Deploying Azure Kubernetes Services (AKS)

Overview

The following article demonstrates how to set up an Azure Kubernetes Service (AKS) cluster in an Azure Cloud. For more information, refer to About Clustering.

Prerequisites

• An active Azure Account.

• A Database Server. Refer to the installation requirements to know the supported Databases.

• If using an Azure Database Server, navigate to Security > Networking and enable Allow Azure services and resources to access this server. This action will allow the Kubernetes pods to access the DBs inside the DB server. Refer to the following image.

• An Azure storage account. Refer to Create a storage account.

• While creating a new Azure storage account, ensure Performance is set to Premiu m and the Premium account type is set to File Shares; refer to the following image.
  

• Create a File share under this Azure storage account. This file share will be used to maintain the persistent storage of the container. Further in this article, we have used a File Share named filestorage.

Steps to deploy the Kubernetes cluster in Azure

1. Creating Kubernetes Service

2. Deploying a Decisions Service

3. Enabling Application Gateway Ingress Controller (AGIC)

4. Deploying Application Gateway

5. Deploying Redis Service

6. Deploying Decisions Pods

7. Verifying the Cluster

Each of these steps is explained further in this article.

Creating Kubernetes Service with Azure CLI

1. Open the Azure CLI by clicking the command prompt icon to the right of the search bar. Change the CLI interface to Bash Language.
   

2. Review and edit the commands from the following YAML file using the reference table.

   export SUBSCRIPTION=$Azure_Subscription_Name
   export RESOURCE_GROUP=$Resource_Group_Name
   export CLUSTER_NAME=$Prefered_Cluster_Name
   export LOCATION=$Region_set_to_the_Resource_Group
   export AKS_PERS_STORAGE_ACCOUNT_NAME=$Storage_Account_Name
   export STORAGE_KEY=$Storage_Account_Key
   
   az account set --subscription $Subscription_Name
   
   az aks create\
       --resource-group $Resource_Group_Name\
       --name $Given_Cluster_Name\
       --node-count $Required_Node_count\
       --generate-ssh-keys\
       --node-vm-size Standard_D8s_v3\
       --network-plugin azure
   
   az aks get-credentials --name $Given_Cluster_Name --resource-group $Given_Group_Name
   
   kubectl create secret generic azure-secret --from-literal=azurestorageaccountname=$Storage_Account_Name  --from-literal=azurestorageaccountkey=$Storage_Account_Key

   Variable Name	Description
   Azure_Subscription_Name	Enter the Azure subscription name.
   Resource_Group_Name	Enter the Resource Group that falls under the same subscription.
   Prefered_Cluster_Name	Enter desired cluster name.
   Region_set_to_the_Resource_Group	Enter the same region used during setup.
   Storage_Account_Name	Enter the name of the created storage account.
   Storage_Account_Key	Enter the storage key from the above storage account. Refer to View account access keys.
   Standard_D8s_v3	The Standard_D8s_v3 contains the minimum specification to handle the Decisions deployment in AKS. Please use larger node sizes if planning to run multiple replicas per node. Refer to Azure VM sizes.

3. Once added, this will create Azure Kubernetes service in the Resource group.
   

Deploying a Decisions Service

1. From the Resource Group. Select the newly created Kubernetes service.

2. From the left configuration panel, navigate to Kubernetes resources > Services and ingresses. From the Top action bar, click on Create > Apply a YAML.
   

3. Enter the following YAML. The name of the service can be changed by editing the name variable on line 4.

   - apiVersion: v1
     kind: Service
     metadata:
       name: decisions-service
     spec:
       type: ClusterIP
       ports:
         - targetPort: 80
           name: port80
           port: 80
           protocol: TCP
       selector:
         app: decisions

4. After deploying the YAML, the Services Page will populate with the 'decisions-service'.
   

Enabling AGIC (Application Gateway Ingress Controller)

1. Navigate to the Kubernetes Service > Settings > Networking. Scroll down and enable the Application Gateway ingress controller, and click on Apply. For more information, refer to Microsoft's documentation.
   

Deploying Application Gateway

1. From the Kubernetes resources > Services and ingresses, add the following YAML.
   
   Update the following values from the YAML file.

   • YOURAZURECERTHERE - Enter the name of the certificate. The certificate should be in the PFX format. Follow the section to add a certificate manually to the application gateway.

   • YOURDECISIONS.HOSTNAME.COM - This will be the Decisions Portal base URL.
     

     apiVersion: networking.k8s.io/v1
     kind: Ingress
     metadata:
       name: agingress
       annotations:
         kubernetes.io/ingress.class: azure/application-gateway
         appgw.ingress.kubernetes.io/ssl-redirect: "true"
         appgw.ingress.kubernetes.io/appgw-ssl-certificate: "$PFX_CERT_NAME"
         appgw.ingress.kubernetes.io/cookie-based-affinity: "true"
         appgw.ingress.kubernetes.io/health-probe-path: "/home/healthcheck"
         appgw.ingress.kubernetes.io/backend-hostname: "YOURDECISIONS.HOSTNAME.COM"
     spec:
       rules:
       - http:
           paths:
           - path: /
             backend:
               service:
                 name: decisions-service
                 port:
                   number: 80
             pathType: Exact

2. This will create the ingress at Kubernetes > Services and ingresses > Ingresses. Users will be able to hit the Decisions Pods through the application gateway's external IP address. In our example, the address is 20.112.53.29.
   

