Deploy the ibm-apic-operator helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the IBM API Connect (APIC) Operator Helm chart on Azure Kubernetes Service (AKS), you need to perform a series of steps. Firstly, you need to provision an AKS cluster, then configure your Kubernetes environment to interact with the AKS cluster, and, finally, use the Helm package manager to deploy the IBM APIC Operator chart to the cluster.

Below is a TypeScript program using Pulumi that sets up an AKS cluster and deploys the IBM APIC Operator Helm chart to it. We will use the `azure-native` package to provision AKS and the `kubernetes` package to deploy the Helm chart.

Before you begin, ensure you have installed Pulumi and configured it to work with Azure. You also need to install Node.js and npm to create a TypeScript Pulumi program.

Now, let's look at the Pulumi program:

```typescript
import * as pulumi from '@pulumi/pulumi';
import * as azure from '@pulumi/azure';
import * as azuread from '@pulumi/azuread';
import * as kubernetes from '@pulumi/kubernetes';
import * as tls from '@pulumi/tls';

// Create an Azure Resource Group
const resourceGroup = new azure.core.ResourceGroup("aksResourceGroup");

// Create an Azure AD Application for AKS
const app = new azuread.Application("aks");

// Create a Service Principal for the Azure AD Application
const sp = new azuread.ServicePrincipal("aksSp", {
    applicationId: app.applicationId,
});

// Generate a random password for the Service Principal
const spPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: sp.id,
    endDate: "2099-01-01T00:00:00Z",
});

// Generate an SSH key for AKS
const sshKey = new tls.PrivateKey("sshKey", {
    algorithm: "RSA",
    rsaBits: 4096,
});

// Create the AKS cluster
const cluster = new azure.containerservice.KubernetesCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    defaultNodePool: {
        name: "default",
        nodeCount: 2,
        vmSize: "Standard_DS2_v2",
    },
    dnsPrefix: "akscluster",
    linuxProfile: {
        adminUsername: "adminuser",
        sshKey: {
            keyData: sshKey.publicKeyOpenssh,
        },
    },
    servicePrincipal: {
        clientId: app.applicationId,
        clientSecret: spPassword.value,
    },
    kubernetesVersion: "1.18.14",
});

// Export the kubeconfig to access the AKS cluster
export const kubeconfig = pulumi.
  all([ cluster.name, resourceGroup.name ]).
  apply(([ clusterName, rgName ]) => {
    const credentials = azure.containerservice.listManagedClusterUserCredentials({
        resourceName: clusterName,
        resourceGroupName: rgName,
    });
    const encoded = credentials.kubeconfigs[0].value;
    return Buffer.from(encoded, 'base64').toString();
});

// Using Pulumi Kubernetes provider to interact with the AKS cluster
const k8sProvider = new kubernetes.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Deploy the ibm-apic-operator helm chart into the AKS cluster using the Kubernetes provider
const ibmApicOperatorChart = new kubernetes.helm.v3.Chart("ibm-apic-operator", {
    chart: "ibm-apic-operator",
    version: "1.0.0", // specify the exact version you want to deploy
    fetchOpts:{
        repo: "https://charts.your.org/", // specify the chart repository
    },
}, { provider: k8sProvider });

// Exports
export const aksClusterName = cluster.name;
export const aksKubeconfig = kubeconfig;
```

In this program:

- We create an Azure resource group to hold our AKS cluster.
- Set up Azure AD application (the identity) for the AKS cluster.
- Generate an SSH key and a password for the cluster's service principal, which provides the AKS cluster access to other Azure resources.
- Then we actually create the AKS cluster, using the resource group, service principal, and SSH key we set up earlier.
- We export the kubeconfig, which is needed to connect to the Kubernetes cluster with kubectl.
- We set up a Pulumi Kubernetes provider to interact with the AKS cluster using the kubeconfig.
- Finally, we deploy the IBM API Connect Operator Helm chart into the AKS cluster, using the Kubernetes provider and specifying the chart version and repository.

Note:
- Replace `1.0.0` with the actual chart version you desire to install.
- Substitute `https://charts.your.org/` with the actual Helm chart repository URL for the IBM APIC Operator.

Make sure to install the necessary Pulumi providers before running this program:

```bash
$ npm install @pulumi/pulumi @pulumi/azure @pulumi/azuread @pulumi/kubernetes @pulumi/tls
```

To run the Pulumi program, save it to a file (e.g., `index.ts`), and execute it using Pulumi CLI commands:

```bash
$ pulumi up
```

This will provision the AKS cluster and deploy the IBM API Connect Operator Helm chart in the sequence defined by the code. After deployment, the `kubeconfig` and `aksClusterName` values will be output, which you can use to interact with your Kubernetes cluster.