Skip to content

Commit

Permalink
some other fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@akshaysngupta
akshaysngupta committed Sep 13, 2024
1 parent 5a4c54c commit fbefcca
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 79 deletions.
27 changes: 10 additions & 17 deletions docs/how-tos/deploy-AGIC-with-Workload-Identity-using-helm.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,7 @@ This assumes you have an existing Application Gateway. If not, you can create it
az network application-gateway create -g myResourceGroup -n myApplicationGateway --sku Standard_v2 --public-ip-address myPublicIP --vnet-name myVnet --subnet mySubnet --priority 100
```

## 1. Add the AGIC Helm repository

```bash
helm repo add application-gateway-kubernetes-ingress https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/
helm repo update
```

## 2. Set environment variables
## 1. Set environment variables

```bash
export RESOURCE_GROUP="myResourceGroup"
Expand All @@ -24,61 +17,61 @@ export USER_ASSIGNED_IDENTITY_NAME="myIdentity"
export FEDERATED_IDENTITY_CREDENTIAL_NAME="myFedIdentity"
```

## 3. Create resource group, AKS cluster and identity
## 2. Create resource group, AKS cluster and identity

```bash
az group create --name "${RESOURCE_GROUP}" --location eastus
az aks create -g "${RESOURCE_GROUP}" -n myAKSCluster --node-count 1 --enable-oidc-issuer --enable-workload-identity
az identity create --name "${USER_ASSIGNED_IDENTITY_NAME}" --resource-group "${RESOURCE_GROUP}"
```

## 4. Export the oidcIssuerProfile.issuerUrl
## 3. Export the oidcIssuerProfile.issuerUrl

```bash
export AKS_OIDC_ISSUER="$(az aks show -n myAKSCluster -g "${RESOURCE_GROUP}" --query "oidcIssuerProfile.issuerUrl" -otsv)"
```

## 5. Create federated identity credential
## 4. Create federated identity credential

**Note**: the name of the service account that gets created after the helm installation is “ingress-azure” and the following command assumes it will be deployed in “default” namespace. Please change the namespace name in the next command if you deploy the AGIC related Kubernetes resources in other namespace.

```bash
az identity federated-credential create --name ${FEDERATED_IDENTITY_CREDENTIAL_NAME} --identity-name ${USER_ASSIGNED_IDENTITY_NAME} --resource-group ${RESOURCE_GROUP} --issuer ${AKS_OIDC_ISSUER} --subject system:serviceaccount:default:ingress-azure
```

## 6. Obtain the ClientID of the identity created before that is needed for the next step
## 5. Obtain the ClientID of the identity created before that is needed for the next step

```bash
az identity show --resource-group "${RESOURCE_GROUP}" --name "${USER_ASSIGNED_IDENTITY_NAME}" --query 'clientId' -otsv
```

## 7. Export the Application Gateway resource ID
## 6. Export the Application Gateway resource ID

```bash
export APP_GW_ID="$(az network application-gateway show --name "${APPLICATION_GATEWAY_NAME}" --resource-group "${RESOURCE_GROUP}" --query 'id' --output tsv)"
```

## 8. Add Contributor role for the identity over the Application Gateway
## 7. Add Contributor role for the identity over the Application Gateway

```bash
az role assignment create --assignee <identityClientID> --scope "${APP_GW_ID}" --role Contributor
```

## 9. In helm-config.yaml specify
## 8. In helm-config.yaml specify

```yaml
armAuth:
type: workloadIdentity
identityClientID: <identityClientID>
```
## 10.Get the AKS cluster credentials
## 9. Get the AKS cluster credentials
```bash
az aks get-credentials -g "${RESOURCE_GROUP}" -n myAKSCluster
```

## 11. Install the helm chart
## 10. Install the helm chart

```bash
helm install ingress-azure \
Expand Down
41 changes: 1 addition & 40 deletions docs/how-tos/helm-upgrade.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,49 +3,10 @@
> **_NOTE:_** [Application Gateway for Containers](https://aka.ms/agc) has been released, which introduces numerous performance, resilience, and feature changes. Please consider leveraging Application Gateway for Containers for your next deployment.
The Azure Application Gateway Ingress Controller for Kubernetes (AGIC) can be upgraded
using a Helm repository hosted on Azure Storage.

Before we begin the upgrade procedure, ensure that you have added the required repository:

- View your currently added Helm repositories with:

```bash
helm repo list
```

- Add the AGIC repo with:

```bash
helm repo add \
application-gateway-kubernetes-ingress \
https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/
```
using a Helm repository hosted on MCR.

## Upgrade

1. Refresh the AGIC Helm repository to get the latest release:

```bash
helm repo update
```

1. View available versions of the `application-gateway-kubernetes-ingress` chart:

``` bash
helm search repo -l application-gateway-kubernetes-ingress
```

Sample response:

```bash
NAME CHART VERSION APP VERSION DESCRIPTION
application-gateway-kubernetes-ingress/ingress-azure 1.0.0 1.0.0 Use Azure Application Gateway as the ingress for an Azure...
application-gateway-kubernetes-ingress/ingress-azure 0.7.0-rc1 0.7.0-rc1 Use Azure Application Gateway as the ingress for an Azure...
application-gateway-kubernetes-ingress/ingress-azure 0.6.0 0.6.0 Use Azure Application Gateway as the ingress for an Azure...
```

Latest available version from the list above is: `0.7.0-rc1`

1. View the Helm charts currently installed:

```bash
Expand Down
13 changes: 3 additions & 10 deletions docs/setup/install.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ You need to complete the following tasks prior to deploying AGIC on your cluster
3. Install Helm
[Helm](https://github.com/helm/helm) is an open-source packaging tool that is used to install ALB controller.
[Helm](https://github.com/helm/helm) is an open-source packaging tool that is used to install AGIC.
> Helm is already available in Azure Cloud Shell. If you are using Azure Cloud Shell, no additional Helm installation is necessary.
Expand Down Expand Up @@ -146,7 +146,7 @@ If using an existing Application Gateway, make sure the following:
echo "Set up federation with AKS OIDC issuer"
AKS_OIDC_ISSUER="$(az aks show -n "$AKS_NAME" -g "$RESOURCE_GROUP" --query "oidcIssuerProfile.issuerUrl" -o tsv)"
az identity federated-credential create --name "azure-alb-identity" \
az identity federated-credential create --name "agic" \
--identity-name "$IDENTITY_RESOURCE_NAME" \
--resource-group $RESOURCE_GROUP \
--issuer "$AKS_OIDC_ISSUER" \
Expand All @@ -164,14 +164,7 @@ If using an existing Application Gateway, make sure the following:

> Assignment of the managed identity immediately after creation may result in an error that the principalId does not exist. Allow about a minute of time to elapse for the identity to replicate in Microsoft Entra ID prior to delegating the identity.

1. Add the AGIC Helm repository:

```bash
helm repo add application-gateway-kubernetes-ingress https://appgwingress.blob.core.windows.net/ingress-azure-helm-package/
helm repo update
```

1. Install ALB Controller using Helm
1. Install AGIC using Helm

### For new deployments

Expand Down
12 changes: 0 additions & 12 deletions helm/index.md
View file

This file was deleted.

0 comments on commit fbefcca

Please sign in to comment.