-        ```bash
-        --trust-settings configMapName=<CONFIGMAP_NAME> configMapKey=<CONFIGMAP_KEY_WITH_PUBLICKEY_VALUE> issuerKind=<CLUSTERISSUER_OR_ISSUER> issuerName=<ISSUER_NAME>
-        ```
-
-      This command might take several minutes to complete. You can watch the progress in the deployment progress display in the terminal.
-
-1. Once all of the Azure CLI commands complete successfully, you can close the **Install Azure IoT Operations** wizard.
-
-Once the `create` command completes successfully, you have a working Azure IoT Operations instance running on your cluster. At this point, your instance is configured for most testing and evaluation scenarios.
-
-If at any point in the future you want to prepare your instance for production scenarios, follow the steps in [Enable secure settings on an existing Azure IoT Operations instance](./howto-enable-secure-settings.md).
-
-### Deploy with secure settings
-
-Use these steps if you chose the **Secure settings** option on the **Dependency management** tab.
-
-   <!-- :::image type="content" source="./media/howto-deploy-iot-operations/deploy-dependency-management-1.png" alt-text="A screenshot that shows selecting secure settings on the third tab for deploying Azure IoT Operations from the portal."::: -->
+   :::image type="content" source="./media/howto-deploy-iot-operations/deploy-dependency-management-1.png" alt-text="A screenshot that shows selecting secure settings on the third tab for deploying Azure IoT Operations from the portal.":::
 
 1. In the **Deployment options** section, provide the following information:
 
@@ -192,71 +129,77 @@ Use these steps if you chose the **Secure settings** option on the **Dependency
 
 1. Select **Next: Automation**.
 
-1. One at a time, run each Azure CLI command on the **Automation** tab in a terminal:
+### Run Azure CLI commands
 
-   1. Sign in to Azure CLI interactively with a browser even if you already signed in before. If you don't sign in interactively, you might get an error that says *Your device is required to be managed to access your resource* when you continue to the next step to deploy Azure IoT Operations.
+The final step in the Azure portal deployment experience is to run a set of Azure CLI commands to deploy Azure IoT Operations to your cluster. The commands are generated based on the information you provided in the previous steps.
 
-      ```azurecli
-      az login
-      ```
+One at a time, run each Azure CLI command on the **Automation** tab in a terminal:
 
-   1. Install the latest Azure IoT Operations CLI extension.
+1. Sign in to Azure CLI interactively with a browser even if you already signed in before. If you don't sign in interactively, you might get an error that says *Your device is required to be managed to access your resource* when you continue to the next step to deploy Azure IoT Operations.
 
-      ```azurecli
-      az upgrade
-      az extension add --upgrade --name azure-iot-ops
-      ```
+   ```azurecli
+   az login
+   ```
+
+1. Install the latest Azure IoT Operations CLI extension.
+
+   ```azurecli
+   az upgrade
+   az extension add --upgrade --name azure-iot-ops
+   ```
+
+1. Create a schema registry which will be used by Azure IoT Operations components. Copy and run the provided [az iot ops schema registry create](/cli/azure/iot/ops/schema/registry#az-iot-ops-schema-registry-create) command. If you chose to use an existing schema registry, this command isn't displayed on the **Automation** tab.
 
-   1. Create a schema registry which will be used by Azure IoT Operations components. Copy and run the provided [az iot ops schema registry create](/cli/azure/iot/ops/schema/registry#az-iot-ops-schema-registry-create) command.
+   > [!NOTE]
+   > This command requires that you have role assignment write permissions because it assigns a role to give schema registry access to the storage account. By default, the role is the built-in **Storage Blob Data Contributor** role, or you can create a custom role with restricted permissions to assign instead. For more information, see [az iot ops schema registry create](/cli/azure/iot/ops/schema/registry#az-iot-ops-schema-registry-create).
 
-      If you chose to use an existing schema registry, this command isn't displayed on the **Automation** tab.
+1. To prepare the cluster for Azure IoT Operations deployment, copy and run the provided [az iot ops init](/cli/azure/iot/ops#az-iot-ops-init) command.
 
-      >[!NOTE]
-      >This command requires that you have role assignment write permissions because it assigns a role to give schema registry access to the storage account. By default, the role is the built-in **Storage Blob Data Contributor** role, or you can create a custom role with restricted permissions to assign instead. For more information, see [az iot ops schema registry create](/cli/azure/iot/ops/schema/registry#az-iot-ops-schema-registry-create).
+   > [!TIP]
+   > The `init` command only needs to be run once per cluster. If you're reusing a cluster that already had Azure IoT Operations version 0.8.0 deployed on it, you can skip this step.
 
-   1. Prepare the cluster for Azure IoT Operations deployment. Copy and run the provided [az iot ops init](/cli/azure/iot/ops#az-iot-ops-init) command.
+   This command might take several minutes to complete. You can watch the progress in the deployment progress display in the terminal.
 
-      >[!TIP]
-      >The `init` command only needs to be run once per cluster. If you're reusing a cluster that already had Azure IoT Operations version 0.8.0 deployed on it, you can skip this step.
+1. Deploy Azure IoT Operations. Copy and run the provided [az iot ops create](/cli/azure/iot/ops#az-iot-ops-create) command.
 
