Connecting Azure Kubernetes Service (AKS) to CloudBlue Commerce

When configuring the virtual machine for the Operations Management Node, it is necessary to connect AKS to CloudBlue Commerce. To do so:

  1. Install Azure CLI 2.0.
  2. Get access credentials for a managed Kubernetes cluster.
  3. Set up helm:

    mkdir /tmp/helm
    wget https://storage.googleapis.com/kubernetes-helm/helm-v2.9.0-linux-amd64.tar.gz -q -O /tmp/helm/helm-v2.9.0-linux-amd64.tar.gz
    tar xf /tmp/helm/helm-v2.9.0-linux-amd64.tar.gz -C /tmp/helm
    cp /tmp/helm/linux-amd64/helm /usr/local/bin/helm
    rm -rf /tmp/helm
    /usr/local/bin/helm init
    kubectl create serviceaccount --namespace kube-system tiller
    kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
    kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller","automountServiceAccountToken":true}}}}'
    kubectl rollout status deployment/tiller-deploy -n kube-system
     
    /usr/local/bin/helm repo add a8n https://odindevops.jfrog.io/odindevops/a8n-helm-7.4/ --username=operations --password=99bwy-TnLX4u
    /usr/local/bin/helm install -n a8n-repo-config a8n/repo-config --wait
    kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "a8n-docker-registry"}]}'
    
  4. (For the UI cluster deployment only) Create the azure-file storage class (if not created yet):

    # cat class.yaml
    kind: StorageClass
    apiVersion: storage.k8s.io/v1
    metadata:
      name: azurefile
    provisioner: kubernetes.io/azure-file
    mountOptions:
      - dir_mode=0777
      - file_mode=0777
      - uid=1000
      - gid=1000
    parameters:
      skuName: Standard_LRS
     
    # kubectl apply -f class.yaml
  5. To ensure the subsequent correct installation of the branding UI helm package, run the following commands:

    kubectl create clusterrole system:azure-cloud-provider --verb=get,create --resource=secrets
    kubectl create clusterrolebinding system:azure-cloud-provider --clusterrole=system:azure-cloud-provider --serviceaccount=kube-system:persistent-volume-binder
    
  6. Configure Kubernetes settings for CloudBlue Commerce at PCP > Operations > System > Settings > Kubernetes Settings:

    Obtain the values of the parameters by running the commands below on CloudBlue Commerce Management Node and complete the fields in the Provider Control Panel:

    • Kubernetes API URL: Obtain using the following command:

      kubectl config view -o jsonpath="{.clusters[*].cluster.server}"

      Note: If a proxy is required to connect to the Kubernetes API URL, use the internal IP address of the Kubernetes service to complete this field: https://10.0.0.1. In cases where a proxy is required, the internal API URL is necessary for ui-branding configuration (IP assignment) because PAU does not use proxy.

    • Tiller API Authorization Bearer Token: Obtain using the following command:

      kubectl get secret -n kube-system $(kubectl get secrets -n kube-system | grep tiller | cut -f1 -d ' ') -o jsonpath={.data.token} | base64 -d 
    • Kubernetes Docker Repository Host: Obtain using the following command:

      /usr/local/bin/helm inspect a8n/repo-config | grep server | cut -f2 -d ' '
    • Helm Repository URL: Obtain using the following command:

      helm repo list | grep a8n | cut -f2
    • Kubernetes Host Certificate: Obtain and set the value in the following way:

      1. Run the following command:

        grep 'certificate-authority-data' /root/.kube/config | awk '{print $2}' | base64 -d

        Note: If there are several Kubernetes contexts in /root/.kube/config, copy the certificate related to your context.

      2. Copy the certificate to /usr/local/pem/kubernetes/certs/kubernetesApi.pem

        Important: Do not import the certificate into the field. The certificate is internal and will not be accepted.

  7. Restart the PAU service.