Add an SSL certificate to the Application Gateway

1. Search for “Application Gatewayas” in the Azure search bar. Open the “Application Gateways” service from the search options.

2. Open the newly created ingress:agingress from the list.

3. From the left panel, navigate to “Listeners”.

4. Click on “Add Listener”. A new panel to add all the details for Listeners will open.
   

   • Listener Name: Enter the Listener's Name.
     

   • Frontend IP: Set to Public
     

   • Protocol: Set the Protocol to HTTPS
     

   • Port: Set the Port to 443
     

   • Choose a Certificate: Select “Create New” if you want to upload a new certificate, or click “Select Existing” to pick the existing certificate.
     

   • HTTPS Settings: Select “Upload a Certificate”
     

     • Cert Name: Enter the certificate name similar to the one given in the above YAML file ($PFX_CERT_NAME) while deploying the Application Gateway.
       

     • PFX certificate file: Upload the PFX cert file.
       

     • Pasword: Enter the PFX cert password
       

5. Click on Add.

Deploying a Redis Service

Redis is used for external memory caching between all pods within the cluster. Only one Redis pod is needed per cluster. For more information on Redis, refer to Setting Up Redis External Caching.

1. Open the Kubernetes service > Kubernetes Resources > Workloads and create another YAML via the plus icon.

2. Enter the following YAML into the text box.

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: redis
   spec:
     replicas: 1
     selector:
       matchLabels:
         app: redis
     template:
       metadata:
         labels:
           app: redis
       spec:
         containers:
           - image: redis:latest
             name: redis
             resources:
               requests:
                 cpu: 4
                 memory: 16G
               limits:
                 cpu: 4
                 memory: 16G
             ports:
               - containerPort: 6379
                 name: redis
   ---
   apiVersion: v1
   kind: Service
   metadata:
     name: redis-service
   spec:
     selector:
       app: redis
     ports:
       - protocol: TCP
         port: 6379
         targetPort: 6379

3. It might take a few minutes to deploy the Redis service. Navigate to Kubernetes Service > Kubernetes resources > Workloads. It will populate as 'redis-service'.

4. Select the newly created Redis service. It will open the Overview page. Copy the IP listed under Endpoints. Refer to the following image.
   

Deploying Decisions Pod

1. In the Kubernetes service, navigate to Kubernetes resources > Workloads from the left configuration panel and create another YAML via the plus icon. For all the details on the environment variables, refer to Creating Environment List Files (env.list).
   
   

   Check the Table Below and Modify Variables as Needed

   AML

   - apiVersion: apps/v1
     kind: Deployment
     metadata:
       name: decisions
     spec:
       replicas: 2
       selector:
         matchLabels:
           app: decisions
       template:
         metadata:
           labels:
             app: decisions
         spec:
           nodeSelector:
             kubernetes.io/os: linux
           containers:
             - image: decisionscore/platform:latest
               name: decisions
               env:
                 - name: DECISIONS_FORCEBASEURI
                   value: "https://your.domain.com"
                 - name: DECISIONS_PORTALBASEURL
                   value: "https://your.domain.com"
                 - name: DECISIONS_FILESTORAGELOCATION
                   value: "/opt/decisions/data"
                 - name: DECISIONS_DATABASETYPE
                   value: "AZURE"
                 - name: DECISIONS_DATABASECONNECTSTRING
                   value: "Server=tcp:[YOURDATABASE].database.windows.net,1433;Initial Catalog=decisions;Persist Security Info=False;User ID=[ADMINUSER];Password=[YOURADMINPASSWORD];MultipleActiveResultSets=False;Encrypt=False;Connection Timeout=30;"
                 - name: DECISIONS_CLUSTERING_TURNONCLUSTERING
                   value: "True"
                 - name: DECISIONS_CLUSTERING_REDISBASEURL
                   value: "redis-service.default.svc.cluster.local:6379"
                 - name: DECISIONS_LICENSECOMPANYID
                   value: "12345abc-67de-89fg-1011-121314151617"
                 - name: DECISIONS_LICENSECOMPANYNAME
                   value: "Decisions Customer"
                 - name: DECISIONS_LICENSECONTACTEMAIL
                   value: "exampleemail@decisions.com"
                 - name: DECISIONS_ENVIRONMENTNAME
                   value: "Decisions"
                 - name: DECISIONS_LICENSETYPE
                   value: "EnterpriseNonProduction"
                 - name: DECISIONS_ADMINISTRATOR_EMAIL
                   value: "name@email.com"
                 - name: DECISIONS_ADMINISTRATOR_PASSWORD
                   value: "your_password"
               resources:
                 requests:
                   cpu: 4
                   memory: 16G
                 limits:
                   cpu: 4
                   memory: 16G
               volumeMounts:
                 - name: filestorage
                   mountPath: /opt/decisions/data
               ports:
                 - containerPort: 80
                   name: http
           volumes:
             - name: filestorage
               csi:
                 driver: file.csi.azure.com
                 volumeAttributes:
                   secretName: azure-secret
                   shareName: filestorage
                   mountOptions: "dir_mode=0777,file_mode=0777,cache=strict,actimeo=30"

