Step 7 - Install and configure prerequisite components

Now that you have access to the Helm charts, they can be deployed.

• First install the prerequisite components.

helm upgrade --install rabbitmq-cluster-operator bitnami/rabbitmq-cluster-operator \
  --atomic \
  --version 4.2.5 \
  --set msgTopologyOperator.fullnameOverride=rabbitmq-messaging-topology-operator \
  --set clusterOperator.image.tag=2.8.0-debian-12-r2 \
  --set msgTopologyOperator.image.tag=1.13.0-debian-12-r8 \
  --set credentialUpdaterImage.tag=1.0.4-debian-12-r16 \
  --set rabbitmqImage.tag=3.13-debian-12-r1 \
  --set clusterOperator.watchAllNamespaces=false \
  --set clusterOperator.watchNamespaces={cdrplatform} \
  --set msgTopologyOperator.watchAllNamespaces=false \
  --set msgTopologyOperator.watchNamespaces={cdrplatform} \
  --set clusterOperator.resources.requests.cpu=100m \
  --set clusterOperator.resources.requests.memory=256Mi \
  --set clusterOperator.resources.limits.cpu=100m \
  --set clusterOperator.resources.limits.memory=256Mi \
  --set msgTopologyOperator.resources.requests.cpu=100m \
  --set msgTopologyOperator.resources.requests.memory=256Mi \
  --set msgTopologyOperator.resources.limits.cpu=100m \
  --set msgTopologyOperator.resources.limits.memory=256Mi

helm upgrade --install keda kedacore/keda --wait \
  --version 2.13.0

helm upgrade --install nginx-ingress ingress-nginx/ingress-nginx --wait \
  --set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz \
  --version 4.9.1

helm upgrade --install external-secrets external-secrets/external-secrets \
  --wait \
  --version 0.9.11 \
  --set installCRDs=true

• Then, install the supporting components.

helm upgrade --install cdrplatform-storage cdrplatform-storage

helm upgrade --install cdrplatform-rabbitmq cdrplatform-rabbitmq \
  --set image.repository=glasswallhub.azurecr.io/cdrplatform-rabbitmq \
  --set image.tag=77417 \
  --set cloud_provider=azure

For the next step, select the same method which you used to configure your access to the Key Vault in Step 4 (Managed Identity or Service Principal), and follow the corresponding steps below to configure external secrets and install the secret synchronization.

7A - Managed Identity

• Obtain the kubelet Managed Identity client ID via the following command.

az aks show -g "${rgp}" -n "${aksname}"

• Find the same element as last time "identityProfile/kubeletidentity" but this time you need the Client ID value.

• Next, install the supporting components (ensuring ${kvname} is substituted for the Key Vault name and ${MIclientID} is replaced with the value sourced above):

helm upgrade --install cdrplatform-external-secrets cdrplatform-external-secrets \
  --set cloud_providers.azurekv.enabled=true \
  --set cloud_providers.azurekv.vaultUrl="https://${kvname}.vault.azure.net" \
  --set cloud_providers.azurekv.clientId=${MIclientID}

OR

7B - Service Principal

helm upgrade --install cdrplatform-external-secrets cdrplatform-external-secrets --create-namespace \
  --set cloud_providers.azurekv.enabled=true \
  --set cloud_providers.azurekv.authType=ServicePrincipal \
  --set cloud_providers.azurekv.tenantId=${tenantid} \
  --set cloud_providers.azurekv.authSecretRef.clientId.name=keyvault-service-principal \
  --set cloud_providers.azurekv.authSecretRef.clientId.key=ClientID \
  --set cloud_providers.azurekv.authSecretRef.clientSecret.name=keyvault-service-principal \
  --set cloud_providers.azurekv.authSecretRef.clientSecret.key=ClientSecret \
  --set cloud_providers.azurekv.vaultUrl="https://"${kvname}".vault.azure.net"

Continue  Need help?