Deploying Mobile Foundation on Azure Cloud Platform

IBM Mobile Foundation v8.0 can now be deployed on Red Hat OpenShift and Azure Kubernetes Service (AKS) that runs on Azure Cloud Platform.

Download the IBM Mobile Foundation package for OpenShift from IBM Fix Central. Mobile Foundation can be deployed on the following:

• Red Hat OpenShift container platform that runs as service on Azure Cloud
• Azure Kubernetes Service (AKS)

Deployment of Mobile Foundation on OpenShift Container platform

1. Access the Azure Portal and select the OpenShift cluster.
2. Access the OpenShift console, and either run the following command on Azure Shell or click on cli icon from the Azure Home Page.

az aro list-credentials \     
 --name $CLUSTER \     
 --resource-group $RESOURCEGROUP

Example:

azureadmin@Azure:~$ az aro list-credentials --name abh-cluster  --resource-group abh-aro-rg    
{      
    "kubeadminPassword": "XXXXXXXXXX",      
    "kubeadminUsername": "kubeadmin"    }

After you login to the cluster, follow the instructions to deploy Mobile Foundation.

Deployment of Mobile Foundation on Azure Kubernetes Service (AKS)

The downloaded PPA package is suitable for OpenShift deployments. To deploy on AKS, the following changes are required:

1. Update or append role.yaml in the deploy directory with the following content:

   apiGroups: ['policy']  
   resources: ['podsecuritypolicies']  
   verbs: ['use']  
   resourceNames: ['mf-operator']
   

2. Remove scc.yaml and create a file with name psp.yaml with the following content:

   apiVersion: policy/v1beta1
   kind: PodSecurityPolicy
   metadata:  
   name: mf-operator  
   annotations:    
   apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
   apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default     
   seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default    
   seccomp.security.alpha.kubernetes.io/defaultProfileName: docker/default
   spec:  
   requiredDropCapabilities:  
   - ALL  
   volumes:  
   - configMap  
   - emptyDir  
   - projected  
   - secret  
   - downwardAPI  
   - persistentVolumeClaim  
   seLinux:    
     rule: RunAsAny  
   runAsUser:    
     rule: MustRunAsNonRoot  
   supplementalGroups:    
     rule: MustRunAs    
     ranges:    
     - min: 1      
       max: 65535  
    fsGroup:    
      rule: MustRunAs    
      ranges:    
      - min: 1      
        max: 65535  
    allowPrivilegeEscalation: false  
    forbiddenSysctls:  
    - "*"
   

3. Connect to Kubernetes Service by running the following commands using Azure CLI or Azure Cloud:

   Shell

   az account set --subscription <subscription-id>
   az aks get-credentials --resource-group <resource-grp> --name <clustername>
   

4. Install Ingress controller as it does not come by default with Azure Kuberntes Service. For more information, see Ngnix Ingress Controller AKS.

   kubectl create namespace <ingress-namespace>
   helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
   helm install nginx-ingress ingress-nginx/ingress-nginx \    
      --namespace <ingress-namespace> \    
      --set controller.replicaCount=2 \    
      --set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \    
      --set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux
   

   After successfull installation, you can view the ingress service by running the following command:

   kubectl --namespace <ingress-namespace> get services -o wide -w nginx-ingress-ingress-nginx-controller
   

   Example:

   azureadmin@Azure:~$ kubectl --namespace mofo get services -o wide -w nginx-ingress-ingress-nginx-controller        
   NAME                                     TYPE           CLUSTER-IP    EXTERNAL-IP      PORT(S)                      AGE    SELECTOR        
   nginx-ingress-ingress-nginx-controller   LoadBalancer   10.0.196.47   52.154.215.160   80:31076/TCP,443:32705/TCP   108m   app.kubernetes.io/component=controller,app.kubernetes.io/instance=nginx-ingress,app.kubernetes.io/name=ingress-nginx
   

   After installing Ingress Controller, ingress service is exposed via the External IP.

5. Configure DNS. To configure IP and DNSNAME, save the following content as a script and run it:

   For more information, see DNS.

   # Public IP address of your ingress controller
   IP="<External-IP>"
   # Name to associate with public IP address
   DNSNAME="<DNS-NAME>"
   # Get the resource-id of the public ip
   PUBLICIPID=$(az network public-ip list --query "[?ipAddress!=null]|[?contains(ipAddress, '$IP')].[id]" --output tsv)
   # Update public ip address with DNS name
   az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME
   # Display the FQDN
   az network public-ip show --ids $PUBLICIPID --query "[dnsSettings.fqdn]" --out
   put tsv 
   

   Note: For instance, a ingress DNS name created would be similar to <DNS-NAME>.centralus.cloudapp.azure.com.

6. Update the image pull secret (REPLACE_SECRET) in service_account.yaml and namepsace (REPLACE_NAMESPACE) in role_binding.yaml.

   Run the following commands to deploy CRD, Operator, and CR:

   kubectl create -f deploy/crds/charts_v1_mfoperator_crd.yaml
   kubectl create -f deploy/service_account.yaml
   kubectl create -f deploy/role.yaml
   kubectl create -f deploy/role_binding.yaml
   kubectl create -f deploy/psp.yaml
   kubectl create -f deploy/operator.yaml
   

7. Update image pull secret, DB details, dbsecret, ingress hostname in deploy/crds/chartsv1mfoperator_cr.yaml. To deploy Mobile Foundation Custom resource, run the following command:

   kubectl apply -f deploy/crds/charts_v1_mfoperator_cr.yaml
   

   To access the mobile foundation console:

   http://<DNS-NAME>.centralus.cloudapp.azure.com/mfpconsole
   

   For more details, see Accessing the console.

   Mobile Foundation Elasticsearch operator related yaml files are present in es directory of the extracted package and deployment also follows the same process as above. Just replace the mf-operator with es-operator in role.yaml and psp.yaml. For more details on Mobile Foundation Elasticsearch operator deployment, see here.