   
   

   Variable Name	Default Value	New Value
   spec > replicas	2	Enter the number of pods to create; minimum is 2.
   containers > image	decisionscore/platform:latest Ensure that the latest version is not used for the production environment.	Container images for all Decisions version 8.0 and further have been published to Docker Hub and are publicly available. Just change the version number as per requirement.
   DECISIONS_FORCEBASEURI	http://localhost	Enter the force base URI of the clustered environment.
   DECISIONS_DATABASECONNECTSTRING	Example connection string	Enter the connection string of the SQL server created during setup.
   DECISIONS_CLUSTERING_TURNONCLUSTERING	True	This will enable the containers to run in a cluster.
   DECISIONS_CLUSTERING_REDISBASEURL	redis-service.default.svc.cluster.local:6379	This is the CoreDNS, a fully qualified domain name for the Redis service.
   ports > containerport	80	Enter the port number declared in the previous step when creating the load balancer service.
   DECISIONS_PORTALBASEURL	http://localhost	Enter the Portal base URL of the clustered environment. Enter the external IP of the LoadBalancer.
   DECISIONS_LICENSECOMPANYID	12345abc-67de-89fg-1011-121314151617	Enter the Customer ID for the container's instance.
   DECISIONS_LICENSECOMPANYNAME	Decisions Customer	Enter the Customer Name.
   DECISIONS_LICENSECONTACTEMAIL	email@decisions.com	Enter a contact email for the provided license.
   DECISIONS_ENVIRONMENTNAME	Decisions	Enter the name of the clustering Environment. This name will be stored to run all the containers under the clustering environment.
   DECISIONS_LICENSETYPE	EnterpriseNonProduction	Enter the license type of the container. This will likely be either 'Enterprise Production' or 'EnterpriseNonProduction'.
   DECISIONS_ADMINISTRATOR_EMAIL	name@email.com	Allows the creation of an administrator account that will be used to log in to the Portal after completing the hosting process. Note: This email address will be set as the default email address for sending notification emails. This default email address can be modified in the Portal settings.
   DECISIONS_ADMINISTRATOR_PASSWORD	your_password	Provide the password to the admin email.
   resources > requests > cpu	4	Mention the number of CPU cores.
   resources > requests > memory	16G	Mention the memory to be allocated to the container. environment.
   resources > limits > cpu	4	Mention the maximum number of CPU cores.
   resources > limits > memory	16G	Mention the maximum memory to be allocated to the container environment.
   volumeMounts > name	filestorage	Enter the name of the File share created in the Azure Storage account.
   Volumes > name Volumes > name > csi > driver > volumeAttributes > shareName	filestorage	Enter the name of the File share created in the Azure Storage account. This should match the storage names given in volumeMounts.

2. After editing the values from the YAML file. Click Add to confirm.

3. This will deploy the pods. This may take several minutes. To check the status of the pods, enter kubectl get pods in the Azure CLI.

4. Once complete, the Ready column for the new Deployment will verify all pods running with a green checkmark.
   

Optional Settings in YAML

1. Loading Windows fonts in Decisions containers

   Warning:

   Not having TrueType Windows font might throw an Exception Error if you have a business use case of Document to PDF Steps and WordToPdf module.

   Decisions containers try to load the font from /customfont folder. To use the Windows font in containers, we need to volume map the /customfont folder.

   Windows font can be found at C:\Windows\Fonts, and an easy and quick way to get TrueType fonts on containers is to copy .TTF and .TTC files from the C:\Windows\Fonts to a new File Share in the Azure Storage Account.

   Add the following attributes under the volumes from the above-listed YAML.

    volumeMounts:
       - name: $File Share name for custom fonts
           mountPath: /customfont

   volumes:
     - name: $File Share name for custom fonts
       csi:
         driver: file.csi.azure.com
         volumeAttributes:
           secretName: azure-secret
           shareName: $File_Share_Name
           mountOptions: "dir_mode=0777,file_mode=0777,cache=strict,actimeo=30"

2. Custom Modules

   To use the Custom Module in the AKS. Users need to keep the Custom Module in the Custom Module folder, which gets created inside the file storage of the container. Custom Modules must be kept at the following location created under the Azure Storage Account.

   https://[Storage_Account_Name].file.core.windows.net/[File_Share_name]/CustomModules

   

Verifying the Cluster

1. Open the Decisions container instance by hitting on the External IP of the Application Gateway Ingress Controller.

2. In the Decisions instance, navigate to System (gear icon) > Settings > Clustering Settings.

3. In the Edit Clustering Settings window, Enable Turn on clustering, and in the Redis Address field, enter the Redis Endpoint copied earlier in the article.

4. To verify the cluster, Navigate to System > Administration > Services. All the information related to the Decisions containers created in Azure will populate in this folder.