×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Space banner

   

This documentation supports an earlier version of BMC Helix IT Operations Management on-premises deployment.

To view the documentation for the latest version, select 22.4 from the Product version picker.
BMC Helix IT Operations Management deployment 21.3 ... Deploying Preparing for deployment

Deploying the ingress controller for OpenShift or Kubernetes

The ingress controller is a load balancer for Kubernetes environments

Related topics

Preparing for deployment

System requirements

Perform the following steps to install the ingress controller:

  1. Download controller-nginx-ingress-controller:nginx-0.32. You can download it by using the attached ingress.yaml file.
    If you change the ingress configuration and decide not to use the attached ingress.yaml file, make sure that the INGRESS_CLASS value in the configs/infra.config file matches the class in your ingress definition.

  2. Create a secret from the trusted certificate and key. Depending on your cluster, run the following command:
    OpenShift:

    oc create secret tls my-tls-secret --cert=/path/to/cert.pem --key=/path/to/privkey.pem -n default

    Kubernetes:

    kubectl create secret tls my-tls-secret --cert=/path/to/cert.pem --key=/path/to/privkey.pem -n default
  3. In the ingress-controller, do the following
    1. In the args section, set the default certificate to my-tls-secret.
    2. Set the ingress-class to knginx.

  4. Ensure that you set the ingress class to knginx in the configs/infra.config file as shown below:
    INGRESS_CLASS=knginx

  5. (OpenShift) Create the Security Context Constraint (SCC). Run the following command;

    oc create -f ingress-scc.yaml

  6. Create a namespace and an ingress controller. Run the following commands in the given order:
    OpenShift

    1- oc new-project internet-ingress
2- oc create -f ingress.yaml

    Kubernetes

    1- kuebctl create ns internet-ingress
2- kubectl create -f ingress.yaml

  7. For OpenShift clusters, add the ADM policy. Run the following command:

    oc adm policy add-scc-to-user ingress-scc -z internet-ingress-serviceaccount -n internet-ingress
  8. Update the DNS records in the infra.config file. All parameters in the infra.config file must have a valid DNS entry. The following entries are required for the ingress controller:
    • TMS: Value of the TMS_LB_HOST parameter
    • RSSO: Value of the LB_HOST parameter
    • Tenant: Derived from ENVIRONMENT, TENANT_TYPE, and DOMAIN parameters
    • MinIO: Value of the MINIO_LB_HOST parameter
    • Self-observability: Derived from ENVIRONMENT, TENANT_TYPE, and DOMAIN parameters. For example, $COMPANY_NAME-self-$TENANT_TYPE-$ENVIRONMENT$DOMAIN
    • (Only for BMC Helix Operations Management) BMC Discovery Appliance: Derived from ENVIRONMENT, TENANT_TYPE, and DOMAIN parameters - $COMPANY_NAME-disc-$TENANT_TYPE-$ENVIRONMENT$DOMAIN
    • (Only for BMC Helix Continuous Optimization) Derived from ENVIRONMENT, TENANT_TYPE, and DOMAIN parameters - $COMPANY_NAME-optimize-$TENANT_TYPE-$ENVIRONMENT$DOMAIN
      For example: acme-optimize-private-poc.acme.com
      For more information about the infra.config and deployment.config files, see Configuration file settings.
  9. Edit or patch the external load balancer IP addresses that computers outside your local network use to connect to identify your network.
    In a Kubernetes environment, pods are used as nonpermanent resources whose IP addresses keep on changing. External IPs are required for the frontends to keep track of the pods.
    For information about the external IP format, see  the Kubernetes documentation Open link .
    Run the following command:

    OpenShift

    oc edit svc internet-ingress -n internet-ingress

    Kubernetes

    kubectl edit svc internet-ingress -n internet-ingress
  10. Delete the ingress controller pods.
  11. Verify that the URL shows a secured connection.
  12. Configure the load balancer. 
    Add the ports for the following:
    • The load balancer input port (443)
    • The load balancer output nodes, which are the worker nodes

    • The external ports for the load balancer output nodes. Obtain these nodes from the ingress controller. Use the following command, where port 31301 is configured that maps to the Kubernetes internal port 443:

      >kubectl get service  | head -1
NAMESPACE                                          NAME                                                              TYPE           CLUSTER-IP       EXTERNAL-IP                            PORT(S)                                           AGE

>kubectl get service -A | grep internet-ingress | grep LoadBalancer
internet-ingress                                   internet-ingress                                                  LoadBalancer   172.30.242.1     172.25.146.75                          443:31391/TCP,80:30888/TCP                        9d


Was this page helpful? Yes No Submitting... Thank you
Last modified by Mukta Kirloskar on Feb 24, 2023

Comments

  1. Zoltan Katona
    1. The contents of this chapter are duplicated.
    2. "Download the attached ingress-scc.yaml file." Is this file is for both OpenShift and Kubernetes? I was not able to deploy it into a Kubernetes environment.
    Jan 25, 2022 09:53
    1. Mukta Kirloskar

      Hello,

      This file is only for OpenShift.

