This documentation supports an earlier version of BMC Helix IT Service Management on-premises deployment.To view the documentation for the latest version, select 23.3.04 from the Product version picker.

Installing BMC Helix IT Service Management in an Amazon Elastic Kubernetes Service cluster

You can install BMC Helix Service Management in an Amazon Elastic Kubernetes Service (EKS) cluster if you use Amazon EKS to manage your Kubernetes platform.

Related topics

Installing-BMC-Helix-ITSM-Service-Management-in-a-Google-Kubernetes-Engine-cluster

Installation-process-overview
Amazon Elastic Kubernetes Service

Reference installation architecture

The following image shows the reference logical architecture used by BMC to install BMC Helix Service Management in an Amazon EKS cluster:

Important

BMC provides general guidelines to install BMC Helix Service Management in an Amazon Elastic Kubernetes Service cluster based on the following reference architecture used by BMC. Although you can choose any alternative architecture or installation options on this platform. BMC does not provide support for alternative options.

EKS architecture diagram.png

The following AWS services are used:

  • AWS Certificate Manager (ACM)—Handles the complexity of creating, storing, and renewing public and private SSL/TLS X.509 certificates and keys.
  • Simple Storage Service (S3)—Is used to upload files to AWS. This object storage service provides scalability, data availability, security, and performance.
  • Route53— Is a highly available and scalable Domain Name System (DNS) web service.

Before you begin

Important

AWS Single Sign-On (AWS SSO) is not supported.

Process to install BMC Helix Service Management in an Amazon EKS cluster

The following image provides an overview of BMC Helix Service Management installation in an Amazon EKS cluster:

Installation process in and EKS cluster.png


The following table lists the tasks to install BMC Helix Service Management in an Amazon EKS cluster:

Task

Action

Reference

1

Create and set up an Amazon EKS cluster

a

Create a Kubernetes cluster by using the AWS EKS service.

Important: BMC has certified using the default storage class gp2 from the Amazon Elastic Block Store (EBS)  available in the Amazon EKS cluster. You can use the default storage class or create your own Amazon EBS storage class.

b

Enable the Kubernetes Metrics Server for Horizontal Pod Autoscaling feature. 

c

Install and configure Kubernetes Ingress Nginx Controller.

2

Set up a database

a

Set up an external database for BMC Helix Innovation Suite.

Important: You can use a database of your choice. However, BMC has certified using the Aurora PostgreSQL 13.x database in AWS and the db.r6g.2xlarge instance class for compact size deployment.

Amazon Aurora supports PostgreSQL 13 in the AWS documentation



b

Create a database administrator user and specify the following permissions for the user:
PostgresPermissions.jpg

Important: Make sure that you specify this database administrator user in the DATABASE_ADMIN_USER parameter while installing BMC Helix Innovation Suite and applications. 

c

If Aurora replication is enabled, make sure that you use the endpoint or port of the Writer instance in the database host name.

3

Set up BMC Deployment Engine


Set up BMC Deployment Engine to call the relevant BMC Helix Innovation Suite installation pipelines that install the platform and applications.

4

Install BMC Helix Platform services

a

Configure the Elasticsearch vm.max_map_count parameter to meet the virtual memory requirements for Elasticsearch installation through BMC Helix Platform services installation.

b

Install BMC Helix Platform services.

Important: Use the BMC Deployment Engine system as a controller instance to install BMC Helix Platform services.

5

Install BMC Helix IT Service Management


Install BMC Helix Innovation Suiteand applications. 

Installing and configuring Kubernetes Ingress Nginx Controller

The Ingress Nginx Controller is a load balancer for your cluster. Install and configure Kubernetes Ingress Nginx Controller by performing the following tasks:

  1. Install Kubernetes Ingress Nginx Controller 1.2.0
  2. Configure a DNS record for your domain.
  1. Configure the load balancer created by Ingress Controller.

To install Kubernetes Ingress Nginx Controller

  1. Download the sample Ingress Nginx yaml file.
  2. Modify the sample Ingress Nginx yaml file with the following details:

    1. Modify the Virtual private cloud (VPC) Classless Inter-Domain Routing (CIDR) details as follows:

      apiVersion: v1
      data:
      http-snippet: |
      server {
      listen 2443;
      return 308 https://$host$request_uri;
      }
      proxy-real-ip-cidr: 192.168.0.0/16
      use-forwarded-headers: "true"

    2. Modify the AWS Certificate Manager (ACM) ID details as follows:

      metadata:
      annotations:
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-2:xxxxxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx

  3. In your cluster, run the following command:

    kubectl apply -f sample-ingress-controller.yaml

    Ingress Nginx Controller is deployed in the internet-ingress namespace and an external classic load balancer is created in AWS.

