Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Azure Add-ons

application-gateway-ingress-controller (AGIC)

Application Gateway Ingress Controller manages the following Azure resources:

  • L7 Application Load Balancers to satisfy Kubernetes Ingress resources.

To install the Application Gateway Ingress Controller, follow these steps:

  1. Add the application gateway ingress repository to the helm repository by running the following command:

    helm repo add application-gateway-kubernetes-ingress https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/
  2. Update the helm repository to get the latest software by running the following command:

    helm repo update
  3. Create a file called agic-values.yaml, paste the following content into it, and replace the appropriate values from the terraform output.

    verbosityLevel: 3
    
    appgw:
        subscriptionId: <azure_subscription_id from terraform output>
        resourceGroup: <azure_resource_group from terraform output>
        name: <appgw_name from terraform output>
        usePrivateIP: false
        shared: false
    
    armAuth:
        type: workloadIdentity
        identityClientID: <appgw_ingress_controller_client_id from terraform output>
    
    rbac:
        enabled: true
  4. Install the Application Gateway Ingress Controller helm chart by running the following command:

    helm install -f agic-values.yaml ingress-azure application-gateway-kubernetes-ingress/ingress-azure -n uepe

Note!

When the cluster was created, the workload identity for AGIC was set up.

For the AGIC to function properly, the Helm install command above assumes that the following service account name and namespace are used:

Kubernetes Add-ons

external-dns

ExternalDNS is a Kubernetes add-on that configures public DNS servers with information about exposed Kubernetes services to make them discoverable.

To install ExternalDNS, follow these steps:

  1. Add the bitnami helm repository by running the following command:

    helm repo add bitnami https://charts.bitnami.com/bitnami
  2. Update the helm repository to get the latest software by running the following command:

    helm repo update
  3. Create a file called external-dns-values.yaml, paste the following content into it, and replace the appropriate values from terraform output.

    azure:
      useWorkloadIdentityExtension: true
      useManagedIdentityExtension: true
      tenantId: <azure_tenant_id from terraform output>
      subscriptionId: <azure_subscription_id from terraform output>
      resourceGroup: <azure_resource_group from terraform output>
      userAssignedIdentityID: <external_dns_client_id from terraform output>
    
    domainFilters:
      - <aks_domain_zone_name from terraform output>
    
    policy: sync
    provider: azure
    
    podLabels:
      azure.workload.identity/use: "true"
    
    serviceAccount:
      annotations:
        azure.workload.identity/client-id: <external_dns_client_id from terraform output>

    4. Install the ExternalDNS helm chart by running the following command:

    helm install external-dns bitnami/external-dns -n uepe \
    --version <helm chart version> -f external-dns-values.yaml

    Where <helm chart version> is a compatible version listed in the Compatibility Matrix (4.2).

Note!

When the clsuter was crated, the workload identity for ExternalDNS was set up.

For the ExternalDNS to function properly, the Helm install command above assumes that the following service account name and namespace are used:

ingress-nginx-controller

Note!

This is an optional add-on, see Introduction - Azure (4.2) for additional information.

The Ingress NGINX Controller is an ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer.

To install the Ingress NGINX Controller, follow these steps:

  1. Add the ingress-nginx helm repository by running the following command:

    helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
  2. Update the helm repository to get the latest software by running the following command:

    helm repo update
  3. Create a file called ingress-nginx-values.yaml and populate it with the following helm values. This yaml file do not require value substitution so you can proceed to the next step.

    controller:
      scope:
        enabled: true
      admissionWebhooks:
        enabled: false
      metrics:
        enabled: false
        serviceMonitor:
          enabled: false
      ingressClassResource:
        name: nginx
        enabled: true
        default: false
        controllerValue: "k8s.io/ingress-nginx"
      watchIngressWithoutClass: false
      service:
        targetPorts:
          http: 80
          https: 443
        type: NodePort
      extraArgs:
        v: 1
    serviceAccount:
      create: false
  4. Install the ingress-nginx-controller helm chart by running the following command:

    helm install ingress-nginx ingress-nginx/ingress-nginx --version <helm chart version> -f ingress-nginx-values.yaml -n uepe

    Where <helm chart version> is a compatible version listed in the Compatibility Matrix (4.2).

Executing helm list -A should show all add-ons added in this section similar to below:

NAME                         	NAMESPACE  	REVISION	UPDATED                                	STATUS  	CHART                                                                 	APP VERSION
aks-managed-workload-identity	kube-system	645     	2024-07-17 18:44:40.706836025 +0000 UTC	deployed	workload-identity-addon-0.1.0-5b6cd03978f9fddd96c5d27f5008581e3fdf7b52
external-dns                 	uepe       	1       	2024-07-18 02:41:33.781123 +0800 +08   	deployed	external-dns-8.0.1                                                    	0.14.2
ingress-azure                	uepe       	1       	2024-07-18 02:36:50.936739 +0800 +08   	deployed	ingress-azure-1.7.4                                                   	1.7.4
ingress-nginx                	uepe       	1       	2024-07-18 02:44:43.51378 +0800 +08    	deployed	ingress-nginx-4.10.1                                                  	1.10.1

This section is now complete and you can proceed to the Usage Engine Private Edition Preparations - Azure (4.2) section.

  • No labels