Azure Add-ons
application-gateway-ingress-controller (AGIC)
Application Gateway Ingress Controller manages the following Azure resources:
L7 Application Load Balancers to satisfy Kubernetes
Ingress
resources.
To install the Application Gateway Ingress Controller, follow these steps:
Add the application gateway ingress repository to the helm repository by running the following command:
helm repo add application-gateway-kubernetes-ingress https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/
Update the helm repository to get the latest software by running the following command:
helm repo update
Create a file called
agic-values.yaml
, paste the following content into it, and replace the appropriate values from the terraform output.verbosityLevel: 3 appgw: subscriptionId: <azure_subscription_id from terraform output> resourceGroup: <azure_resource_group from terraform output> name: <appgw_name from terraform output> usePrivateIP: false shared: false armAuth: type: workloadIdentity identityClientID: <appgw_ingress_controller_client_id from terraform output> rbac: enabled: true
Install the Application Gateway Ingress Controller helm chart by running the following command:
helm install -f agic-values.yaml ingress-azure application-gateway-kubernetes-ingress/ingress-azure -n uepe
Note!
When the cluster was created, the workload identity for AGIC was set up.
For the AGIC to function properly, the Helm install command above assumes that the following service account name and namespace are used:
Service Account name is set to
appgw_ingress_controller_service_account
from terraform output in https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/251559986/Set+Up+Kubernetes+Cluster+-+Azure+4.2#Create-Basic-Cluster-and-additional-infrastructure section.Namespace is set to
appgw_ingress_controller_namespace
from terraform output in https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/251559986/Set+Up+Kubernetes+Cluster+-+Azure+4.2#Create-Basic-Cluster-and-additional-infrastructure section.
Kubernetes Add-ons
external-dns
ExternalDNS is a Kubernetes add-on that configures public DNS servers with information about exposed Kubernetes services to make them discoverable.
To install ExternalDNS, follow these steps:
Add the bitnami helm repository by running the following command:
helm repo add bitnami https://charts.bitnami.com/bitnami
Update the helm repository to get the latest software by running the following command:
helm repo update
Create a file called
external-dns-values.yaml
, paste the following content into it, and replace the appropriate values from terraform output.azure: useWorkloadIdentityExtension: true useManagedIdentityExtension: true tenantId: <azure_tenant_id from terraform output> subscriptionId: <azure_subscription_id from terraform output> resourceGroup: <azure_resource_group from terraform output> userAssignedIdentityID: <external_dns_client_id from terraform output> domainFilters: - <aks_domain_zone_name from terraform output> policy: sync provider: azure podLabels: azure.workload.identity/use: "true" serviceAccount: annotations: azure.workload.identity/client-id: <external_dns_client_id from terraform output>
4. Install the ExternalDNS helm chart by running the following command:
helm install external-dns bitnami/external-dns -n uepe \ --version <helm chart version> -f external-dns-values.yaml
Where
<helm chart version>
is a compatible version listed in the Compatibility Matrix (4.2).
Note!
When the clsuter was crated, the workload identity for ExternalDNS was set up.
For the ExternalDNS to function properly, the Helm install command above assumes that the following service account name and namespace are used:
Service Account name is set to
external_dns_service_account
from terraform output in https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/251559986/Set+Up+Kubernetes+Cluster+-+Azure+4.2#Create-Basic-Cluster-and-additional-infrastructure sectionNamespace is set to
external_dns_namespace
from terraform output in https://infozone.atlassian.net/wiki/spaces/UEPE4D/pages/251559986/Set+Up+Kubernetes+Cluster+-+Azure+4.2#Create-Basic-Cluster-and-additional-infrastructure section
ingress-nginx-controller
Note!
This is an optional add-on, see Introduction - Azure (4.2) for additional information.
The Ingress NGINX Controller is an ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer.
To install the Ingress NGINX Controller, follow these steps:
Add the ingress-nginx helm repository by running the following command:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
Update the helm repository to get the latest software by running the following command:
helm repo update
Create a file called
ingress-nginx-values.yaml
and populate it with the following helm values. This yaml file do not require value substitution so you can proceed to the next step.controller: scope: enabled: true admissionWebhooks: enabled: false metrics: enabled: false serviceMonitor: enabled: false ingressClassResource: name: nginx enabled: true default: false controllerValue: "k8s.io/ingress-nginx" watchIngressWithoutClass: false service: targetPorts: http: 80 https: 443 type: NodePort extraArgs: v: 1 serviceAccount: create: false
Install the
ingress-nginx-controller
helm chart by running the following command:helm install ingress-nginx ingress-nginx/ingress-nginx --version <helm chart version> -f ingress-nginx-values.yaml -n uepe
Where
<helm chart version>
is a compatible version listed in the Compatibility Matrix (4.2).
Executing helm list -A
should show all add-ons added in this section similar to below:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION aks-managed-workload-identity kube-system 645 2024-07-17 18:44:40.706836025 +0000 UTC deployed workload-identity-addon-0.1.0-5b6cd03978f9fddd96c5d27f5008581e3fdf7b52 external-dns uepe 1 2024-07-18 02:41:33.781123 +0800 +08 deployed external-dns-8.0.1 0.14.2 ingress-azure uepe 1 2024-07-18 02:36:50.936739 +0800 +08 deployed ingress-azure-1.7.4 1.7.4 ingress-nginx uepe 1 2024-07-18 02:44:43.51378 +0800 +08 deployed ingress-nginx-4.10.1 1.10.1
This section is now complete and you can proceed to the Usage Engine Private Edition Preparations - Azure (4.2) section.