Enabling Monitoring (Optional)

Monitoring allows Sublime to see metrics and other high level telemetry about your deployment and create alerts, monitor via dashboards, and improve the Azure experience. An example of these metrics are DB CPU, pods in the AKS cluster, etc. Logs and more granular data can be collected via the “Send errors and system health information” setting within the platform.

Monitoring must be enabled to receive support from Sublime.

  1. Create a new app registration
    1. Select “Microsoft Entra ID”
    2. Expand “Manage” and select “App registrations”
    3. Click “New registration”
    4. Name the application whatever you would like and select “Accounts in this organizational directory only” for “Supported account types”. Leave “Redirect URI” empty.
    5. Click “Register”
    6. Copy the “Application (client) ID”, you will need it when running the ARM template
  2. Create a client secret
    1. Navigate to the App registration resource
    2. Expand “Manage” and select “Certificates & secrets”
    3. Click “Client secrets”
    4. Click “New client secret”
    5. Give the secret a name and expiration of your choice
    6. Click “Add”
    7. Copy the “Value” and save it somewhere, you will not be able to retrieve it later and you will need it when running the ARM template
  3. Grant permissions to the application
    1. Navigate to the subscription you’re using for Sublime
    2. Select “Access control (IAM)”
    3. Select “Role assignments”
    4. Click “Add” and “Add role assignment”
    5. Select the “Monitoring Reader” role
    6. Click “Members”
    7. Select the “User, group, or service principal” radial and click “Select members”
    8. Enter the name of the application you created and click “Select”
    9. Click “Review + assign”

Deploy the Template

  1. Click the following link to open the template and fill out the information.

image.png

See ‣ which has the parameters you will need to deploy.

Verify & Complete the Installation

  1. To check the installation status go to the Kubernetes resource in the Azure portal, expand “Kubernetes resources”, and click “Run command”. You can run the following command to check installation status (it may take a bit for the release to show up at first): kubectl get helmrelease -n flux-system. Once the installation is complete, “Ready” will be “True” and “Status” will be “Release reconciliation succeeded”.
  2. Create a DNS record to point to your Sublime dashboard. This should simply be an A record pointing to our Ingress’s IP, which you can find either of two ways:
    1. Using the “Run command” page above run kubectl get ingress -n sublime. The external IP will be in the “Address” column.
    2. Using the Azure portal you can view the “kubernetes” Load Balancer resource, expand “Settings”, select “Frontend IP configuration”, and the configuration with 3 rules will be the external IP.

Upload your TLS Certificate

  1. Go to the key vault that was created after running the ARM template (it’ll be named sublime-vault-<your unique name>)

  2. You may have to grant yourself access to the key vault.

    1. Click “Access control (IAM)”, “Add”, and then “Add role assignment”

    2. Grant your Principal the “Key Vault Certificates Officer” role

    3. Click “Review + assign”

      incident-report-replica-lag-2026-03-25.md

  3. Expand “Objects” and click “Certificates”