      Thank you.

      Jun 03, 2022 05:43
  2. Peng Li

    [root@helix-k8s-master01 tmp]# kubectl create -f ingress.yaml service/internet-ingress created deployment.apps/default-http-backend-internal-internal created service/default-http-backend-internal created configmap/internet-ingress-configuration created configmap/tcp-services created configmap/udp-services created serviceaccount/internet-ingress-serviceaccount created Warning: rbac.authorization.k8s.io/v1beta1 ClusterRole is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRole clusterrole.rbac.authorization.k8s.io/internet-ingress-clusterrole created Warning: rbac.authorization.k8s.io/v1beta1 Role is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 Role role.rbac.authorization.k8s.io/internet-ingress-role created Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding rolebinding.rbac.authorization.k8s.io/internet-ingress-role-nisa-binding created Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding clusterrolebinding.rbac.authorization.k8s.io/internet-ingress-clusterrole-nisa-binding created error: error validating "ingress.yaml": error validating data: ValidationError(DaemonSet.spec): unknown field "replicas" in io.k8s.api.apps.v1.DaemonSetSpec; if you choose to ignore these errors, turn validation off with --validate=false [root@helix-k8s-master01 tmp]#

    Feb 12, 2022 07:35
  3. Joachim Latzko

    Hi documentation team. The content on this page between "The ingress controller is a load balancer for Kubernetes environments." and "13. Configure the load balancer" is repeated several times.

    Feb 21, 2022 10:17
    1. Mukta Kirloskar

      Thank you. This is fixed.

      Mar 30, 2022 06:59
  4. Jeremy Schlosky

    On step 7 under Kubernetes, command has a typo, should be kubectl, rather than kuebctl. Also, we are confused on Step 11, are you saying deploy the ingress controller, then delete the ingress controller pods? Can we get a bit more clarification on this step? is the ingress controller handled elsewhere?

    Mar 08, 2022 04:44
    1. Mukta Kirloskar

      Thank you. This is fixed.

      Mar 30, 2022 06:59
  5. Uwe Reimers

    The file in Step 2 has a different name and does not contain the modifications recommended in step (Deploying BMC Helix common services for BMC Helix IT Service Management - Documentation for BMC Helix IT Operations Management deployment 21.3 - BMC Documentation) Why is step 3 needed? - If you terminate the SSL at the LB it is not needed. (see also 12 and 13) Step 11 - You delete the pods, because you can not restart them to use the new configuration.

    Mar 14, 2022 09:16
    1. Mukta Kirloskar

      Hello,

      We have updated the documentation. Please let us know if you have more questions.

      Thank you.

      Jun 03, 2022 06:04
  6. Dima Seliverstov

    In the last step the port is wrong based on the example it should be 31391 not 31301

    Mar 17, 2022 01:39
    1. Mukta Kirloskar

      This is fixed.

      Mar 30, 2022 06:58
  7. Simone Gaiera

    In step 8, I think the command should start with "oc adm policy ". The command should be "oc adm policy add-scc-to-user ingress-scc -z internet-ingress-serviceaccount -n internet-ingress"

    Apr 06, 2022 01:42
    1. Joachim Latzko

      You are right, Simone, except for that it is step 7 (not 8). BMC, please correct.

      May 16, 2022 02:28
      1. Mukta Kirloskar

        Thank you for the comments. This is now corrected.

        May 18, 2022 01:40
  8. Andreas Mitterdorfer

    The attached ingress.yaml file contains annotations for aws ? I assume they should be removed/modified?

    https://docs.bmc.com/docs/display/brid21304/System+requirements documents further requirements for ingress. It would be nice if these were included in configmap in yaml file.

    May 24, 2022 07:26
    1. Mukta Kirloskar

      Hello,

      If your system does not use AWS, the AWS annotations will be ignored.

      Thank you.

      Jun 03, 2022 06:02

Log in or register to comment.

Sample configuration files for BMC Helix Continuous Optimization
Preparing for BMC Helix logging
© Copyright 2021 - 2022 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.