Deploying Mobile Foundation on Azure Cloud Platform
Yathendra Prasad February 06, 2021
Announcement Mobile_Foundation Azure AKS OpenShiftIBM Mobile Foundation v8.0 can now be deployed on Red Hat OpenShift and Azure Kubernetes Service (AKS) that runs on Azure Cloud Platform.
Download the IBM Mobile Foundation package for OpenShift from IBM Fix Central. Mobile Foundation can be deployed on the following:
- Red Hat OpenShift container platform that runs as service on Azure Cloud
- Azure Kubernetes Service (AKS)
Deployment of Mobile Foundation on OpenShift Container platform
- Access the Azure Portal and select the OpenShift cluster.
- Access the OpenShift console, and either run the following command on Azure Shell or click on cli icon from the Azure Home Page.
az aro list-credentials \
--name $CLUSTER \
--resource-group $RESOURCEGROUP
Example:
azureadmin@Azure:~$ az aro list-credentials --name abh-cluster --resource-group abh-aro-rg
{
"kubeadminPassword": "XXXXXXXXXX",
"kubeadminUsername": "kubeadmin" }
After you login to the cluster, follow the instructions to deploy Mobile Foundation.
Deployment of Mobile Foundation on Azure Kubernetes Service (AKS)
The downloaded PPA package is suitable for OpenShift deployments. To deploy on AKS, the following changes are required:
-
Update or append
role.yaml
in the deploy directory with the following content:apiGroups: ['policy'] resources: ['podsecuritypolicies'] verbs: ['use'] resourceNames: ['mf-operator']
-
Remove
scc.yaml
and create a file with namepsp.yaml
with the following content:apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: mf-operator annotations: apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default spec: requiredDropCapabilities: - ALL volumes: - configMap - emptyDir - projected - secret - downwardAPI - persistentVolumeClaim seLinux: rule: RunAsAny runAsUser: rule: MustRunAsNonRoot supplementalGroups: rule: MustRunAs ranges: - min: 1 max: 65535 fsGroup: rule: MustRunAs ranges: - min: 1 max: 65535 allowPrivilegeEscalation: false forbiddenSysctls: - "*"
-
Connect to Kubernetes Service by running the following commands using Azure CLI or Azure Cloud:
Shell
az account set --subscription <subscription-id> az aks get-credentials --resource-group <resource-grp> --name <clustername>
-
Install Ingress controller as it does not come by default with Azure Kuberntes Service. For more information, see Ngnix Ingress Controller AKS.
kubectl create namespace <ingress-namespace> helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm install nginx-ingress ingress-nginx/ingress-nginx \ --namespace <ingress-namespace> \ --set controller.replicaCount=2 \ --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \ --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux
After successfull installation, you can view the ingress service by running the following command:
kubectl --namespace <ingress-namespace> get services -o wide -w nginx-ingress-ingress-nginx-controller
Example:
azureadmin@Azure:~$ kubectl --namespace mofo get services -o wide -w nginx-ingress-ingress-nginx-controller NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR nginx-ingress-ingress-nginx-controller LoadBalancer 10.0.196.47 52.154.215.160 80:31076/TCP,443:32705/TCP 108m app.kubernetes.io/component=controller,app.kubernetes.io/instance=nginx-ingress,app.kubernetes.io/name=ingress-nginx
After installing Ingress Controller, ingress service is exposed via the External IP.
-
Configure DNS. To configure IP and DNSNAME, save the following content as a script and run it:
For more information, see DNS.
# Public IP address of your ingress controller IP="<External-IP>" # Name to associate with public IP address DNSNAME="<DNS-NAME>" # Get the resource-id of the public ip PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[id]" --output tsv) # Update public ip address with DNS name az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME # Display the FQDN az network public-ip show --ids $PUBLICIPID --query "[dnsSettings.fqdn]" --out put tsv
Note: For instance, a ingress DNS name created would be similar to
<DNS-NAME>.centralus.cloudapp.azure.com
. -
Update the image pull secret (REPLACE_SECRET) in
service_account.yaml
and namepsace (REPLACE_NAMESPACE) inrole_binding.yaml
.Run the following commands to deploy CRD, Operator, and CR:
kubectl create -f deploy/crds/charts_v1_mfoperator_crd.yaml kubectl create -f deploy/service_account.yaml kubectl create -f deploy/role.yaml kubectl create -f deploy/role_binding.yaml kubectl create -f deploy/psp.yaml kubectl create -f deploy/operator.yaml
-
Update image pull secret, DB details, dbsecret, ingress hostname in
deploy/crds/chartsv1mfoperator_cr.yaml
. To deploy Mobile Foundation Custom resource, run the following command:kubectl apply -f deploy/crds/charts_v1_mfoperator_cr.yaml
To access the mobile foundation console:
http://<DNS-NAME>.centralus.cloudapp.azure.com/mfpconsole
For more details, see Accessing the console.
Mobile Foundation Elasticsearch operator related yaml files are present in es directory of the extracted package and deployment also follows the same process as above. Just replace the mf-operator with es-operator in role.yaml and psp.yaml. For more details on Mobile Foundation Elasticsearch operator deployment, see here.
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.