Service Discovery - AKS

This document provides instructions to configure service discovery on Volterra plarforem using the Azure Kubernetes Service (AKS).

Service discovery enables the platform to make services created on a specific site or set of sites to be available at other site or set of sites. The set of sites can be configured to be arbitrary.

Prerequisites

The following prerequisites apply:

Hardware

None.

Software

Installing the Node on Azure cloud requires the following:

  • Valid credentils to login to the Volterra portal
  • Azure client ID
  • Azure client secret key
  • Azure tenant ID
  • Volterra cluster token
  • Machine public key
  • Machine image identity
  • cluster name

Restrictions

None.

Configure Service Discovery

Configuring service discovery on Volterra platform for services available on Azure cloud includes the following:

  1. Deploy a Volterra node with the AKS
  2. Create discovery object in Volterra platform
  3. Add AKS-based services to the node

Deploy Volterra Node with AKS

The node deployment or installation is supported through the following ways:

  • Quick start deployment tool
  • Manual installtion using terraform
  • Installation using Azure market place

Note: For more information on quickstart, see Quick Start.
         For more information on Azure market place, see Volterra Node Installation on Azure Virtual Machine.

Installing the Node on Azure cloud requires performing the following actions:

  • Download the terraform container on to any machine with internet access. The machine can be a laptop, a physical server, or a Vitrual Machine (VM).
  • Update terraform configurtion file for input variables. For more information on input variables, see Input Variables.
  • Deploy the Node.

Note: Refer to the Deactivate the Noder chapter for the node teardown instructions.

Download the Terraform Container

To download the terraform container, perform the following from the shell terminal:

  1. Run the terraform container.
docker run --entrypoint tail --name terraform-cli -d -it \
-w /terraform/templates \
-v ${HOME}/.ssh:/root/.ssh \
docker.io/volterraio/volt-terraform:latest \
-f /dev/null
  1. Enter the Command Line Interface (CLI) of the container.
docker exec -it terraform-cli sh

Log in to Azure Using Active Directory Credentials

To log in to Azure, perform the following:

  1. Invoke Azure browser-based login through CLI.
  az login
  

Note: Entering the az login command redirects to browser-based login. Enter the login credentials and upon authentication, you will be redirected back to CLI. In case of successful login, your subscription details are returned.

  1. Check the list of subscriptions for your account.
 az account list --output table
 

Note: The subscription list is returned in tabular format. Note down the SubscriptionId and Name field.

  1. Set one of the subscriptions as default subscription using either subscription ID or subscription name.
az account set -s <subscription_id or name>
 
  1. Verify if the default subscription is set. The value true for field IsDefault indicates successful setting of default subscription.
az account list --output table --query '[].{Name:name, IsDefault:isDefault}'
 

Note: If the field IsDefault shows the False value, repeat Step 3.

  1. Create service principal account with permissions to manage the resources in the selected subscription.
SUBSCRIPTION_ID=<subscription_id>
az ad sp create-for-rbac -n <deployment-name> --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID"
 

Result: The following format is returned in the output. Note down the appId, password, and tenant fields and values.

{
    "appId": "00000000-0000-0000-0000-000000000000",
    "displayName": "azure-cli-2017-06-05-10-41-15",
    "name": "http://azure-cli-2017-06-05-10-41-15",
    "password": "0000-0000-0000-0000-000000000000",
    "tenant": "00000000-0000-0000-0000-000000000000"
 }

Create and Update Terraform Variables File

To set the terraform configuration variables, perform the following:

  1. Change to container working directory.
cd ce-single-azure
  1. Create the variables file from the sample file template fetched from the ACR.
cp sample.tfvars.json azure.tfvars.json
  1. Edit the variables file.
{
    "client_id": "<azure_client_id>",
    "client_secret": "<azure_client_secret>",
    "tenant_id": "<azure_tenant_id>",
    "subscription_id": "<azure_subscription_id>",
    "machine_public_key": "<ssh-pub-key>",
    "machine_image": "/subscriptions/f68d94a5-1db7-4954-9a79-02b5711cb0a1/resourceGroups/dev-images/providers/Microsoft.Compute/galleries/vesImageGallery/images/volterraCoreOS/versions/2019.7.26",
    "deployment": "<deployment-name>",
    "location": "eastus",
    "cluster_token": "<volterra_token>",
    "nic_fabric": "eth0",
    "aks_cluster": true,
    "aks_vm_count": "<worker_node_vm_count>"
}

Note: Set the following values from the service principal account creation output collected in Step 5 of the chapter Log in to Azure Using Active Directory Credentials :

  • Set client_id field with the value of appId.
  • Set client_secret field with the value of password.
  • Set tenant_id field with the value of tenant.