  4. To get the address of the load balancer, run the following command:

    kubectl get svc -n internet-ingress

    Example command output:

    NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
    internet-ingress-controller LoadBalancer 10.100.180.188 xxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxx.us-east-2.elb.amazonaws.com 80:32691/TCP,443:32317/TCP 6m4s
    internet-ingress-controller-admission ClusterIP 10.100.182.96 <none> 443/TCP 6m4s

If you do not use the sample Ingress Nginx yaml file and use an alternate Ingress Nginx Controller 1.2.0, make sure that you update the config map as follows:

kind: ConfigMap
apiVersion: v1
metadata:
  name: internet-ingress-configuration
 namespace: internet-ingress
  labels:
    app.kubernetes.io/name: internet-ingress
    app.kubernetes.io/part-of: internet-ingress
data:
  use-proxy-protocol: "false"
  proxy-add-original-uri-header: "true"
  proxy-real-ip-cidr: 172.xx.xxxx.0/24
  proxy-body-size: "250m"
  force-ssl-redirect: "false"
  ssl-redirect: "false"
  server-name-hash-bucket-size: "512"
  use-forwarded-headers: "true"
  server-tokens: "false"
  http-snippet: |
    server {
      listen 8080;
      server_tokens off;
   }


To configure a DNS record for your domain

Configure a DNS record for your domain so that you can access the applications by using URLs.

  1. Navigate to your domain-hosted zone.

  2. Create a DNS A type record for the domain to resolve URLs to the load balancer as shown in the following example:

    Record Name - *.helixonprem.com
    Type - A
    Value/Route traffic to
    - Alias to Application and Classic LoadBalancer
    - Select the region - us-east-2
    - Select the Classic LB - xxxxxxxxxxxxxxxxxxxxxx-xxxxxxxxxxxxx.us-east-2.elb.amazonaws.com

To configure the load balancer for the cluster

Configure the load balancer listener specifications by using the following steps:

  1. In the AWS console, select the load balancer created by Ingress Controller.
  2. Navigate to the Listeners tab.
  3. On the Listeners tab, click Edit.
  4. Update the Load Balancer Protocol value from SSL to HTTPS and HTTP mappings.

  5. For HTTPS and HTTP protocols, update the Instance Protocol value to HTTP and make sure that the protocols map to the Ingress Nginx service ports.
    The following image shows an example:
    AWSCert.JPG
    You can find the Ingress Nginx service port values by using the following command in your Kubernetes cluster:

    kubectl -n <ingressnamesapce> get svc

Important

If you use the Load Balancer protocol as SSL, the support for x-forwarder headers is removed and you cannot login to the BMC Helix Portal.

For information about the listener settings, see Listener configurations for Classic Load Balancers.


To configure the virtual memory parameter for Elasticsearch

For all worker nodes in your Amazon EKS cluster, set the sysctl -w vm.max_map_count parameter to 262144 before installing BMC Helix Platform services.

  1. In your Amazon EKS cluster, connect to the worker node through Secure Shell (SSH).

  2. Run the following commands on the worker node:

    sysctl -w vm.max_map_count=262144
    echo vm.max_map_count=262144 > /etc/sysctl.d/es-custom.conf


Example of setting up an Amazon EKS cluster

The following example shows the steps for setting up an Amazon EKS cluster by using the AWS Cloud Shell:

  1. Install kubectl 1.21.
    See Installing or updating kubectl in the AWS documentation.

  2. Install eksctl.
    See Installing or updating eksctl in the AWS documentation.

  3. Create an Amazon EKS cluster from the AWS Cloud shell.
    See Getting started with Amazon EKS – eksctl in the AWS documentation.

  4. Run the following eksctl command from the AWS Cloud Shell.

    eksctl create cluster \
    --name cluster name \
    --region region name \
    --version "1.21" \
    --nodegroup-name node group name \
    --node-type type of node \
    --nodes-min minimum nodes count \
    --nodes-max maximum nodes count \
    --with-oidc \
    --ssh-access \
    --enable-ssm \
    --ssh-public-key eks-nodes \
    --asg-access \
    --external-dns-access \
    --alb-ingress-access \
    --managed

    After the eksctl create cluster command is complete, a kubectl configuration file located at /home/cloudshell-user/.kube/config is created.

  5. Copy the config file to your local system.
    Use this file while setting up BMC Deployment Engine.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*