Deploy the haproxytech-haproxy-ingress helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the `haproxytech-haproxy-ingress` Helm chart on Azure Kubernetes Service (AKS), we'll follow these steps:

1. Set up the Azure Kubernetes Service (AKS) cluster.
2. Configure the Kubernetes provider to use the credentials from the AKS cluster.
3. Deploy the `haproxytech-haproxy-ingress` Helm chart to the AKS cluster.

First, you'll need to have the Pulumi CLI installed and configured with an appropriate Azure account.

### Step 1: Set Up AKS Cluster

We'll define an AKS cluster using the `azure-native` provider, which allows us to create Azure resources using Pulumi. Here's why we're using specific resources:

- `ResourceGroup`: A container that holds related resources for an Azure solution.
- `ManagedCluster`: The AKS cluster resource.
  
The `ResourceGroup` will group the cluster and related resources together, while the `ManagedCluster` will actually create the AKS cluster.

### Step 2: Configure Kubernetes Provider

After creating the AKS cluster, we will extract the kubeconfig from the created cluster. This kubeconfig allows us to interact with the AKS cluster using Kubernetes commands, and we will use it to configure the Pulumi Kubernetes provider.

### Step 3: Deploy Helm Chart

We will deploy the `haproxytech-haproxy-ingress` Helm chart using Pulumi's `Chart` resource from the `kubernetes` package. The `Chart` resource is used to deploy packaged applications to a Kubernetes cluster.

Comments within the program will guide you through what each part of the script is doing. Below is the TypeScript program:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Create an Azure Resource Group
const resourceGroup = new azure_native.resources.ResourceGroup("resourceGroup");

// Step 2: Create an AKS Cluster
const cluster = new azure_native.containerservice.ManagedCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2,  // Number of agents (VMs) to host k8s workloads
        maxPods: 110,  // Maximum number of pods that can run on an agent
        mode: "System",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",  // VM type for the agents
        name: "agentpool",  // Name of the agent pool
    }],
    dnsPrefix: "aksk8s",  // DNS prefix for the AKS cluster
    enableRBAC: true,  // Enable Kubernetes RBAC
    kubernetesVersion: "1.20.7",  // Specify the version of Kubernetes
    linuxProfile: {  // Configuration for Linux VMs
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{ keyData: "ssh-rsa AAAAB3NzaC1..." }],
        },
    },
});

// Export the AKS cluster kubeconfig.
export const kubeconfig = pulumi.
    all([cluster.name, resourceGroup.name]).
    apply(([clusterName, rgName]) => {
        return azure_native.containerservice.listManagedClusterUserCredentials({
            resourceGroupName: rgName,
            resourceName: clusterName,
        });
    }).apply(creds => Buffer.from(creds.kubeconfigs[0].value, 'base64').toString());

// Step 3: Configure the Kubernetes provider with the obtained kubeconfig
const provider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Step 4: Deploy the `haproxytech-haproxy-ingress` Helm chart
const haproxyIngress = new k8s.helm.v3.Chart("haproxy-ingress", {
    chart: "haproxy-ingress",
    fetchOpts: {
        repo: "https://haproxytech.github.io/helm-charts",
    },
    version: "1.17.1",  // Specify the chart version you wish to deploy
}, { provider: provider });

// Export the ingress IP to access the ingress controller from the internet
export const ingressIp = haproxyIngress.getResourceProperty("v1/Service", "haproxy-ingress-controller", "status").apply(status => status.loadBalancer.ingress[0].ip);
```

In this program, be sure to replace the placeholder in the `ssh` keyData with your actual public SSH key.

After setting up this program, run these commands to deploy your infrastructure:

```bash
pulumi up        # Preview and deploy changes
pulumi stack     # View stack outputs (includes ingress IP)
pulumi destroy   # Tear down all resources
```

These commands will initiate the Pulumi deployment process, which provisions resources on Azure. The ingress IP output is useful to access the HAProxy ingress controller from the internet once it's deployed.