Stage 17: Data Plane Frontend
Stage 17 deploys the data plane frontend applications: the data plane UI and all workbench applications. Each workbench provides a specialized interface for a different user persona.
Source file: scripts/stages/17-data-plane-frontend.sh
Applications Deployed
| Application | Port | Description |
|---|---|---|
| data-plane-ui | 3005 | Data plane administration dashboard |
| bi-workbench | 3000 | Business intelligence analysis interface |
| ml-workbench | 3001 | Machine learning experiment workspace |
| data-workbench | 3002 | Data engineering pipeline management |
| agentic-workbench | 3003 | Conversational AI agent interface |
Configuration
| Setting | Source | Description |
|---|---|---|
IMAGE_TAG | Build metadata or tag file | Container image version |
ACR_URL | Terraform outputs | Azure Container Registry URL |
INGRESS_DOMAIN | Environment variable or auto-detect | Domain for ingress routes |
ENABLE_TLS | Environment variable | TLS termination (default: false) |
Ingress Domain Resolution
If INGRESS_DOMAIN is not set, the stage auto-detects the LoadBalancer IP and constructs a nip.io domain:
<lb-ip>.nip.ioIn production, each tenant gets a dedicated domain (e.g., acme.matih.ai).
Deployment
Each frontend application is deployed as a separate Helm release:
for app in data-plane-ui bi-workbench ml-workbench data-workbench agentic-workbench; do
helm upgrade --install ${app} \
infrastructure/helm/${app} \
--namespace matih-data-plane \
--set image.repository=${ACR_URL}/matih/${app} \
--set image.tag=${IMAGE_TAG} \
--set ingress.domain=${INGRESS_DOMAIN} \
--wait --timeout 5m
doneLibraries Used
| Library | Purpose |
|---|---|
core/config.sh | Terraform output access |
k8s/namespace.sh | Namespace management |
helm/deploy.sh | Helm deployment |
acr/deploy.sh | ACR image operations |
Dependencies
- Requires:
16-data-plane-services - Required by:
18-validate
Dependency Verification
kubectl get pods -n matih-data-plane -l app=bi-workbench
kubectl get ingress -n matih-data-plane