1. Configure Managed Cloud

Add a public service

Version:

Sitecore comes with four public services: Content Management, Continuous Delivery, Identity, and Grafana. You can also add additional services.

To add a public service:

  1. Create a new service names in the DNS zone that points to Azure Frontdoor. Alternatively, if you use managedcloud.sitecore.com you can create a service request.

  2. Add the new hostname as a secret to Azure Key Vault. The name of the secret must have the following pattern:

    sitecore-{your service name}-host-name.

  3. In the Infrastructure repository, create a pull request with the following changes:

    • Extend the frontdoor/backend-config.json file with a new service.

    • Retrieve the Azure Keyvault secrets with new hostnames created in step 2.

    • Add an Azure Frontdoor routing rule at the frontdoor/main.tf to point the new service backend pool routing_rule. View HTTPS-cd as an example.

    • Add the Azure Frontdoor frontend endpoint to register the hostname on the Azure Frontdoor side at the frontdoor/main.tf.

      View cm-frontend-endpoint as an example. If you want the service to be protected by WAF, view cd-frontend-endpoint as an example.

  4. To apply the changes, complete the pull request and run the Frontdoor pipeline.

  5. In the Infrastructure repository, create a second pull request with the following changes:

    • Add the Azure Frontdoor custom HTTPS configuration at the frontdoor/main.tf . View cm_https_configuration as an example (and replace the frontend_endpoints with the correct service endpoint).

      Note

      Wait until the previously triggered pipeline is finished.

  6. In the Application repository, create a pull request and include the following items:

    • Declare a deployment for a particular application and two services. Add the deployment and the first service to the Sitecore namespace. View CM declaration under /platform-artifacts/cm.yaml as an example.

    • Add the second service to the Nginx namespace to route traffic from the Nginx to the Sitecore role and prepare the Kubernetes deployment for the service external-services-example.yaml:

      ---
kind: Service
apiVersion: v1
metadata:
  name: service-name-external
spec:
  type: ExternalName
  externalName: service-name-example.{{ solution_id }}.svc.cluster.local
  ports:
  - port: 80

    • Declare an Ingress for the service and prepare the Kubernetes deployment for the Ingress configuration ingress-config-example.yaml:

      ---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: service-name-example-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - host: "example.sitecore"
    http:
      paths:
      - path: /
        backend:
          serviceName: service-name-example
          servicePort: 80

    • Add an Ansible role to run these deployments. It must contain at least two tasks to run the deployments (the deployment files must be under the templates folder inside the role):

      ---
- name: Install external services
  k8s:
    apply: true
    namespace: "nginx"
    state: present
    definition: "{{ lookup('template', 'external-services-example.yaml') }}"
    validate:
      fail_on_error: yes

- name: Install ingress
  k8s:
    apply: true
    namespace: "nginx"
    state: present
    definition: "{{ lookup('template', 'ingress-config-example.yaml') }}"
    validate:
      fail_on_error: yes

      The value of the host field must be the same as the host_header property in /frontdoor/backend-config.json file in the Infrastructure repository. The value of serviceName property must be the same as service name declared in the Nginx namespace.

  7. Complete the pull request.

If you have suggestions for improving this article, let us know!