Deploy the nginx-gateway-fabric helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the `nginx-gateway-fabric` Helm chart on Azure Kubernetes Service (AKS), you would usually follow these high-level steps:

1. Create an AKS cluster if you don't already have one.
2. Configure `kubectl` to connect to your AKS cluster.
3. Use `helm` to deploy your chosen Helm chart onto the cluster.

In Pulumi, this can be accomplished within a single TypeScript program. Let me walk you through these steps and how they translate to a Pulumi program.

Firstly, you will need to create an AKS cluster using Pulumi's Azure Native Provider. We will use the `ProvisionedCluster` resource from the `azure-native.hybridcontainerservice` module for this purpose.

Secondly, Pulumi provides a way to create and configure Kubernetes resources on a cluster using the `helm.v3.Chart` resource from the `@pulumi/kubernetes` package. This will allow us to install the `nginx-gateway-fabric` Helm chart.

Below is a program written in TypeScript that defines the necessary resources on Azure using Pulumi. Here, we first create an AKS cluster and then deploy the Helm chart onto it.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azureNative from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Create an AKS cluster
const resourceGroupName = new azureNative.resources.ResourceGroup("myResourceGroup");

const cluster = new azureNative.containerservice.ManagedCluster("myAksCluster", {
    resourceGroupName: resourceGroupName.name,
    agentPoolProfiles: [{
        count: 3,
        maxPods: 110,
        mode: azureNative.containerservice.AgentPoolMode.System,
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: azureNative.containerservice.OSType.Linux,
        vmSize: azureNative.containerservice.ContainerServiceVMSizeTypes.Standard_DS2_v2,
    }],
    dnsPrefix: "myaksdns",
    kubernetesVersion: "1.18.14",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa AAAAB3Nza[...]",
            }],
        },
    },
    location: resourceGroupName.location,
    servicePrincipalProfile: {
        clientId: "client-id",
        secret: "client-secret",
    },
});

// Step 2: Configure kubectl to connect to the newly created AKS cluster
const creds = pulumi.all([resourceGroupName.name, cluster.name])
    .apply(([resourceGroupName, clusterName]) =>
        azureNative.containerservice.listManagedClusterUserCredentials({
            resourceGroupName,
            resourceName: clusterName,
        }));

const kubeconfig = creds.kubeconfigs[0].value.apply(kubeconfig => Buffer.from(kubeconfig, "base64").toString());

// Step 3: Deploy the nginx-gateway-fabric Helm chart onto the AKS cluster
const nginxGatewayFabricChart = new k8s.helm.v3.Chart("nginx-gateway-fabric", {
    repo: "nginx-gateway",
    chart: "nginx-gateway-fabric",
    version: "1.2.3", // specify the exact chart version you want to deploy
    // values here is optional, depending on if you need to override any default values in the Helm chart
    values: {
        // specify values here
    },
}, { kubeconfig });

// Export the kubeconfig to access the cluster
export const kubeconfigOutput = kubeconfig;
```

Here's what we are doing in the program:

- We import the necessary modules from Pulumi's SDK for TypeScript.
- We create a new Azure Resource Group to organize all the resources for this deployment.
- We create an AKS cluster with Linux nodes and specify an SSH key for access.
- We obtain the cluster credentials, which allow us to interact with the Kubernetes cluster using `kubectl`.
- We deploy the `nginx-gateway-fabric` Helm chart to the AKS cluster. Please note that you would have to replace `1.2.3` with the actual version of the Helm chart you wish to install and perhaps provide a repository URL.
- We output the `kubeconfig` so you can access your cluster externally using `kubectl` if needed.

To deploy this program, save it to a file with a `.ts` extension, install the necessary dependencies with `npm install`, and then run `pulumi up` to provision the resources. Please ensure you have Pulumi CLI installed and are authenticated with Azure.

Lastly, this program assumes that you have the right credentials set up in your environment to create resources in an Azure subscription. If you are using a service principal (as implied in the program), you would need to replace `'client-id'` and `'client-secret'` with your actual Azure service principal credentials.