You can deploy a cloud native VMware Telco Cloud Automation on Azure Kubernetes Services by using image package bundle uploaded to Azure Container Registry.

You need an Azure container registry to deploy VMware Telco Cloud Automation on Azure. This Registry contains the General Availability (GA) artifacts of Cloud Native VMware Telco Cloud Automation. To begin the deployment, first create the Azure Container Registry.

Caution:

  • Create the cluster, Azure Container Registry (ACR), and tca-deployment container using the same service principal login. It is crucial to maintain consistency between the service principal used for Cluster and ACR to avoid any disconnections.

  • Execute both the copy_artifacts and tca_install scripts from the same tca-deployment container instance.

Prerequisites

  • To create ACR and copy TCA deployment container image to ACR, install azcli and imgpkg on the environmnet from where you can perform the procedure.

    For more information on installing azcli and imgpkg, see Installing the Azure CLI and Installing imgpkg package.

Procedure

  1. Create Azure container registry by using azcli. 
    az login --service-principal -u <user_id> -p=<password> --tenant <tenant_id> 
acr create --name <registry_name> --resource-group <resource_group_name> --sku <sku_name>
# copy the authtoken for copying the artifact
az acr login -t --name <registry_name> -g <resource_group_name> --expose-token
  2. Copy the tca-deployment image from the VMware public artifactory to the Azure Container Registry (ACR).
    Note:

    Set the necessary environment variables to access the Azure Container Registry.

    export IMGPKG_REGISTRY_HOSTNAME_1=<Azure Container Registry name>.azurecr.io
export IMGPKG_REGISTRY_IDENTITY_TOKEN_1=<Auth_token>

imgpkg copy -i vmwaresaas.jfrog.io/registry/tca-deployment:<release number>-ob-<build number> --to-repo <acr_name>/tca-deployment
    Note:

    The tca-deplyoment image on the vmware repo is stored as : tca-deployment:3.x.x-ob-<build_number>.

  3. Create the tca-deployment container using the image uploaded in the previous step. This container is deployed within the Azure cloud environment to help the subsequent stages of TCA deployment. 
    # Service principal login is required before running the container creation command

az login --service-principal -u <user_id> -p=<password> --tenant <tenant_id>

az container create --resource-group <resource_group>  --name <container_name> --image <<acr_name>>.azurecr.io/tca-deployment:<release_number>-ob-<build_number>
  4. Access the tca-deployment container using the exec command. 
    az container exec -g <resource_group> --name <container_name> --exec-command "/bin/bash"
  5. Execute the following command to authenticate into tenant of Azure from within tca-deploy container. 
    az login --service-principal -u <user_id> -p=<password> --tenant <tenant_id>
  6. Retrieve Kubernetes configuration settings for an AKS cluster by using the following command. 
    az aks get-credentials --name <cluster_name> --resource-group <resource_group> --subscription <subscription_id>
  7. Run copy-artifacts utility to upload each artifact individually into the specified Azure Container Registry (ACR). 
    export PYTHONPATH="${PYTHONPATH}:/opt/vmware"

cd /opt/vmware/scripts/setup_registry

python3 copy_artifacts.py --artifacts-lists /opt/vmware/tca-service-list --registry-type acr --repo-prefix <user defined acr repo prefix> --resource-group <resource_group>
  8. Create the necessary kubeconfig by encoding the following details in the base 64 format. Ensure that you place the encoded kubeconfig in the designated location in input.json file.

    The kubeconfig string contains following details:

    clientId: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
clientSecret: "xxxxx~-xxxxxxxxxxxx~xxxxxxxxxx"
resourceGroup: "example_resourceGroup"
tenantId: "xxxxxxx-xxxx-xxxxx-xxxxx-xxxxx"
subscriptionId: "xxxxxxx-xxxxxx-xxxxx-xxxxx-xxxxxxxxxx"

    This input.json contains details for the deployment process, including the encoded kubeconfig string.

    {  
"clusterName": "<<cluster name>>",  
"kubeconfig": "Y2xpZ.......Hh4eHgi",  
"mode": "non-ha",  
"tcaCps": [    
{      
    "localAuth": {        
    "tca_user_password": "<<Provide base64 encoded password for 9443 portal>>"      
},      
     "externalAddress": "<prefix>.<cluster- region>.cloudapp.azure.com",   "namespaceSuffix": "pa0",      
     "size": "medium",      
     "sshPrivateKey": "\n-----BEGIN RSA PRIVATE KEY-----\nMIIE......8iVA==\n-----END RSA PRIVATE KEY-----\n",      
   "sshPublicKey": "ssh-rsa AAAA...qwdJx [email protected]" }  ]\n",  
"tcaMgr": {    
    "externalAddress": "<prefix>.<cluster-region>.cloudapp.azure.com"
    "installWorkflowHub": <boolean flag to indicate if workflow needs to be installed, default is false>",    
    "ip": "0.1.2.3",    
    "kubeconfig": "Y2xpZW50.....Hgi",    
    "localAuth": {      
    "tca_user_password": "<<Provide base64 encoded password for 9443 portal>>"    
    },   
    "size": "large"  
    
     }

}

    To generate a pair of private and public key files, use ssh-keygen tool .

  9. Deploy the TCA by executing the following command and provide the details.
    Note:

    While current TCA installation is in progress, new TCA installation should not be started using the tca_install.py. The tca_install.py does not support multiple installations at the same time. You must wait until current installation is complete.

    cd /opt/vmware/scripts/deploy 

python3 tca_install.py --cloud azure --registry-url <acr_repo_prefix>.azurecr.io/tca-project --artifacts-path /opt/vmware/ --input <directory path to input.json> --tag <release_number>-ob-<build_number>
  10. After you have deployed the VMware Telco Cloud Automation On Azure cloud:

    1. Open the Azure Portal.

    2. Click AKS cluster on which TCA is deployed.

    3. From the left-side navigation pane, select Services and Ingresses. A list of services is displayed.

    4. Filter the list based on the TCA Manager and TCA Control Plane namespaces, and pick the external IP of the istio-ingressgateway service for each namespace.These are the public IPs used to access the respective TCAM and TCACP.

    5. With the IPs obtained, proceed to configure the TCAM and TCACP by opening the appliance management portal (IP:9443).