Installing NGINX Ingress Controller

You must install NGINX Ingress Controller to terminate Transport Layer Security (TLS) and route traffic to HCL OneTest™ Server. You can install NGINX Ingress Controller by pulling the images from Azure Container Registry (ACR) when you do not to pull want to pull the images from the public registries.

Before you begin

You must have completed the following tasks:

Set up the Azure Kubernetes Service (AKS) cluster with Kubernetes. For more information, refer to Azure Kubernetes Service documentation.
Installed the following software:
- Git Bash 2.31.1. For more information, refer to the Git documentation.
- Helm. For more information, refer to the Helm documentation. For more information about specific versions of software requirements, see System Requirements.
  Note: The Helm command must be in one of the directories in your PATH environment variable.
- kubectl tool 1.21. For more information, refer to the Kubernetes documentation.
- Azure command-line interface (CLI) 2.25. For more information, refer to the Azure CLI documentation.
  
  Note: You can run the az version command to find the version and dependent libraries that are installed.
Logged in to the AKS cluster. You can run the az login command to log in to AKS interactively.
Subscribed to active Azure subscription. You can run the az account set --subscription {subscription_name} command to set your active subscription.
Configured the location of your AKS cluster. You can run the az configure --defaults location={location_name} command to set the location of your AKS cluster.
Tip: You can run the following command to get the list of all the available locations:
```
az account list-locations --query "[].{DisplayName:displayName, Name:name}" -o table
```

About this task

You must replace the following variables with the actual value in this procedure:

{resource_group} with the name of the resource group that you created during the creation of the AKS cluster.
{azure_cluster} with the name of the Azure cluster that you created during the creation of the AKS cluster.
{azure_container_registry} with the name of ACR that you created during the AKS setup.
{ip_address} with the internal IP address to use with the ingress controller.

Note: You must ensure that the IP address is not already in use within your virtual network.

Procedure

Run the following command to configure kubectl to connect to the AKS cluster:
```
az aks get-credentials -g {resource_group} -n {azure_cluster}
```
Note: You can verify the connection to the AKS cluster by running the kubectl get nodes command that displays a list of the cluster nodes.
Add the NGINX Ingress Controller repository to Helm by running the following command:
```
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx --force-update
```
Optional: Perform the following steps if you want to install NGINX Ingress Controller from ACR:
1. Run the following command to list the images to move into ACR:
```
for image in $(helm template ingress-nginx ingress-nginx/ingress-nginx --version 3.26.0 \
           | sed -r -n 's/ *image: *"([^"]*)"/\1/p' | uniq)
do
  echo "az acr import -n {azure_container_registry} \\"
  echo "  --source ${image/:*?@/@} \\"
  tag=${image/@*/}
  echo "  --image ${tag#*/}"
done
```
  The terminal displays a block of commands.
2. Run the commands that are displayed on the terminal after you perform Step 3.a to import an image to ACR.
Create a namespace in which you want to install NGINX Ingress Controller by running the following command:
```
kubectl create namespace ingress-nginx
```
Remember: ingress-nginx is the name of the namespace. If you created a namespace by using a different value, then you must use that value in place of the ingress-nginx in all the instances in this procedure.
Run the following command to label the namespace so that network policies facilitate traffic to pods of HCL OneTest™ Server:
```
kubectl label namespace ingress-nginx app.kubernetes.io/name=ingress-nginx
```

Perform one of the following steps to install NGINX Ingress Controller based on your requirement:

Run the following command to install the NGINX Ingress Controller by referencing the images from ACR:

helm install ingress-nginx ingress-nginx/ingress-nginx --version 3.26.0 \
-n ingress-nginx \
--set controller.admissionWebhooks.patch.image.repository="{azure_container_registry}.azurecr.io/jettech/kube-webhook-certgen" \
--set controller.admissionWebhooks.patch.nodeSelector."beta\.kubernetes\.io/os"=linux \
--set controller.image.repository="{azure_container_registry}.azurecr.io/ingress-nginx/controller" \
--set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-internal"=true \
--set controller.service.loadBalancerIP={ip_address}

Run the following command to install the NGINX Ingress Controller by referencing the images from the public registry:

helm install ingress-nginx ingress-nginx/ingress-nginx --version 3.26.0 \
-n ingress-nginx \
--set controller.admissionWebhooks.patch.nodeSelector."beta\.kubernetes\.io/os"=linux \
--set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-internal"=true \
--set controller.service.loadBalancerIP={ip_address}

Run the following command to verify that external-IP is assigned to NGINX Ingress Controller:
```
kubectl get svc -n ingress-nginx ingress-nginx-controller
```
Note: The status of EXTERNAL-IP displayed as Pending for few minutes. If the status does not change to $INGRESS IP, then that indicates you have a permissions problem. You can run the following command to investigate the problem:
```
kubectl describe svc -n ingress-nginx ingress-nginx-controller
```

Results

You have installed NGINX Ingress Controller.

What to do next

You can install the server software. See Installing the server software on Azure Kubernetes Service.