Connecting Azure Kubernetes Service (AKS) to CloudBlue Commerce

When configuring the virtual machine for the Operations Management Node, it is necessary to connect AKS to CloudBlue Commerce. To do so:

1. Install Azure CLI 2.0.
2. Get access credentials for a managed Kubernetes cluster.

3. Set up helm:

   mkdir /tmp/helm
   wget https://storage.googleapis.com/kubernetes-helm/helm-v2.9.0-linux-amd64.tar.gz -q -O /tmp/helm/helm-v2.9.0-linux-amd64.tar.gz
   tar xf /tmp/helm/helm-v2.9.0-linux-amd64.tar.gz -C /tmp/helm
   cp /tmp/helm/linux-amd64/helm /usr/local/bin/helm
   rm -rf /tmp/helm
   /usr/local/bin/helm init
   kubectl create serviceaccount --namespace kube-system tiller
   kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
   kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller","automountServiceAccountToken":true}}}}'
   kubectl rollout status deployment/tiller-deploy -n kube-system
    
   /usr/local/bin/helm repo add a8n https://odindevops.jfrog.io/odindevops/a8n-helm-7.4/ --username=operations --password=99bwy-TnLX4u
   /usr/local/bin/helm install -n a8n-repo-config a8n/repo-config --wait
   kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "a8n-docker-registry"}]}'
   

4. (For the UI cluster deployment only) Create the azure-file storage class (if not created yet):

   # cat class.yaml
   kind: StorageClass
   apiVersion: storage.k8s.io/v1
   metadata:
     name: azurefile
   provisioner: kubernetes.io/azure-file
   mountOptions:
     - dir_mode=0777
     - file_mode=0777
     - uid=1000
     - gid=1000
   parameters:
     skuName: Standard_LRS
    
   # kubectl apply -f class.yaml

5. To ensure the subsequent correct installation of the branding UI helm package, run the following commands:

   kubectl create clusterrole system:azure-cloud-provider --verb=get,create --resource=secrets
   kubectl create clusterrolebinding system:azure-cloud-provider --clusterrole=system:azure-cloud-provider --serviceaccount=kube-system:persistent-volume-binder
   

6. Configure Kubernetes settings for CloudBlue Commerce at PCP > Operations > System > Settings > Kubernetes Settings:

   Obtain the values of the parameters by running the commands below on CloudBlue Commerce Management Node and complete the fields in the Provider Control Panel:

   • Kubernetes API URL: Obtain using the following command:

     kubectl config view -o jsonpath="{.clusters[*].cluster.server}"

     Note: If a proxy is required to connect to the Kubernetes API URL, use the internal IP address of the Kubernetes service to complete this field: https://10.0.0.1. In cases where a proxy is required, the internal API URL is necessary for ui-branding configuration (IP assignment) because PAU does not use proxy.

   • Tiller API Authorization Bearer Token: Obtain using the following command:

     kubectl get secret -n kube-system $(kubectl get secrets -n kube-system | grep tiller | cut -f1 -d ' ') -o jsonpath={.data.token} | base64 -d 

   • Kubernetes Docker Repository Host: Obtain using the following command:

     /usr/local/bin/helm inspect a8n/repo-config | grep server | cut -f2 -d ' '

   • Helm Repository URL: Obtain using the following command:

     helm repo list | grep a8n | cut -f2

   • Kubernetes Host Certificate: Obtain and set the value in the following way:

     1. Run the following command:

        grep 'certificate-authority-data' /root/.kube/config | awk '{print $2}' | base64 -d

        Note: If there are several Kubernetes contexts in /root/.kube/config, copy the certificate related to your context.

     2. Copy the certificate to /usr/local/pem/kubernetes/certs/kubernetesApi.pem

        Important: Do not import the certificate into the field. The certificate is internal and will not be accepted.

7. Restart the PAU service.