Kubernetes Cluster Add-ons - Azure (4.2)
Azure Add-ons
application-gateway-ingress-controller (AGIC)
Application Gateway Ingress Controller manages the following Azure resources:
L7 Application Load Balancers to satisfy Kubernetes
Ingressresources.
To install the Application Gateway Ingress Controller, follow these steps:
Create a file called
agic-values.yaml, paste the following content into it, and replace the appropriate values from the terraform output.verbosityLevel: 3 appgw: subscriptionId: <azure_subscription_id from terraform output> resourceGroup: <azure_resource_group from terraform output> name: <appgw_name from terraform output> usePrivateIP: false shared: false armAuth: type: workloadIdentity identityClientID: <appgw_ingress_controller_client_id from terraform output> rbac: enabled: trueInstall the Application Gateway Ingress Controller by running the following command:
helm install -f agic-values.yaml ingress-azure oci://mcr.microsoft.com/azure-application-gateway/charts/ingress-azure -n uepe
Note!
When the cluster was created, the workload identity for AGIC was set up.
For the AGIC to function properly, the Helm install command above assumes that the following service account name and namespace are used:
Service Account name is set to
appgw_ingress_controller_service_accountfrom terraform output in Set Up Kubernetes Cluster - Azure (4.2) | Create Basic Cluster and additional infrastructure section.Namespace is set to
appgw_ingress_controller_namespacefrom terraform output in Set Up Kubernetes Cluster - Azure (4.2) | Create Basic Cluster and additional infrastructure section.
Kubernetes Add-ons
external-dns
ExternalDNS is a Kubernetes add-on that configures public DNS servers with information about exposed Kubernetes services to make them discoverable.
To install ExternalDNS, follow these steps:
Add the bitnami helm repository by running the following command:
helm repo add bitnami https://charts.bitnami.com/bitnamiUpdate the helm repository to get the latest software by running the following command:
helm repo updateCreate a file called
external-dns-values.yaml, paste the following content into it, and replace the appropriate values from terraform output.azure: useWorkloadIdentityExtension: true useManagedIdentityExtension: true tenantId: <azure_tenant_id from terraform output> subscriptionId: <azure_subscription_id from terraform output> resourceGroup: <azure_resource_group from terraform output> userAssignedIdentityID: <external_dns_client_id from terraform output> domainFilters: - <aks_domain_zone_name from terraform output> policy: sync provider: azure podLabels: azure.workload.identity/use: "true" serviceAccount: annotations: azure.workload.identity/client-id: <external_dns_client_id from terraform output>4. Install the ExternalDNS helm chart by running the following command:
helm install external-dns bitnami/external-dns -n uepe \ --version <helm chart version> -f external-dns-values.yamlWhere
<helm chart version>is a compatible version listed in the Compatibility Matrix (4.2).
Note!
When the cluster was created, the workload identity for ExternalDNS was set up.
For the ExternalDNS to function properly, the Helm install command above assumes that the following service account name and namespace are used:
Service Account name is set to
external_dns_service_accountfrom terraform output in Set Up Kubernetes Cluster - Azure (4.2) | Create Basic Cluster and additional infrastructure sectionNamespace is set to
external_dns_namespacefrom terraform output in Set Up Kubernetes Cluster - Azure (4.2) | Create Basic Cluster and additional infrastructure section
ingress-nginx-controller
Note!
This is an optional add-on, see Introduction - Azure (4.2) for additional information.
The Ingress NGINX Controller is an ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer.
To install the Ingress NGINX Controller, follow these steps:
Add the ingress-nginx helm repository by running the following command:
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginxUpdate the helm repository to get the latest software by running the following command:
helm repo updateCreate a file called
ingress-nginx-values.yamland populate it with the following helm values. This yaml file do not require value substitution so you can proceed to the next step.controller: scope: enabled: true admissionWebhooks: enabled: false metrics: enabled: false serviceMonitor: enabled: false ingressClassResource: name: nginx enabled: true default: false controllerValue: "k8s.io/ingress-nginx" watchIngressWithoutClass: false service: targetPorts: http: 80 https: 443 type: NodePort extraArgs: v: 1 serviceAccount: create: falseInstall the
ingress-nginx-controllerhelm chart by running the following command:helm install ingress-nginx ingress-nginx/ingress-nginx --version <helm chart version> -f ingress-nginx-values.yaml -n uepeWhere
<helm chart version>is a compatible version listed in the Compatibility Matrix (4.2).
Executing helm list -A should show all add-ons added in this section similar to below:
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
aks-managed-workload-identity kube-system 645 2024-07-17 18:44:40.706836025 +0000 UTC deployed workload-identity-addon-0.1.0-5b6cd03978f9fddd96c5d27f5008581e3fdf7b52
external-dns uepe 1 2024-07-18 02:41:33.781123 +0800 +08 deployed external-dns-8.0.1 0.14.2
ingress-azure uepe 1 2024-07-18 02:36:50.936739 +0800 +08 deployed ingress-azure-1.7.4 1.7.4
ingress-nginx uepe 1 2024-07-18 02:44:43.51378 +0800 +08 deployed ingress-nginx-4.10.1 1.10.1This section is now complete and you can proceed to the Usage Engine Private Edition Preparations - Azure (4.2) section.