Deploying Mobile Foundation on Azure Cloud Platform

IBM Mobile Foundation v8.0 can now be deployed on Red Hat OpenShift and Azure Kubernetes Service (AKS) that runs on Azure Cloud Platform.

Download the IBM Mobile Foundation package for OpenShift from IBM Fix Central. Mobile Foundation can be deployed on the following:

  • Red Hat OpenShift container platform that runs as service on Azure Cloud
  • Azure Kubernetes Service (AKS)

Deployment of Mobile Foundation on OpenShift Container platform

  1. Access the Azure Portal and select the OpenShift cluster.
  2. Access the OpenShift console, and either run the following command on Azure Shell or click on cli icon from the Azure Home Page.
az aro list-credentials \     
 --name $CLUSTER \     
 --resource-group $RESOURCEGROUP


azureadmin@Azure:~$ az aro list-credentials --name abh-cluster  --resource-group abh-aro-rg    
    "kubeadminPassword": "XXXXXXXXXX",      
    "kubeadminUsername": "kubeadmin"    }

After you login to the cluster, follow the instructions to deploy Mobile Foundation.

Deployment of Mobile Foundation on Azure Kubernetes Service (AKS)

The downloaded PPA package is suitable for OpenShift deployments. To deploy on AKS, the following changes are required:

  1. Update or append role.yaml in the deploy directory with the following content:

    apiGroups: ['policy']  
    resources: ['podsecuritypolicies']  
    verbs: ['use']  
    resourceNames: ['mf-operator']
  2. Remove scc.yaml and create a file with name psp.yaml with the following content:

    apiVersion: policy/v1beta1
    kind: PodSecurityPolicy
    name: mf-operator  
    annotations: runtime/default runtime/default docker/default docker/default
    - ALL  
    - configMap  
    - emptyDir  
    - projected  
    - secret  
    - downwardAPI  
    - persistentVolumeClaim  
      rule: RunAsAny  
      rule: MustRunAsNonRoot  
      rule: MustRunAs    
      - min: 1      
        max: 65535  
       rule: MustRunAs    
       - min: 1      
         max: 65535  
     allowPrivilegeEscalation: false  
     - "*"
  3. Connect to Kubernetes Service by running the following commands using Azure CLI or Azure Cloud:


    az account set --subscription <subscription-id>
    az aks get-credentials --resource-group <resource-grp> --name <clustername>
  4. Install Ingress controller as it does not come by default with Azure Kuberntes Service. For more information, see Ngnix Ingress Controller AKS.

    kubectl create namespace <ingress-namespace>
    helm repo add ingress-nginx
    helm install nginx-ingress ingress-nginx/ingress-nginx \    
       --namespace <ingress-namespace> \    
       --set controller.replicaCount=2 \    
       --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \    
       --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux

    After successfull installation, you can view the ingress service by running the following command:

    kubectl --namespace <ingress-namespace> get services -o wide -w nginx-ingress-ingress-nginx-controller


    azureadmin@Azure:~$ kubectl --namespace mofo get services -o wide -w nginx-ingress-ingress-nginx-controller        
    NAME                                     TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)                      AGE    SELECTOR        
    nginx-ingress-ingress-nginx-controller   LoadBalancer   80:31076/TCP,443:32705/TCP   108m,,

    After installing Ingress Controller, ingress service is exposed via the External IP.

  5. Configure DNS. To configure IP and DNSNAME, save the following content as a script and run it:

    For more information, see DNS.

    # Public IP address of your ingress controller
    # Name to associate with public IP address
    # Get the resource-id of the public ip
    PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[id]" --output tsv)
    # Update public ip address with DNS name
    az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME
    # Display the FQDN
    az network public-ip show --ids $PUBLICIPID --query "[dnsSettings.fqdn]" --out
    put tsv 

    Note: For instance, a ingress DNS name created would be similar to <DNS-NAME>

  6. Update the image pull secret (REPLACE_SECRET) in service_account.yaml and namepsace (REPLACE_NAMESPACE) in role_binding.yaml.

    Run the following commands to deploy CRD, Operator, and CR:

    kubectl create -f deploy/crds/charts_v1_mfoperator_crd.yaml
    kubectl create -f deploy/service_account.yaml
    kubectl create -f deploy/role.yaml
    kubectl create -f deploy/role_binding.yaml
    kubectl create -f deploy/psp.yaml
    kubectl create -f deploy/operator.yaml
  7. Update image pull secret, DB details, dbsecret, ingress hostname in deploy/crds/chartsv1mfoperator_cr.yaml. To deploy Mobile Foundation Custom resource, run the following command:

    kubectl apply -f deploy/crds/charts_v1_mfoperator_cr.yaml

    To access the mobile foundation console:


    For more details, see Accessing the console.

    Mobile Foundation Elasticsearch operator related yaml files are present in es directory of the extracted package and deployment also follows the same process as above. Just replace the mf-operator with es-operator in role.yaml and psp.yaml. For more details on Mobile Foundation Elasticsearch operator deployment, see here.

Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.
Last modified on February 06, 2021