Installing Emissary-ingress
You must install Emissary-ingress to terminate Transport Layer Security (TLS) and route traffic to HCL OneTest™ Server. You can install Emissary-ingress by pulling the images from Azure Container Registry (ACR) when you do not want to pull the images from the public registries.
Before you begin
You must have completed the following tasks:
-
Set up the Azure Kubernetes Service (AKS) cluster with Kubernetes. For more information, refer to Azure Kubernetes Service documentation.
-
Installed the following software:
-
Git Bash 2.31.1. For more information, refer to the Git documentation.
-
Helm. For more information, refer to the Helm documentation. For more information about specific versions of software requirements, see System Requirements.Note: The Helm command must be in one of the directories in your PATH environment variable.
-
kubectl tool 1.24. For more information, refer to the Kubernetes documentation.
-
Azure command-line interface (Azure CLI) 2.38.0. For more information, refer to the Azure CLI documentation.
Note: You can run the az version command to find the version and dependent libraries that are installed. - Azure Bicep CLI version 0.14.85.
-
-
Logged in to the AKS cluster.
Note: You can run the az login command to log in to AKS interactively. -
Subscribed to active Azure subscription.
Note: You can run the az account set --subscription {subscription_name} command to set your active subscription. -
Configured the location of your AKS cluster.
Note: You can run the az configure --defaults location={location_name} command to set the location of your AKS cluster.Tip: You can run the following command to get the list of all the available locations:az account list-locations --query "[].{DisplayName:displayName, Name:name}" -o table
About this task
The following table lists the variables that you must replace with the actual value in the command.
Variables | Description |
---|---|
{resource_group} |
The name of the resource group that you created during the creation of the AKS cluster. |
{azure_cluster} |
The name of the Azure cluster that you created during the creation of the AKS cluster. |
{azure_container_registry} |
The name of the ACR that you created during the AKS setup. |
{ip_address} |
The internal IP address to use with the Emissary-ingress. Note: You must ensure that the IP address is not
in use within your virtual network.
|
Procedure
-
Run the following command to configure kubectl to connect to
the AKS cluster:
az aks get-credentials -g {resource_group} -n {azure_cluster} --public-fqdn --overwrite-existing kubectl get nodes
Note: You can verify the connection to the AKS cluster by running the kubectl get nodes command that displays a list of the cluster nodes. -
Run the following command to pull images into ACR:
az acr import -n {azure_container_registry} -g {resource_group} \ --source docker.io/emissaryingress/emissary:3.5.1 \ --image emissaryingress/emissary:3.5.1
Remember: emissary-ingress is the name of the namespace. If you created a namespace by using a different value, then you must use that value in place of the emissary-ingress in all the instances in this procedure. -
Run the following commands to install the Emissary-ingress:
kubectl create namespace emissary 2>/dev/null || true sed -e "s#docker.io/#azure_container_registry}.azurecr.io/#" ibm-rtas-prod/files/azure/manifests/emissary-crds.yaml \ | kubectl apply -f - kubectl wait deployment emissary-apiext --for condition=available -n emissary-system --timeout=90s sed -e "s#docker.io/#{azure_container_registry}.azurecr.io/#; s/\$INGRESS_IP/$INGRESS_IP/" ibm-rtas-prod/files/azure/manifests/emissary-emissaryns-azure.yaml \ | kubectl apply -f - kubectl rollout status -n emissary deployment/emissary-ingress -w
-
Run the following command to verify that external-IP is assigned to
Emissary-ingress:
kubectl get svc -n emissary -w emissary-ingress
Note: The status of EXTERNAL-IP is displayed as Pending for a few minutes. If the status does not change to {ip_address}, then that indicates you have a permission issue.You can run the following command to investigate the issue:kubectl describe svc -n emissary emissary-ingres