-      This command might take several minutes to complete. You can watch the progress in the deployment progress display in the terminal.
+   * If you want to use the preview connector configuration, add the following parameter to the `create` command:
 
-   1. Deploy Azure IoT Operations. Copy and run the provided [az iot ops create](/cli/azure/iot/ops#az-iot-ops-create) command.
-   
-      * If you want to use the preview connector configuration, add the following parameter to the `create` command:
+      ```bash
+      --feature connectors.settings.preview=Enabled
+      ```
+
+   * If you followed the optional prerequisites to prepare your cluster for observability, add the following optional parameters to the `create` command:
+
+   | Optional parameter | Value | Description |
+   | --------- | ----- | ----------- |
+   | `--ops-config` | `observability.metrics.openTelemetryCollectorAddress=<FULLNAMEOVERRIDE>.azure-iot-operations.svc.cluster.local:<GRPC_ENDPOINT>` | Provide the OpenTelemetry (OTel) collector address you configured in the otel-collector-values.yaml file.<br><br>The sample values used in [Configure observability](../configure-observability-monitoring/howto-configure-observability.md) are **fullnameOverride=aio-otel-collector** and **grpc.endpoint=4317**. |
+   | `--ops-config` | `observability.metrics.exportInternalSeconds=<CHECK_INTERVAL>` | Provide the **check_interval** value you configured in the otel-collector-values.yaml file.<br><br>The sample value used in [Configure observability](../configure-observability-monitoring/howto-configure-observability.md) is **check_interval=60**. |
 
-        ```bash
-        --feature connectors.settings.preview=Enabled
-        ```
+   This command might take several minutes to complete. You can watch the progress in the deployment progress display in the terminal.
 
-      * If you followed the optional prerequisites to prepare your cluster for observability, add the following optional parameters to the `create` command:
+1. Enable secret sync for the deployed Azure IoT Operations instance. Copy and run the provided [az iot ops secretsync enable](/cli/azure/iot/ops/secretsync#az-iot-ops-secretsync-enable) command.
 
-      | Optional parameter | Value | Description |
-      | --------- | ----- | ----------- |
-      | `--ops-config` | `observability.metrics.openTelemetryCollectorAddress=<FULLNAMEOVERRIDE>.azure-iot-operations.svc.cluster.local:<GRPC_ENDPOINT>` | Provide the OpenTelemetry (OTel) collector address you configured in the otel-collector-values.yaml file.<br><br>The sample values used in [Configure observability](../configure-observability-monitoring/howto-configure-observability.md) are **fullnameOverride=aio-otel-collector** and **grpc.endpoint=4317**. |
-      | `--ops-config` | `observability.metrics.exportInternalSeconds=<CHECK_INTERVAL>` | Provide the **check_interval** value you configured in the otel-collector-values.yaml file.<br><br>The sample value used in [Configure observability](../configure-observability-monitoring/howto-configure-observability.md) is **check_interval=60**. |
+   This command:
 
-      This command might take several minutes to complete. You can watch the progress in the deployment progress display in the terminal.
+   * Creates a federated identity credential using the user-assigned managed identity.
+   * Adds a role assignment to the user-assigned managed identity for access to the Azure Key Vault.
+   * Adds a minimum secret provider class associated with the Azure IoT Operations instance.
 
-   1. Enable secret sync for the deployed Azure IoT Operations instance. Copy and run the provided [az iot ops secretsync enable](/cli/azure/iot/ops/secretsync#az-iot-ops-secretsync-enable) command.
-   
-      This command:
+1. Assign a user-assigned managed identity to the deployed Azure IoT Operations instance. Copy and run the provided [az iot ops identity assign](/cli/azure/iot/ops/identity#az-iot-ops-identity-assign) command. This command creates a federated identity credential using the OIDC issuer of the indicated connected cluster and the Azure IoT Operations service account.
 
-      * Creates a federated identity credential using the user-assigned managed identity.
-      * Adds a role assignment to the user-assigned managed identity for access to the Azure Key Vault.
-      * Adds a minimum secret provider class associated with the Azure IoT Operations instance.
+1. Restart the schema registry pods to apply the new identity. 
 
-   1. Assign a user-assigned managed identity to the deployed Azure IoT Operations instance. Copy and run the provided [az iot ops identity assign](/cli/azure/iot/ops/identity#az-iot-ops-identity-assign) command.
-   
-      This command creates a federated identity credential using the OIDC issuer of the indicated connected cluster and the Azure IoT Operations service account.
+   ```azurecli
+   kubectl delete pods adr-schema-registry-0 adr-schema-registry-1 -n azure-iot-operations
+   ```
 
 1. Once all of the Azure CLI commands complete successfully, you can close the **Install Azure IoT Operations** wizard.
 
 Once the `create` command completes successfully, you have a working Azure IoT Operations instance running on your cluster. At this point, your instance is configured for production scenarios.
 
 ## Verify deployment
 
-After the deployment is complete, use [az iot ops check](/cli/azure/iot/ops#az-iot-ops-check) to evaluate IoT Operations service deployment for health, configuration, and usability. The *check* command can help you find problems in your deployment and configuration.
+After the deployment is complete, use [az iot ops check](/cli/azure/iot/ops#az-iot-ops-check) to evaluate IoT Operations service deployment for health, configuration, and usability. The `check` command can help you find problems in your deployment and configuration.
 
 ```azurecli
 az iot ops check
@@ -269,3 +212,5 @@ You can check the configurations of topic maps, QoS, and message routes by addin
 ## Next steps
 
 If your components need to connect to Azure endpoints like SQL or Fabric, learn how to [Manage secrets for your Azure IoT Operations deployment](../deploy-iot-ops/howto-manage-secrets.md).
+
+