Prerequisites
Before you deploy Unity Virtual Private Cloud on premises
Read time 3 minutesLast updated 9 hours ago
Access to the container registry
Ensure that you have credentials for the Unity private container registryuccmpprivatecloud.azurecr.ioTooling
Ensure that you have this tooling:- Access to a terminal, and basic knowledge of the command line
-
One of these tools if you use Microsoft Windows:
- Windows Subsystem for Linux (WSL)
- Git for Windows
- ORAS CLI, to download the vpctl tool and the pull release packages from the registry
- Helm (version 3.0 or later), to install the Helm charts
- kubectl, to interact with your Kubernetes cluster
- Docker, to sync the container images to your private registry
- ArgoCD (recommended), for continuous delivery via GitOps
- vpctl, the Unity CLI tool that manages the entire deployment lifecycle. To install it, refer to Install vpctl.
Note
We recommend ArgoCD as the deployment method. ArgoCD handles CRD installation ordering and detects configuration drift automatically, which makes ongoing operations more reliable. Helm is also fully supported if you prefer direct deployments without a GitOps workflow.
Install the vpctl tool
The vpctl tool is the command-line tool that manages Unity Asset Manager releases in private cloud environments. This tool handles pulling releases, syncing images, generating secrets, and deploying charts.Using the install script
The install script automatically detects your OS and architecture, and downloads the correct binary files from the ORAS registry.Interactive mode
-
Run the script and enter your registry credentials at the command prompt:
./install-vpctl.sh 0.8.0
-
Enter your username and password at the command prompt:
[install-vpctl] Logging in to uccmpprivatecloud.azurecr.io (interactive)...[install-vpctl] Please enter your registry credentials:Username: <your-username>Password: <your-password>
Non-interactive mode: CI or automation
For automated environments, set theORAS_USERNAMEORAS_PASSWORDexport ORAS_USERNAME="<your-username>"export ORAS_PASSWORD="<your-password>"./install-vpctl.sh 0.8.0
Custom installation directory
Optionally, to specify a custom installation directory as the second argument, run this command:By default, the vpctl tool is installed in the directory./install-vpctl.sh 0.8.0 /opt/bin
/usr/local/binEnvironment variables
Variable | Required | Default | Description |
|---|---|---|---|
| No | No value | Registry username, for the non-interactive mode |
| No | No value | Registry password, for the non-interactive mode |
| No | | Registry URL |
ORAS_USERNAMEORAS_PASSWORDVerify the installation
After installation, to verify that the vpctl tool is available, run this command:vpctl version
Kubernetes
The deployment requires a Kubernetes cluster that you manage. We recommend that you use Kubernetes version 1.31 or later. Newer versions are likely compatible but we haven't tested them extensively.Storage classes
The cluster must provide two storage classes:- A default storage class for general-purpose persistent volumes (block storage). For example, a local-path provisioner, a SAN-backed CSI driver, or any block storage provisioner.
- A ReadWriteMany (RWX) storage class for shared volumes that multiple pods can mount simultaneously. For example, an NFS provisioner, a distributed filesystem, or any CSI driver that supports the access mode.
ReadWriteMany
Namespaces
Services come preconfigured for use within a single Kubernetes namespace. You configure the target namespace in the manifest file.Node pools
The platform separates general application workloads from asset transformation jobs. Configure your cluster with three node pools (or equivalent node groups):Node pool | Node label | Taint | Purpose |
|---|---|---|---|
| General workloads | None required | None | Application services, databases, messaging |
| Transformations | | None | Transformation workflow pods |
| Transformations (large) | | | Escalation pool for memory-intensive transformations; only pods that explicitly tolerate the taint are scheduled here |
Network policies
During deployment to an existing cluster, you may need to control the flow of network traffic by using network policies. You can deploy most Kubernetes resources in a single namespace, which you can use to scope network isolation from other services that run in your cluster.Container registry
By default, the platform pulls container images directly from the Unity source registry (uccmpprivatecloud.azurecr.iovpctl artifact sync imagesvpctl artifact sync orasSystem requirements
Ensure that you have these elements:- A valid hostname that can be updated to point to the IP of the load balancer
- A valid Plastic license to run the UVCS server
-
A valid Unity Asset Transformer SDK license to run transformations on assets
These licenses are required for all users who are to perform asset transformations:
- A valid Unity Asset Transformer license.
- A floating license server. To set up the license server, refer to these instructions.