Connecting Azure Kubernetes Service (AKS) to CloudBlue Commerce
When configuring the virtual machine for the Operations Management Node, it is necessary to connect AKS to CloudBlue Commerce. To do so:
- Install Azure CLI 2.0.
- Get access credentials for a managed Kubernetes cluster.
-
Set up helm:
mkdir /tmp/helm wget https://storage.googleapis.com/kubernetes-helm/helm-v2.9.0-linux-amd64.tar.gz -q -O /tmp/helm/helm-v2.9.0-linux-amd64.tar.gz tar xf /tmp/helm/helm-v2.9.0-linux-amd64.tar.gz -C /tmp/helm cp /tmp/helm/linux-amd64/helm /usr/local/bin/helm rm -rf /tmp/helm /usr/local/bin/helm init kubectl create serviceaccount --namespace kube-system tiller kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller","automountServiceAccountToken":true}}}}' kubectl rollout status deployment/tiller-deploy -n kube-system /usr/local/bin/helm repo add a8n https://odindevops.jfrog.io/odindevops/a8n-helm-7.4/ --username=operations --password=99bwy-TnLX4u /usr/local/bin/helm install -n a8n-repo-config a8n/repo-config --wait kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "a8n-docker-registry"}]}'
-
(For the UI cluster deployment only) Create the
azure-file
storage class (if not created yet):# cat class.yaml kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: azurefile provisioner: kubernetes.io/azure-file mountOptions: - dir_mode=0777 - file_mode=0777 - uid=1000 - gid=1000 parameters: skuName: Standard_LRS # kubectl apply -f class.yaml
-
To ensure the subsequent correct installation of the branding UI helm package, run the following commands:
kubectl create clusterrole system:azure-cloud-provider --verb=get,create --resource=secrets kubectl create clusterrolebinding system:azure-cloud-provider --clusterrole=system:azure-cloud-provider --serviceaccount=kube-system:persistent-volume-binder
-
Configure Kubernetes settings for CloudBlue Commerce at PCP > Operations > System > Settings > Kubernetes Settings:
Obtain the values of the parameters by running the commands below on CloudBlue Commerce Management Node and complete the fields in the Provider Control Panel:
-
Kubernetes API URL: Obtain using the following command:
kubectl config view -o jsonpath="{.clusters[*].cluster.server}"
Note: If a proxy is required to connect to the Kubernetes API URL, use the internal IP address of the Kubernetes service to complete this field: https://10.0.0.1. In cases where a proxy is required, the internal API URL is necessary for ui-branding configuration (IP assignment) because PAU does not use proxy.
-
Tiller API Authorization Bearer Token: Obtain using the following command:
kubectl get secret -n kube-system $(kubectl get secrets -n kube-system | grep tiller | cut -f1 -d ' ') -o jsonpath={.data.token} | base64 -d
-
Kubernetes Docker Repository Host: Obtain using the following command:
/usr/local/bin/helm inspect a8n/repo-config | grep server | cut -f2 -d ' '
-
Helm Repository URL: Obtain using the following command:
helm repo list | grep a8n | cut -f2
-
Kubernetes Host Certificate: Obtain and set the value in the following way:
-
Run the following command:
grep 'certificate-authority-data' /root/.kube/config | awk '{print $2}' | base64 -d
Note: If there are several Kubernetes contexts in
/root/.kube/config
, copy the certificate related to your context. -
Copy the certificate to
/usr/local/pem/kubernetes/certs/kubernetesApi.pem
Important: Do not import the certificate into the field. The certificate is internal and will not be accepted.
-
-
-
Restart the PAU service.