Azure Kubernetes

This document tries to describe, and guide you, how to deploy DeviceOn on Azure cloud. The version is focused on Azure components to integrate to provide security, scalability and high availability.

Microsoft Azure provides lot’s of cloud services with security, scalability and high available. Based on Azure components, DeviceOn could focus on functionalities for device management and data acquisition. We fully integrate with below services:

• Azure Application Gateway (WAF protection and traffic load balancer), Optional

• Kubernetes (Container Management)

• Azure AD (Authentication), Optional

• Cosmos DB, Azure PostgreSQL (Database)

• Azure Function, IoTHub (Secure Device Connection)

• Stream Analytics, Event Hub, Service Bus (Message Bus and Filter)

When you build on Azure’s secure foundation, you accelerate your move to the cloud by achieving compliance more readily, allowing you to enable privacy-sensitive cloud scenarios, such as financial and health service, with confidence.

Prerequisites

To achieve the goal to deploy DeviceOn, some resources have to be acquired and preconditions must be met as well.

• An active Azure subscription.

• An Azure CLI installed on your laptop, please refer to Azure documentation to download and setup. The Azure CLI is available to install in Windows, macOS and Linux environments. It can also be run in a Docker container and Azure Cloud Shell.

Second option, if you don’t want to install Azure CLI, you can also adopt Azure Cloud Shell, please refer to Microsoft documentation.

Step 1: Obtain the following three parameters for deployment

• Application ID

• Password (Client Secrets)

• Tenant ID

1. Sign into your Azure account through Azure CLI

Use any way you prefer to open a Command Prompt and enter

az login

Note: If the CLI can open your default browser, it will do so and load a sign-in page. Otherwise, you need to open a browser page and follow the instructions on the command line to enter an authorization code after navigating to https://aka.ms/devicelogin in your browser. Sign in with your account credentials in the browser.

1. Select your Subscription

After you login, the terminal console will list all subscriptions, please select the subscription that you would like to deploy.

az account set --subscription SUBSCRIPTION_NAME

If you don’t know which subscriptions you have, you can use below command to list all the subscriptions, and determine whether the subscription has been selected according to isDefault.

az account list --output table

1. Create a service principal

The last step to create a service principal and generate these parameters. (1. Application ID, 2. Password and 3. Tenant ID)

az ad sp create-for-rbac --name SERVICE_PRINCIPAL_NAME --role "owner"

If you want to further limit the scope of service principle to resource group, please try to create the resource group, and then use the following command to limit.

az ad sp create-for-rbac --name SERVICE_PRINCIPAL_NAME --role "owner" --scopes /subscriptions/SUBSCRIPTION_ID/resourceGroups/{ResourceGroup1}

Step 2: Deploy DeviceOn via Custom Template

Click ->

1. Open the Azure Portal

This will open the Azure Portal (portal.azure.com) in your subscription and create the required resources.

1. Enter the following values:

Resource Group	Select the resource group name you created in the last section.
Region	Select a location for the resource group. For example, Southeast Asia.
Application Id	The application Id is obtained from Step 1.
Password	The password is obtained from Step 1.
Tenant Id	The tenant Id is obtained from Step 1.
Email	After deployment, the result/progress will be sent to this email
Location	Enter the location name according to the data center. for examle, Asia East(eastasia), Asia Southeast(southeastasia), Japan East(japaneast), US East(eastus), Europe North(northeurope)
IoTHub Sku	S1/S2/S3, the default is S1, you could adjust the tier from Azure Poral, if need.
IoTHub Unit	default is 1
Activate Key	Advantech hardware connection, enter N/A (free support for 1000 Advantech devices), or please contact us to purchase license key for Non-Advantech devices.
AKS Max Node Count	Maximum number of Kubernetes nodes to auto-scaling
Utc Value	Fix value for generating unique string

1. Select Review + create

2. Validation and start to create.

5. Deployment Process

The entire deployment process takes about 30 minutes. After completion, you will receive a mail notification. The content of the mail includes the DeviceOn web Service IP and login Account password.

Assuming that your mail is intercepted/block or not received due to mail server filters, we will synchronously write this information to the Azure Blob Log container. Go to your resource group (you entered at the stage of deployment) storage account -> container -> Log -> ServerInformation.log. If the container has not been created, please wait a few minutes for initialization.

1. Result

There are two resource group generated on your subscription, one is you entered at the stage of deployment, which include the services such as: AKS, IoTHub, EventHub, Stream Analytics, CosmosDB, PostgreSQL…etc. Another resource group name prefix name starts with MC, that contains AKS VM node.