Deploying BMC Helix IT Operations Management in an Azure Kubernetes Service cluster
macro:idReference installation architecture
The following image shows the reference logical architecture used by BMC to deploy BMC Helix IT Operations Management in an AKS cluster:
macro:confluence_layout-cell
macro:idBefore you begin
- Make sure you have a domain and have configured Domain Name System (DNS) for BMC Helix IT Operations Management so that you can access the applications by using URLs.
- Make sure that you create a Secure Sockets Layer (SSL) certificate for BMC Helix IT Operations Management application URLs to support the HTTPS protocol.
BMC certifies the use of the LetsEncrypt service to create the wildcard SSL certificate. - Review the system requirements for BMC Helix IT Service Management installation.
- Download the installation files and container images access key from Electronic Product Download (EPD).
macro:confluence_layout-cell
macro:idProcess to install BMC Helix IT Operations Management in an AKS cluster
The following table lists the tasks to install BMC Helix IT Operations Management in an AKS cluster:
Task | Action | Reference |
|---|---|---|
1 | Create and set up an AKS cluster |
|
a | Create an AKS cluster by using the Azure portal. | Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal in the Azure documentation |
b | Install and configure Kubernetes Ingress Nginx Controller. | Installing and configuring Kubernetes Ingress Nginx Controller To know the certified versions Ingress Controller with the Kubernetes and OpenShift orchestration platform see, |
2 | Prepare for deploying BMC Helix IT Operations Management |
|
a | Set vm.max.count on all worker nodes. | |
b | Set up BMC Discovery . | |
c | Configure the BMC Discovery DNS. | |
d | Configure access to BMC Discovery . | |
e | Enable the Network Time Protocol (NTP)-Time synchronization. | |
3 | Install BMC Helix IT Operations Management |
|
| Install BMC Helix IT Operations Management. |
macro:confluence_layout-cell
macro:idmacro:idInstalling and configuring Kubernetes Ingress Nginx Controller
The Ingress Nginx Controller installation creates an Azure Standard load balancer for your cluster.
To install and configure Ingress Nginx Controller, perform the following tasks:
macro:confluence_layout-cell
macro:idmacro:idTo install Ingress Nginx controller
Based on the version of your Kubernetes, download one of the deploy.yaml files for the NGINX Ingress Controller
Nginx Ingress Controller
versionDownload Link
1.7.0
1.8.1
1.9.3
1.9.5
1.9.6
- In the deploy.yaml file, modify the kind parameter value from Deployment to DaemonSet.
- Make sure that the namespace value for the ingress controller is ingress-nginx.
- Install Ingress Nginx controller by running the following command:
kubectl apply -f deploy.yaml
Ingress controller is installed and a Public (Load balancing type) Standard (SKU) load balancer is created.
To view the load balancer details, run the following command:
kubectl get svc -n ingress-nginx
Example output of the command is as follows:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer 10.0.140.244 20.253.121.236 80:30740/TCP,443:30802/TCP 3d21h
ingress-nginx-controller-admission ClusterIP 10.0.119.115 <none> 443/TCP 3d21hThe EXTERNAL-IP is the IP address of external load balancer that is created in the Azure cloud.
- In the DNS records, make sure that you have configured the external IP as the target for application URL host names.
Verify that the pods are running on each worker node.
Worker nodes are added to the load balancer backend pools automatically as shown in the following example image:
macro:confluence_layout-cell
macro:idmacro:idTo configure Ingress Nginx Controller
Identify the Ingress Nginx Controller configmap name by running the following command:
kubectl get all -n <ingress_nginx_namespace>
Modify the configmap name to use the configmap in your environment by running the following command:
kubectl edit cm <ingress_nginx_configmap> -n <ingress_nginx_namespace>
Example command output:
data:
enable-underscores-in-headers: "true"
proxy-body-size: 250m
server-name-hash-bucket-size: "1024"
ssl-redirect: "false"
use-forwarded-headers: "true"
macro:confluence_layout-cell
macro:idmacro:idTo install TLS certificate
To install a Transport Layer Security (TLS) certificate in the Ingress Nginx Controller for TLS termination, perform the following steps:
Create a secret with a certificate and key that you want to mount on the Ingress Controller pods by using the following command:
kubectl create secret tls my-tls-secret --cert=/path/to/cert.pem --key=/path/to/privkey.pem -n ingress-nginx
Edit the daemonset by using the following command and add the secret in the args section.
kubectl edit daemonset ingress-nginx-controller -n ingress-nginx
Example command output:
... spec: containers: - args: - /nginx-ingress-controller - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - --election-id=ingress-controller-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key - --default-ssl-certificate=ingress-nginx/my-tls-secret
macro:confluence_layout-cell
macro:idmacro:idPreparing to deploy BMC Helix IT Operations Management
- Set vm.max.count on all worker nodes.
- Set up BMC Discovery .
- Configure the DNS.
- Configure access to BMC Discovery.
- Enable the Network Time Protocol (NTP)-Time Sync.
macro:confluence_layout-cell
macro:idTo set up vm.max.count on all worker nodes
Obtain the nodes in the cluster by running the following command:
kubectl get nodes
Example output:
aks-is1-31789813-vmss000001 Ready agent 19m v1.23.12
Configure the vm.max_map_count by running the followig command:
kubectl debug node/aks-is1-31789813-vmss00000a -it --image=mcr.microsoft.com/dotnet/runtime-deps:6.0
In the debug container, run the following commands in the given order:
chroot /host
echo vm.max_map_count=262144 > /etc/sysctl.d/es-custom.conf
sysctl -w vm.max_map_count=262144- Exit the debug container.
macro:confluence_layout-cell
macro:idTo set up BMC Discovery
See Deploying a BMC Discovery virtual appliance into Microsoft Azure for instructions on setting up BMC Discovery.
macro:confluence_layout-cell
macro:idTo configure the BMC Discovery DNS
Create a DNS alias for the URL created for BMC Discoverywith the IP of the BMC Discoverymachine in the following format:
COMPANY-disc-TENANT_TYPE-ENVIRONMENT.DOMAIN
where the COMPANY, TENANT_TYPE, ENVIRONMENT, and DOMAIN parameters are derived from the helix-on-prem-deployment-manager/configs/infra.config file.
Example: acme-disc-private-poc.lab.bmc.com
For more information, see Configuration-file-settings.
macro:confluence_layout-cell
macro:idTo configure access to BMC Discovery
- After BMC Discovery is set up and configured, ensure that BMC Discovery DNS alias is resolvable from all worker nodes.
- Allow the 443 and 25030-25033 ports from worker nodes to BMC Discovery virtual machine.
From the worker nodes, ensure that the following telnet protocol works:
telnet <Discovery Appliance DNS alias> 443/25030/25031/25032/25033
- Ensure that BMC Discovery can access BMC Helix Single Sign-on and the BMC Helix Portal URLs.
macro:confluence_layout-cell
macro:idTo enable the Network Time Protocol (NTP)-Time synchronization
For instructions, see Performing time synchronization.
macro:confluence_layout-cell
macro:idWhere to go from here
macro:confluence_layout-cell