Deploy the Node

To deploy the node, perform the following:

  1. Initialize working directory containing the terraform configuration.
terraform init
  1. Activate the cloud resources to deploy the node or cluster.
terraform apply -var-file=azure.tfvars.json

Note: Executing terraform apply command prompts for user input to proceed. Upon proceeding, the node or cluster gets activated and displayed in the Volterra portal in the pending registration tab in the Site Management window.

  1. Logon to the Volterra portal and select your namespace. Click ✅ to register the node or cluster.

register
register

  1. In the registration acceptance window, Click Accept. The node gets enabled.

confirm
confirm

  1. Verify the status by performing the following:

    1. Export the terraform AKS configuration into the KUBECONFIG environment variable.
     echo "$(terraform output aks_raw_kube_config)" > ./k8s_config
     export KUBECONFIG=./k8s_config
         
2. List the worker nodes of the cluster.
     kubectl get nodes
         

Create Discovery Object

To create and configure discovery object, perform the following in Volterra portal.

  1. Convert K8s configuration into the Base64 format.
    echo $(base64  k8s_config | tr -d \\n)
    
  1. Log in to the Volterra portal with the credentials and change to your namespace.
  2. Select Manage -> Site management -> Discovery. Click Add discovery. The discovery object creation form gets loaded.
  3. Enter the Name field with a name of your choice. Select the Type field as Kubernetes and set the Where field as Virtual Site or Site or Virtual Network. Click Select ref and select the reference object. The fields Labels and Description are optional.

    AddDiscoveryMain
    AddDiscoveryMain
    Add Discovery Object Form
  4. Select a type for the Network Type field. Select K8s for the Discovery Service Access Information field and select Kubeconfig for the Oneoff field.
  5. Click Kubeconfig. The kubeconfig URL form gets loaded. Select Blindfold Secret for the Secret Info field.
  6. In the Location field, enter the Base64 string obtained in Step 1 and select Base64 for the Secret Encoding field. Click Apply.

    KubeconfigUrl
    KubeconfigUrl
    Kubeconfig URL

    Note: The format for URL is string:///<base64-encoded-string>.

  7. Click VIP Publish and select VIP Publish Enable checkbox. Select Publish for the VIP Publish method and select a mode for the DNS Mode field depending on your DNS setup. Click Apply and Add discovery to create the discovery object.

    RefSelector
    RefSelector
    Reference Site Configuration

Deactivate the Node

To deactivate the node anytime, perform the following:

  1. Enter the terraform CLI of the container.
docker exec -it terraform-cli sh
  1. Change to the terraform working directory.
  cd templates/ce-single-azure
  1. Deactivate the node using the terraform destroy command.
  terraform destroy -force --var-file=azure.tfvars.json
  1. Delete the service principal account.
  az ad sp delete --id <deployment-name>
  1. Delete the container.
  exit
  docker rm -f terraform-cli

Add AKS-Based Service to Volterra Node or Cluster

Adding AKS-based service to a node or cluster requires the following:

  • Active AKS service.
  • The Azure virtual network ID where the AKS is hosted.

Perform the following to add an AKS-based service to a Volterra node or cluster.

  1. Change to container working directory.
cd ce-single-azure
  1. Create the variables file from the sample file template fetched from the ACR.
cp sample.tfvars.json azure.tfvars.json
  1. Edit the variables file to include the virtual network ID in the field fabric_peering_network_id.
   {
    "client_id": "<azure_tenant_id>",
    "client_secret": "<azure_client_secret>",
    "tenant_id": "<azure_tenant_id>",
    "subscription_id": "<azure_subscription_id>",
    "machine_public_key": "<ssh-pub-key>",
    "machine_image": "/subscriptions/f68d94a5-1db7-4954-9a79-02b5711cb0a1/resourceGroups/dev-images/providers/Microsoft.Compute/galleries/vesImageGallery/images/volterraCoreOS/versions/2019.7.26",
    "deployment": "<deployment-name>",
    "location": "eastus",
    "cluster_token": "<volterra_token>",
    "nic_fabric": "eth0",
    "aks_cluster": true,
    "aks_vm_count": "<worker_node_vm_count>",
    "fabric_peering_network_id": "<azure_vnet_id>"
    }
  1. Perform the procedures listed in the chapters Deploy the Node and Create Discovery Object respectively.