Deploy the ansible-automation-platform helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

## Deploying Ansible Automation Platform on Azure Kubernetes Service (AKS) using Pulumi and Helm

To deploy the Ansible Automation Platform on AKS, we will follow these steps:

1. Set up an AKS cluster using Pulumi with the `azure-native` provider, which allows us to interact directly with Azure resources using the Pulumi programming model.
2. Once the AKS cluster is up and running, we will use the `harness` provider's `Helm` resource in Pulumi to deploy the Ansible Automation Platform helm chart onto the AKS cluster.

The code below is structured to provide a clear path from creating the cluster to deploying the application:

### Prerequisites

Before running the code, make sure you have the following prerequisites installed:

- Pulumi CLI
- Azure CLI
- Node.js and npm package manager
- An Azure account with permissions to create resources

Log in to Azure and set up your Pulumi stack with the necessary configurations:

```sh
az login
pulumi login
pulumi stack init ansible-automation-on-aks
```

### Pulumi Program (TypeScript)

Here's a Pulumi program written in TypeScript that sets up the cluster and deploys the helm chart:

```typescript
import * as azure from '@pulumi/azure';
import * as k8s from '@pulumi/kubernetes';
import * as pulumi from '@pulumi/pulumi';
import * as azuread from '@pulumi/azuread';
import * as random from '@pulumi/random';

// Step 1: Create a new Azure Active Directory application for AKS
const app = new azuread.Application("aks");

// Step 2: Create a service principal for the application so AKS can act on behalf of your application
const servicePrincipal = new azuread.ServicePrincipal("aksSp", { applicationId: app.applicationId });

// Step 3: Create a random password for the Service Principal
const password = new random.RandomPassword("password", {
    length: 20,
    special: true,
});

// Step 4: Create the Service Principal Password
const servicePrincipalPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: servicePrincipal.id,
    value: password.result,
    endDate: "2099-01-01T00:00:00Z",
});

// Step 5: Create a resource group for the AKS cluster
const resourceGroup = new azure.core.ResourceGroup("aksRg");

// Step 6: Create the AKS cluster
const cluster = new azure.containerservice.KubernetesCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    dnsPrefix: `${pulumi.getStack()}-kube`,
    linuxProfile: {
        adminUsername: "aksuser",
        sshKey: {
            keyData: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbC...",
        },
    },
    servicePrincipal: {
        clientId: servicePrincipal.applicationId,
        clientSecret: servicePrincipalPassword.value,
    },
    defaultNodePool: {
        name: "aksagentpool",
        nodeCount: 2,
        vmSize: "Standard_DS2_v2",
    },
    // Make sure this version is available in your region, use `az aks get-versions` CLI command
    kubernetesVersion: "1.18.14",
    roleBasedAccessControl: { enabled: true },
});

// Step 7: Expose the kubeconfig for the cluster
export const kubeConfig = cluster.kubeConfigRaw;

// Step 8: Create a Kubernetes provider instance using the kubeconfig from AKS cluster
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: cluster.kubeConfigRaw,
});

// Step 9: Deploy the Ansible Automation Platform Helm chart using the Kubernetes provider
const ansiblePlatform = new k8s.helm.v3.Chart("ansible-automation-platform", {
    chart: "ansible-automation-platform",
    version: "1.2.3", // Replace with the version of your choice
    fetchOpts: {
        repo: "https://charts.example.com/repository", // Replace with the chart's repository URL
    },
}, { provider: k8sProvider });

// Step 10: Export the cluster name and kubeconfig
export const clusterName = cluster.name;
```

### Explanation

1. **Service Principal**: Before creating an AKS cluster, we must have a service principal that allows AKS to interact with other Azure resources on our behalf. Here we create one associated with our AKS application.
2. **Resource Group**: AKS cluster and associated resources need to be in a resource group, which acts as a logical container.
3. **AKS Cluster**: The AKS cluster is defined with node size, count, and the version for Kubernetes. We must ensure the chosen Kubernetes version is available in our Azure region ahead of time.
4. **Kubeconfig**: For Pulumi to communicate with our AKS cluster, we need access to the kubeconfig that contains cluster connection information.
5. **Kubernetes Provider**: We use a Pulumi Kubernetes provider to manage Kubernetes resources. It uses kubeconfig from the AKS resource.
6. **Helm Chart**: Lastly, we deploy the helm chart for the Ansible Automation Platform onto our AKS cluster. You must replace `chart` and `version` with the details of the Ansible Automation Platform helm chart you wish to deploy and `repo` with the correct Helm repository URL.

To run this program:

- Save this code to a file named `index.ts`.
- Run `pulumi up` to execute the Pulumi program.

The execution of this program will result in the creation of an AKS cluster and the deployment of the Ansible Automation Platform helm chart onto that cluster.