Deploy the oam-kubernetes-runtime helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the `oam-kubernetes-runtime` helm chart on Azure Kubernetes Service (AKS) using Pulumi, we'll follow these steps:

1. Set up an Azure Kubernetes Service (AKS) cluster.
2. Install the Helm chart for the OAM Kubernetes runtime into the AKS cluster.

We will use the `azure-native` package for creating the AKS cluster. It provides native Azure resource management directly within Pulumi. For deploying the Helm chart to the Kubernetes cluster, we'll use the `kubernetes` package that Pulumi offers, particularly the `helm.sh/v3.Chart` class which allows us to deploy Helm charts.

Below is the TypeScript Pulumi program that sets up the AKS cluster and deploys the `oam-kubernetes-runtime` Helm chart. Note that for this code to work, you must have configured your Pulumi Azure credentials.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Create a resource group for the AKS cluster
const resourceGroup = new azure_native.resources.ResourceGroup("myResourceGroup");

// Create the AKS cluster
const cluster = new azure_native.containerservice.ManagedCluster("myAKSCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 1,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "myaksclusterdns",
    enableRBAC: true,
    kubernetesVersion: "1.19.0",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa PUBLIC_KEY_HERE",
            }],
        },
    },
    // Enable the Azure AD integration if needed; skipped in this example for simplicity
    // identityProfile: { ... }
});

// Once the AKS cluster is created, we can configure Pulumi to use the cluster's
// kubeconfig for deploying Helm charts to it.
const creds = pulumi.output(azure_native.containerservice.listManagedClusterUserCredentials({
    resourceGroupName: resourceGroup.name,
    resourceName: cluster.name,
}));

const kubeconfig = creds.kubeconfigs[0].value.apply(enc => Buffer.from(enc, 'base64').toString());

const provider = new k8s.Provider("k8s-provider", {
    kubeconfig: kubeconfig,
});

// Deploy the `oam-kubernetes-runtime` Helm chart
const oamChart = new k8s.helm.v3.Chart("oam-kubernetes-runtime", {
    chart: "oam-kubernetes-runtime",
    // Specify the Helm repository's URL that hosts the oam-kubernetes-runtime chart
    repo: "https://charts.crossplane.io/stable",
    // It's recommended to pin your chart version for predictable deployments
    version: "0.3.2",
    namespace: "oam-system",
    // Include the required values for your Helm chart here
    // values: { ... },
}, { provider: provider });

// Export the cluster name and kubeconfig
export const kubeconfigOut = pulumi.secret(kubeconfig);
export const clusterName = cluster.name;

```

The above program performs the following operations:

- Defines the Azure resource group where all resources will be organized.
- Creates an AKS cluster with a default node pool profile and enables RBAC (Role-Based Access Control). You'll need to replace `PUBLIC_KEY_HERE` with your own SSH public key to enable secure access to the cluster nodes.
- Pulls the kubeconfig from the created AKS cluster, which allows Pulumi to communicate with the cluster.
- Sets up a Pulumi Kubernetes provider with this kubeconfig.
- Deploys the `oam-kubernetes-runtime` Helm chart into a namespace called `oam-system` on your cluster using the specified chart and repository URL. Note that you generally want to pin the chart version to ensure idempotency of your deployments.

Please ensure to replace the `PUBLIC_KEY_HERE` placeholder with your actual SSH public key data.

Remember, you'll need to have the Pulumi CLI installed and configured for Azure along with `kubectl` to interact with the cluster. After the deployment, you can use the exported kubeconfig to connect to the AKS cluster using kubectl:

```bash
pulumi stack output kubeconfigOut --show-secrets > kubeconfig.yaml
export KUBECONFIG=./kubeconfig.yaml
kubectl get nodes
```

This will show you the nodes that are part of your AKS cluster. You can explore more `kubectl` commands to manage and observe your cluster and applications.