Connecting Azure Kubernetes Service (AKS) to CloudBlue Commerce

When configuring the virtual machine for the Operations Management Node, it is necessary to connect AKS to CloudBlue Commerce. To do so:

  1. Install Azure CLI 2.0.
  2. Get access credentials for a managed Kubernetes cluster.
  3. Install Helm 3.5.4 or later.

    Note: In the CloudBlue Commerce documentation, command options are provided for Helm 3. Helm 2 can also be used, but there may be differences in command options. If you already have Helm 2 installed, you can either migrate from it to Helm 3 or take into account differences in command options. For example, if a Helm 3 command cannot be performed due to such differences, you can find suitable Helm 2 command options.

  4. Prepare your login and password for accessing CloudBlue Commerce Helm repositories.

    Note: Contact your Technical Account Manager (TAM) to obtain these credentials.

  5. Execute these commands:

    /usr/local/bin/helm repo add a8n https://odindevops.jfrog.io/odindevops/a8n-helm-7.4/ --username=YOUR_LOGIN --password=YOUR_PASSWORD
    /usr/local/bin/helm install -n a8n-repo-config a8n/repo-config --wait
    kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "a8n-docker-registry"}]}'
    
  6. (For the UI cluster deployment only) Create the azure-file storage class (if not created yet):

    # cat class.yaml
    kind: StorageClass
    apiVersion: storage.k8s.io/v1
    metadata:
      name: azurefile
    provisioner: kubernetes.io/azure-file
    mountOptions:
      - dir_mode=0777
      - file_mode=0777
      - uid=1000
      - gid=1000
    parameters:
      skuName: Standard_LRS
     
    # kubectl apply -f class.yaml
  7. To ensure the subsequent correct installation of the branding UI helm package, run the following commands:

    kubectl create clusterrole system:azure-cloud-provider --verb=get,create --resource=secrets
    kubectl create clusterrolebinding system:azure-cloud-provider --clusterrole=system:azure-cloud-provider --serviceaccount=kube-system:persistent-volume-binder
    
  8. Configure Kubernetes settings for CloudBlue Commerce at PCP > Operations > System > Settings > Kubernetes Settings:

    Obtain the values of the parameters by running the commands below on CloudBlue Commerce Management Node and complete the fields in the Provider Control Panel:

    • Kubernetes API URL: Obtain using the following command:

      kubectl config view -o jsonpath="{.clusters[*].cluster.server}"

      Note: If a proxy is required to connect to the Kubernetes API URL, use the internal IP address of the Kubernetes service to complete this field: https://10.0.0.1. In cases where a proxy is required, the internal API URL is necessary for ui-branding configuration (IP assignment) because PAU does not use proxy.

    • Tiller API Authorization Bearer Token: Obtain using the following command:

      kubectl get secret -n kube-system $(kubectl get secrets -n kube-system | grep tiller | cut -f1 -d ' ') -o jsonpath={.data.token} | base64 -d 
    • Kubernetes Docker Repository Host: Obtain using the following command:

      /usr/local/bin/helm inspect a8n/repo-config | grep server | cut -f2 -d ' '
    • Helm Repository URL: Obtain using the following command:

      helm repo list | grep a8n | cut -f2
    • Kubernetes Host Certificate: Obtain and set the value in the following way:

      1. Run the following command:

        grep 'certificate-authority-data' /root/.kube/config | awk '{print $2}' | base64 -d

        Note: If there are several Kubernetes contexts in /root/.kube/config, copy the certificate related to your context.

      2. Copy the certificate to /usr/local/pem/kubernetes/certs/kubernetesApi.pem

        Important: Do not import the certificate into the field. The certificate is internal and will not be accepted.

  9. Restart the PAU service.