Installing BMC Helix IT Service Management in an Azure Kubernetes Service cluster
Reference installation architecture
The following image shows the reference logical architecture used by BMC to install BMC Helix Service Management in an AKS cluster:
Before you begin
- Make sure you have a domain and have configured the Domain Name System (DNS) for BMC Helix Service Management so that you can access the applications by using URLs.
- Create a Secure Sockets Layer (SSL) certificate for BMC Helix Service Management application URLs to support the HTTPS protocol.
BMC certifies the use of the LetsEncrypt service to create the wildcard SSL certificate. - Review the system requirements for BMC Helix IT Service Management installation.
- Download the installation files and container images access key from Electronic Product Download (EPD).
Process overview of installing BMC Helix Service Management in an AKS cluster
The following image provides an overview of BMC Helix Service Management installation in an AKS cluster:
The following table lists the tasks to install BMC Helix Service Management in an AKS cluster:
Task | Action | Reference |
|---|---|---|
1 | Create and set up an AKS cluster | |
a | Create an AKS cluster by using the Azure portal. | Quickstart: Deploy an Azure Kubernetes Service (AKS) cluster using the Azure portal in the Azure documentation |
b | Install and configure Kubernetes Ingress Nginx Controller. | |
2 | Set up a database | |
Set up an external database for BMC Helix Innovation Suite. Important: You can use a database of your choice. However, BMC has certified the use of a PostgreSQL database with the following specifications:
| ||
3 | Set up BMC Deployment Engine | |
Set up BMC Deployment Engine to call the relevant BMC Helix Innovation Suite installation pipelines that install the platform and applications. | ||
4 | Install BMC Helix Platform services | |
Install BMC Helix Platform services. Important: Use the BMC Deployment Engine system as a controller instance to install BMC Helix Platform services. | ||
5 | Install BMC Helix Service Management | |
Install BMC Helix Innovation Suite and applications. | ||
Installing and configuring Kubernetes Ingress Nginx Controller
The Ingress Nginx Controller installation creates an Azure Standard load balancer for your cluster.
To install Kubernetes Ingress Nginx Controller 1.2.1
- In the deploy.yaml file, modify the kind parameter value from Deployment to DaemonSet.
- Make sure that the namespace value for the Ingress Nginx Controller is ingress-nginx.
Install Ingress Nginx Controller by running the following command:
kubectl apply -f deploy.yamlIngress Ngnix Controller is installed and a Public (Load balancing type) Standard (SKU) load balancer is created.
View the load balancer details by running the following command:
kubectl get svc -n ingress-nginxExample output of the command is as follows:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ingress-nginx-controller LoadBalancer xx.x.xxx.xxx xx.xxx.xxx.xxx 80:30740/TCP,443:30802/TCP 3d21h
ingress-nginx-controller-admission ClusterIP xx.x.xxx.xxx <none> 443/TCP 3d21hEXTERNAL-IP is the IP address of external load balancer that is created in the Azure cloud.
- In the DNS records configure the external IP as the target for application URL host names.
Verify that pods are running on each worker node.
Worker nodes are added to the load balancer backend pools automatically as shown in the following example image:
To configure Ingress Nginx Controller
Identify the Ingress Nginx Controller configmap name by running the following command:
kubectl get all -n <ingress_nginx_namespace>Modify the configmap name to use the configmap in your environment by running the following command:
kubectl edit cm <ingress_nginx_configmap> -n <ingress_nginx_namespace>Example command output:
data:
enable-underscores-in-headers: "true"
proxy-body-size: 250m
server-name-hash-bucket-size: "1024"
ssl-redirect: "false"
use-forwarded-headers: "true"
To install TLS certificate
Install a Transport Layer Security (TLS) certificate in the Ingress Nginx Controller for TLS termination.
Create a secret with a certificate and key that you want to mount on the Ingress Controller pods by using the following command:
kubectl create secret tls my-tls-secret --cert=/path/to/cert.pem --key=/path/to/privkey.pem -n ingress-nginxEdit the daemonset by using the following command and add the secret in the args section.
kubectl edit daemonset ingress-nginx-controller -n ingress-nginxExample command output:
...
spec:
containers:
- args:
- /nginx-ingress-controller
- --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
- --election-id=ingress-controller-leader
- --controller-class=k8s.io/ingress-nginx
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
- --default-ssl-certificate=ingress-nginx/my-tls-secret
To set up the database
- Provision a PostgreSQL database by using the Azure Database for PostgreSQL servers option in the Azure portal.
- In the database server parameters, disable encrypted connections by turning off the require_secure_transport server parameter.
- Enable the azure.extensions: CITEXT and DBLINK.
- Create the postgres role.
- Log in to the database as an administrator user.
Run the following commands:
CREATE ROLE postgres WITH LOGIN NOSUPERUSER INHERIT CREATEDB CREATEROLE NOREPLICATION PASSWORD 'bmcAdm1n';
GRANT azure_pg_admin TO postgres;
Where to go from here