Deploy the venafi-adapter helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy a Helm chart on an Azure Kubernetes Service (AKS) cluster using Pulumi, you'll first need to have an AKS cluster running. Once you have the cluster, you can use Pulumi's Kubernetes provider to deploy the Helm chart.

In the following TypeScript-based Pulumi program, we'll walk through the process of:

Setting up an AKS Cluster – We'll create an AKS cluster that your applications will run on.
Deploying a Helm Chart – We'll deploy the venafi-adapter Helm chart to the AKS cluster.

Setting Up the AKS Cluster:

First, we need to use Azure's native Pulumi provider to create an AKS cluster by defining resources such as ResourceGroup and ManagedCluster. The ManagedCluster resource is where you define specifics for the Kubernetes cluster like node size, count, and other configurations.

Deploying the Helm Chart:

With the cluster in place, we'll use the Pulumi Kubernetes provider to instantiate the Helm chart. Pulumi works with existing Helm charts, and you can specify the chart version, the repository, and any values you want to override in the Helm chart.

Below we will define both steps in a Pulumi program:

import * as azure from "@pulumi/azure";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";

// Step 1: Create an Azure Resource Group
const resourceGroup = new azure.core.ResourceGroup("myResourceGroup");

// Step 2: Create an AKS cluster
const cluster = new azure.containerservice.KubernetesCluster("myAksCluster", {
    resourceGroupName: resourceGroup.name,
    defaultNodePool: {
        name: "aksagentpool",
        nodeCount: 2,
        vmSize: "Standard_DS2_v2",
    },
    dnsPrefix: `${pulumi.getStack()}-kube`,
    linuxProfile: {
        adminUsername: "adminuser",
        sshKey: {
            keyData: "<YOUR_SSH_PUBLIC_KEY>",
        },
    },
    servicePrincipal: {
        clientId: "<YOUR_SERVICE_PRINCIPAL_CLIENT_ID>",
        clientSecret: "<YOUR_SERVICE_PRINCIPAL_CLIENT_SECRET>",
    },
});

// Export the kubeconfig
export const kubeConfig = cluster.kubeConfigRaw;

// Step 3: Define the Kubernetes provider using the generated kubeconfig from the AKS cluster
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeConfig,
});

// Step 4: Deploy the venafi-adapter Helm chart onto your AKS cluster using the k8s provider
const venafiAdapterChart = new k8s.helm.v3.Chart("venafi-adapter", {
    chart: "venafi-adapter",
    version: "<CHART_VERSION>", // Specify the chart version you wish to deploy
    fetchOpts:{
        repo: "https://charts.jetstack.io", // The repository URL where the chart can be found
    },
    // Include any custom overrides for default chart values
    values: {
        // ... enter your values here
    },
}, { provider: k8sProvider });

// Export the Helm chart deployment status; useful when waiting for resources to get up
export const helmDeploymentStatus = venafiAdapterChart.status;

In this program,

We first declare a resource group using azure.core.ResourceGroup.
Then, we create an AKS cluster using azure.containerservice.KubernetesCluster. Here, you'll want to insert your own SSH public key and service principal credentials.
Once we have our AKS cluster, we export the cluster's kubeConfigRaw which allows us to connect to the AKS cluster.
With the kubeconfig, we create an instance of k8s.Provider which tells Pulumi how to communicate with our AKS cluster.
Finally, we deploy the venafi-adapter Helm chart using k8s.helm.v3.Chart. You will need to specify the correct version of the Helm chart and can also override any default chart values that you need.

Before running this Pulumi program, make sure you've installed Pulumi and have authenticated with Azure to manage resources. Replace placeholders for the SSH key and service principal with your own values. After that, use the Pulumi CLI to deploy your infrastructure with pulumi up.

Please note that we are using a third-party Helm chart in this example, and you'll need to make sure that the venafi-adapter chart and its version are correctly specified. It's also important to read through the Helm chart documentation to understand what configurations or values are necessary for your use case.