Prerequisites
Required
Section titled “Required”Azure Subscription
Section titled “Azure Subscription”An active Azure subscription with permission to create:
- Resource groups
- Virtual networks and subnets
- Network security groups
- Public IP addresses
- Virtual machines
Azure CLI
Section titled “Azure CLI”Install and authenticate the Azure CLI:
# Install (if not present)curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
# Authenticateaz login
# Verify subscriptionaz account show --query '{name:name, id:id}' -o tableTerraform
Section titled “Terraform”Terraform >= 1.5 is required:
# Verify installationterraform version
# If not installed, use HashiCorp's APT repositorywget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpgecho "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.listsudo apt update && sudo apt install terraformSSH Key Pair
Section titled “SSH Key Pair”An SSH key pair for VM access:
# Generate if you don't have onessh-keygen -t ed25519 -f ~/.ssh/cdn-edge-key -N ""Azure AD Permissions
Section titled “Azure AD Permissions”Your Azure AD account must have User.Read permissions. The deployer identifier (used in resource naming) is automatically derived from your Azure AD profile. For service principal or managed identity authentication, set the deployer Terraform variable explicitly.
Optional
Section titled “Optional”Custom Domain
Section titled “Custom Domain”If you want real TLS certificates instead of self-signed:
- A domain name with DNS control
- Ability to create A records pointing to the Azure Public IP
Origin Server URL
Section titled “Origin Server URL”The URL of the F5 XC HTTP load balancer that this edge node will forward traffic to. This can be configured after deployment — the default NGINX config uses a placeholder that you update in the NGINX configuration.