Cybersecurity
DevOps Cloud
IT Operations Cloud
OpenText product name changes coming to the community soon! Learn more.
Contents :
This article describes how to deploy Azure Kubernetes Service (AKS) using Terraform and then deploy SecureLogin Advanced Edition Docker images.
To deploy and run SecureLogin Advanced Edition on Azure Kubernetes Service, complete the following steps:
Note: When logged in successfully, come back to Cloud Shell. You will see subscription details in the shell.
name |
subscription name |
id |
Subscription ID. Make a note of subscription id. |
If the user has multiple Azure subscriptions, set the account to the right subscription with the following command:
az account set --subscription "SWServices-NTSNSLSupport-NonProd"
In order to Create Service Principal,
[For Example: Owner permission is required in the subscription to run the command create-for-rbac].
This might take a while. Be patient
Note: If there is already a service principal with the same name under the given subscription, you may see an error. Provide a different and unique name. If needed, refer to How to create an Azure AD application and service principal.
Note: Save the application “password” because you will not be able to retrieve the password later. However, at a later point in time, you can open Azure portal and retrieve appID and tenant details as shown below:
There are multiple ways to create Kubernetes cluster in Azure. However, in this example, we will use Terraform for the ease of use it provides.
In this article, we will aim to create a Kubernetes cluster having one or more nodes of SecureLogin Advanced Edition. You can specify the number of nodes by editing the node count in the variables.tf terraform file.
Let us perform the following steps to create Kubernetes cluster along with PostgreSQL docker instance:
mv ~/postgres-10.0.0.tar.gz.
mv ~/server-9.0.0.tar.gz.
tar -xf postgres-10.0.0.tar.gz
tar -xf NetIQSecureLogin-AdvancedEdition-helm-chart-1.0.0.0.tar.gz
Variable Name |
Description |
resource_group_name |
Specify a group name. A resource group contains the resources required to deploy one or more virtual machines in Azure. |
cluster_name |
Specify a cluster name. A cluster is a group of linked servers that work together to improve the system performance, load balancing, and service availability. Cluster will be created under specified resource group. |
namespace |
Namespace under which nodes can be created and grouped. The nodes we create and run will be part of this Ingress namespace. |
Ingress_script_path |
Specify the ingress script file path. This shell script will setup ingress load balancer. You can leave it as: |
dns_prefix |
Specify a unique name. Recommend changing the default value. This value will be used in the ingress script. When the setup is complete, admin page URL will look like: For example, https://mydnsname.centralus.cloudapp.azure.com |
acr_name |
Specify a unique name for creating Azure Container Registry (ACR) where docker image will be stored in Azure. Recommend changing the default value. This value will be used in the ingress script. Note: Azure accepts alpha numeric characters only. ie, a to z and 0 to 9 |
acr_script_path |
Specify the acr script file path. This script will create ACR. You can leave it as: |
cluster_geo_location |
Geo location where resources need to be created. Choose the region that applies to you. https://azure.microsoft.com/en-in/global-infrastructure/geographies/#overview |
count_of_nodes |
Number of nodes that you want to run. |
This may take a minute. Be patient
Note: Along with the Kubernetes cluster, the terraform apply command creates the following resources:
Proceed with the following commands to verify that Kubernetes is set up correctly:
for example : kubectl get pods –n nsl-ingress
Prerequisite:
Docker commands are not directly supported in Azure Cloud Shell.
Note: Once Docker Desktop and Azure CLI are installed, make sure that Docker Desktop is running in your local machine.
