Verification

Overview

You’ve provisioned infrastructure and deployed the application. This final step verifies everything works correctly. You will:

• Confirm all infrastructure components (AKS, PostgreSQL, Storage, secrets) are healthy
• Configure DNS to point to your load balancer
• Test application access via the frontend and backend URLs
• Run functional tests (user login, project creation, SDK connectivity)
• Check health endpoints for each service
• Complete a production readiness checklist

After this step, your deployment is verified and ready for users.

Infrastructure verification

Before testing the application, verify all infrastructure components are healthy.

AKS cluster health

$
kubectl get nodes

All nodes should show Ready:

NAME                                 STATUS   ROLES    AGE    VERSION
aks-system-12345678-vmss000000       Ready    <none>   1h     v1.31.x
aks-system-12345678-vmss000001       Ready    <none>   1h     v1.31.x
aks-azewcais-12345678-vmss000000     Ready    <none>   1h     v1.31.x
aks-azewcais-12345678-vmss000001     Ready    <none>   1h     v1.31.x

$
kubectl describe node <node-name>

PostgreSQL connectivity

Verify the database is accessible from the cluster by checking backend logs:

$
kubectl logs deployment/confident-backend -n confident-ai | grep -i database

You should see successful connection messages, not connection refused errors.

Check PostgreSQL status in Azure Portal:

1. Go to Azure Portal → Azure Database for PostgreSQL → Flexible Servers
2. Find your server
3. Status should be “Available”

Key Vault secrets

Verify secrets exist and External Secrets can read them:

$
# Check External Secrets synced to Kubernetes
$
kubectl get secret confident-externalsecret -n confident-ai
$
$
# Check Key Vault via CLI
$
az keyvault secret list --vault-name $(terraform output -raw key_vault_name) --query '[].name' -o tsv

Storage Account

Verify the storage account and containers exist:

$
az storage container list \
>
  --account-name $(terraform output -raw storage_account_name) \
>
  --auth-mode login \
>
  --query '[].name' -o tsv

You should see three containers (e.g., confidentai-stage-testcases, confidentai-stage-payloads, and confidentai-stage-chbackups).

DNS configuration

The NGINX Ingress controller has an Azure Load Balancer IP. DNS records must point to it.

Get the Load Balancer IP

$
kubectl get svc -n ingress-nginx ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}'

Example output:

20.85.123.45

Create DNS records

Add A records for each hostname you configured in the ingress:

Verify DNS propagation

After adding records, verify they resolve correctly:

$
nslookup app.yourdomain.com
$
nslookup api.yourdomain.com

You should see the Load Balancer IP in the response. If you see “NXDOMAIN” or your old values, wait for DNS propagation (typically 5-30 minutes, up to 48 hours for some providers).

Application verification

Frontend access

Open your frontend URL in a browser:

https://app.yourdomain.com

What you should see:

1. HTTPS (padlock icon) — certificate is working
2. Confident AI login page — application is serving
3. Google OAuth button (if configured) — SSO is set up

Backend health check

The backend exposes a health endpoint:

$
curl -s https://api.yourdomain.com/health

Expected response:

1
{ "status": "ok", "version": "1.2.3" }

Evals health check

$
curl -s https://deepeval.yourdomain.com/health

Expected: {"status":"healthy"}

OTEL collector health

$
curl -s https://otel.yourdomain.com/health

Expected: {"status":"ok"}

Functional testing

Test 1: User login

1. Navigate to https://app.yourdomain.com
2. Click “Sign in with Google” (or your configured auth provider)
3. Complete authentication
4. Expected: Redirected to dashboard, user session created

Test 2: Create a project

1. From the dashboard, click “New Project”
2. Enter a project name
3. Click Create
4. Expected: Project created successfully, appears in list

This verifies database connectivity and basic write operations.

Test 3: API key generation

1. Go to Project Settings → API Keys
2. Click “Generate API Key”
3. Copy the generated key
4. Expected: API key displayed (save it—it won’t be shown again)

Test 4: SDK connectivity

From your local machine (or any machine that can reach the backend):

1
import deepeval
2
3
deepeval.login(
4
    api_key="<your-generated-api-key>",
5
    confident_api_endpoint="https://api.yourdomain.com"
6
)
7
8
print(deepeval.check_connection())

Expected: True or success message

Test 5: Run a simple evaluation

1
from deepeval import evaluate
2
from deepeval.test_case import LLMTestCase
3
from deepeval.metrics import AnswerRelevancyMetric
4
5
test_case = LLMTestCase(
6
    input="What is the capital of France?",
7
    actual_output="Paris is the capital of France.",
8
)
9
10
metric = AnswerRelevancyMetric()
11
evaluate([test_case], [metric])

Expected: Evaluation runs and results appear in the dashboard.

Service health checks

Run comprehensive health checks on all services:

$
# All pods should be Running
$
kubectl get pods -n confident-ai
$
$
# No recent crashes
$
kubectl get events -n confident-ai --field-selector type=Warning
$
$
# Check each deployment is ready
$
kubectl rollout status deployment/confident-backend -n confident-ai
$
kubectl rollout status deployment/confident-frontend -n confident-ai
$
kubectl rollout status deployment/confident-evals -n confident-ai
$
kubectl rollout status deployment/confident-otel -n confident-ai

View logs for troubleshooting

$
# Backend logs
$
kubectl logs -f deployment/confident-backend -n confident-ai
$
$
# Frontend logs
$
kubectl logs -f deployment/confident-frontend -n confident-ai
$
$
# Evals logs
$
kubectl logs -f deployment/confident-evals -n confident-ai

Production readiness checklist

Before announcing the deployment is ready for users, verify:

Security

• HTTPS working on all endpoints (padlock icon in browser)
• TLS certificate valid and not expiring soon
• NSG restricts access appropriately
• PostgreSQL not publicly accessible (private DNS only)
• Storage Account has no public access
• Key Vault has network ACLs configured
• terraform.tfvars not committed to version control

High availability

• At least 2 worker nodes running
• At least 2 replicas for backend service (scale if not)
• PostgreSQL has zone-redundant HA enabled (if required)
• Worker pool autoscaling configured for traffic spikes

Monitoring (recommended)

• Azure Monitor configured for AKS
• PostgreSQL metrics and alerts enabled
• Container Insights enabled
• Alerts configured for node health, pod restarts, errors

Operations

• Team members have cluster access (see Cluster Access page)
• Runbook documented for common issues
• Backup strategy confirmed for PostgreSQL
• Upgrade path understood for future releases

What to do if verification fails

Don’t panic. Most issues have straightforward fixes:

1. Identify the failing component: Use the checks above to isolate which part isn’t working
2. Check logs: kubectl logs for pod issues, Azure Portal for service-level issues
3. Review configuration: Typos in URLs, missing certificates, wrong secret names
4. Check network: NSGs, DNS propagation, VPN connectivity
5. Contact support: If stuck, reach out to your Confident AI representative with:
   • What step failed
   • Exact error messages
   • Results of relevant kubectl get commands

Summary

You’ve completed the Confident AI deployment on Azure:

1. Prerequisites — Installed tools and gathered credentials
2. Configuration — Set up Terraform variables
3. Provisioning — Created Azure infrastructure
4. TLS Certificates — Configured cert-manager and ClusterIssuer
5. Cluster Access — Configured kubectl access
6. Kubernetes Deployment — Deployed application services
7. Verification — Tested everything works

Your deployment is now ready for users. Welcome to Confident AI!

Need help? Contact your Confident AI representative or email support@confident-ai.com with details about your deployment and any issues encountered.