CluedIn Documentation logo CluedIn Documentation

Example pre-requisite configuration

Creating the Kubernetes cluster is outside the scope of this guide.

Refer to: Microsoft Azure AKS documentation. The ability of creating AKS clusters with Windows support is currently in Preview. If you have multiple accounts in Azure then you will need to use the az account set -s <AccountName> so that you can set the right context for the deployment.

You must have:

  • a local install of kubectl configured to talk to the cluster
  • a local install of the CLI for helm.
  1. Create a service account. If you are using RBAC in your Kubernetes cluster you will need to grant permissions to Tiller for it to be able to create resources in the cluster. Check Helm’s documentation. In test environments, you may consider just granting Tiller cluster admin permissions:

    • Create a file with the following content

        apiVersion: v1
        kind: ServiceAccount
        metadata:
            name: tiller
            namespace: kube-system
        ---
        apiVersion: rbac.authorization.k8s.io/v1
        kind: ClusterRoleBinding
        metadata:
            name: tiller
        roleRef:
            apiGroup: rbac.authorization.k8s.io
            kind: ClusterRole
            name: cluster-admin
        subjects:
        -   kind: ServiceAccount
            name: tiller
            namespace: kube-system
      

      In production scenarios you will have to be more restrictive with the permissions. See Helm’s documentation for advice on security for production environments

    • Run kubectl apply -f <path-of-file> to create the role binding

    If not using RBAC, you will need to run the following

     kubectl create serviceaccount --namespace kube-system tiller
        
     kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
        
     kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}
    
  2. If using RBAC, execute helm init --service-account tiller. This will install Tiller in the cluster, so you can install helm charts directly. If not using RBAC, do not use the service account parameter.

  3. Install the ingress controller:
     helm install stable/nginx-ingress \
         --namespace ingress \
         --name ingress  \
         --set rbac.create="true" \
    

    After a while the ingress controller will have a public IP that can be used to access the cluster. If you don’t want a public IP (because you have something else, like an application gateway in front of it), you can modify the installation of the ingress controller in the step above - see Helm chart documentation (controller.service.loadBalancerIP).

  4. To retrieve the public IP:

     kubectl get svc -n ingress -o wide -l 'component=controller'
    

    In your own DNS, configure that IP to whatever host you want to use for CluedIn. You could map it to a wildcard record; alternatively you can use more specific entries.

  5. Create a secret with your docker hub login credentials:

     kubectl create secret docker-registry  docker-registry-key \
         --docker-server='<repository-url>' \
         --docker-username='<your username>' \
         --docker-password='<your password>' \
         --docker-email='<your email>'
    

    For Docker Hub, the repository-url is docker.io. You should request access to the CluedIn Docker Hub repo for those credentials so you can pull the private Docker images with the application.

  6. Register the CluedIn helm chart

     helm repo add cluedin https://cluedin-io.github.io/CluedIn.Helm
     helm repo update
    

NOTE: You can also place secrets into a Vault or Key Vault from your cloud provider of choice.

Diagram