Run following commands in Powershell (or bash) in your Local Machine
a. Download SecureLogin Advanced Edition docker image from MicroFocus Downloads and keep on your local machine. Then, load SecureLogin Advanced Edition in docker using the command:
docker load --input .\<name of the docker image file >
For example,
docker load --input .\NetIQSecureLogin-AdvancedEdition-9.0.0.0.tar.gz
b. Tag the docker image by running the following command:
docker tag <source repo:tag> <acr-login-server>/<repository-name>:<tag>
For example,
docker tag sl_server:latest nslacr.azurecr.io/sl_server:9.0.0.0
Note: If needed, you can cross verify ACR location and ACR login server from Azure portal for:
c. Make sure that you have logged into Azure and have access to Container Registry:
Alternatively : sudo az acr login --name nslacr --username nslacr --password DUh2jv1=PqA7hxogYLwagFdp5Qqvddl
d. If the acr login is expecting the username and password , then go to the location which I have shared in the below screenshot: Admin user by default will be in the disabled state, change it to enabled state and use the credentials.
e. Push the Docker image to the registry by running the following command:​
docker push <acr login-server>/< repository-name>:<tag>
For example,
docker push nslacr.azurecr.io/sl_server:9.0.0.0
Now, switch to Azure Cloud Shell.
a. Open and update values of server/values.yaml file by specifying the following details:
repository: <your acr name>.azurecr.io/sl_server
tag: 9.0.0.0
ingresshost: <dns>.<cluster_geo_location>.cloudapp.azure.com
For example,
ingresshost: nsl-dns.southeastasia.cloudapp.azure.com
where nsl-dns is the dns, and southeastasia is the cluster_geo_location. These values are defined in the variables.tf file.
b.Install SecureLogin Advanced Edition by running the following command:
helm install <name-of-the-helm-chart> <folder> -n <namespace>
For example,
helm install slserver001 SecureLogin-Server-1.0.0.0 -n nsl-murugan1ingress
Where slserver001 is the name of the helm chart, and nsl-murugan1ingress is the specified namespace.
Finally, to access the SecureLogin Advanced Edition UI, specify the ingress hostname (ingress host name value specified in server/values.yaml file) in the browser with https:// as the prefix.
Example:
https://<dns>.<cluster_geo_location>.cloudapp.azure.com |
https://nsl-dns.southeastasia.cloudapp.azure.com/ |
In the server/values.yml file , we can go find the username and password for the web login:
For example, John_doe –username
Foo_bar --- password
For more information about Identity Store, refer to Configuring Identity Store documentation.
Note: Docker desktop is no longer needed. You can remove it when the Docker image is uploaded.
kubectl get pods -n <ingress-namespace> |
For example, kubectl get pods -n nsl-ingress |
To check the logs, use the below command:
Kubectl logs <pod name > -n <Ingress-namespace>
For example, kubectl logs sl-server0023 –n nsl-ingress
kubectl describe pod <slserver-podname> -n <ingress-namespace> |
For example, kubectl describe pod slserver-59484f68d-6dkvl -n nsl-ingress |
kubectl delete pod <slserver-podname> -n <ingress-namespace> |
For example, kubectl delete pod slserver-59484f68d-6dkvl -n nsl-ingress |
helm list -n <ingress-namespace> |
For example, helm list -n nsl-ingress |
helm status <chart-name> -n <ingress-namespace> |
For example, helm status slserver001 -n nsl-ingress |
helm upgrade <chart-name> server -n <ingress-namespace> |
For example, helm upgrade slserver001 server -n nsl-ingress |
helm uninstall <chart-name> -n <ingress-namespace> |
For example, helm uninstall slserver001 -n nsl-ingress |
As we need to pay for infrastructure in Azure, when we do not need it anymore, it is a good idea to clean them up. At the end when you are done with all the testing and no more need Azure infrastructure,
Clean up the Server helm deployment, using the command (from Azure Cloud Shell):
helm uninstall slserver001 -n nsl-ingress
Remove unwanted images from Azure Container Registry (from Powershell), using the command:
az acr repository delete --name nslacr --image sl_server:9.0.0.0
Finally, to remove the infrastructure that was created by Terraform scripts, use the command:
terraform destroy
General Note:
If you get any error while running the terraform scripts, you can rectify them, and re-run terraform commands in the same sequence: