Deploy the istio-cni helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Istio CNI Helm chart on Azure Kubernetes Service (AKS), we need to follow these steps:

1. **Provision an AKS Cluster**: We will use Pulumi's `azure-native` package to provision an AKS cluster. We will create a new managed Kubernetes cluster (AKS) with a specified version and a node pool with a desirable VM size for the nodes.

2. **Install the Helm Chart**: After the cluster is provisioned, we'll use Pulumi's `kubernetes` provider to install the `istio-cni` Helm chart. We assume that Helm is already installed on the machine where Pulumi is running, and we have access to the Helm CLI.

3. **Configuring `azure-native` Provider**: For both steps, we assume that you have the Azure CLI installed and already logged in with an account that has sufficient permissions to create the resources required.

Below is a Pulumi TypeScript program that performs these steps.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

const clusterName = "istio-example-aks";
const resourceName = "istioexample";

// Create an Azure Resource Group
const resourceGroup = new azure_native.resources.ResourceGroup(resourceName);

// Now let's create an AKS cluster.
const cluster = new azure_native.containerservice.ManagedCluster(clusterName, {
    // Specify the resource group and location for the AKS cluster
    resourceGroupName: resourceGroup.name,
    location: resourceGroup.location,
    // Define the properties of the AKS cluster
    kubernetesVersion: "1.23.5",
    dnsPrefix: `${clusterName}-kube`,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    // Azure AD integration etc. can be specified here if needed
});

// Export the Kubeconfig
export const kubeconfig = pulumi.
    all([cluster.name, resourceGroup.name]).
    apply(([clusterName, rgName]) => {
        return azure_native.containerservice.listManagedClusterUserCredentials({
            resourceName: clusterName,
            resourceGroupName: rgName,
        });
    }).
    apply(credentials => {
        const encoded = credentials.kubeconfigs[0].value;
        if (encoded === undefined) {
            throw new Error("Kubeconfig was undefined");
        }
        return Buffer.from(encoded, 'base64').toString();
    });

// Create a Kubernetes provider instance that uses our cluster from above.
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Use the Pulumi Kubernetes provider to deploy the Istio CNI Helm chart
const istioCniChart = new k8s.helm.v3.Chart("istio-cni", {
    chart: "istio-cni",
    version: "1.1.1", // Use the desired version
    namespace: "kube-system", // Install to the `kube-system` namespace
    fetchOpts: {repo: "https://istio-release.storage.googleapis.com/charts"},
}, { provider: k8sProvider });

// Export the cluster name and kubeconfig
export const clusterNameExport = cluster.name;
```

### Explanation:

1. **Resource Group Creation**: We start by creating an Azure resource group which is a logical container in which our resources like AKS clusters, virtual networks, and other resources will reside.

2. **AKS Cluster Creation**: We then create the AKS cluster within our resource group with the help of Pulumi's `azure-native.containerservice.ManagedCluster` resource. For the cluster, we specify the desired Kubernetes version, DNS prefix for the API server URL, and the details of the node pool, like the count of nodes, their VM size, and OS type.

3. **Kubernetes Config**: After the cluster creation, we export the kubeconfig which will be used to interact with the Kubernetes cluster. This is necessary for the Pulumi Kubernetes provider to deploy resources onto the AKS cluster.

4. **Kubernetes Provider**: We instantiate the Pulumi Kubernetes provider using the previously obtained kubeconfig. This provider is what we'll then use to interact with our AKS cluster's Kubernetes API server.

5. **Helm Chart Deployment**: Finally, we define a Pulumi resource of type `k8s.helm.v3.Chart` that represents our Helm chart. We specify the chart name `istio-cni`, the version, the namespace to deploy to, and the Helm repo URL.

6. **Outputs**: We export the cluster name and kubeconfig as stack outputs for easy access to these values, which would be required to manage and interact with the AKS cluster, for example via `kubectl`.

To deploy this Pulumi program, save it to a file such as `index.ts`, and run `pulumi up` in the same directory. Pulumi will perform the deployment steps described above. Note that for this code to run, you should have Pulumi CLI and necessary plugins installed, along with having logged in to your Azure account through the Azure CLI.