Deploy the argo-controller helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Argo CD controller Helm chart on an Azure Kubernetes Service (AKS) cluster using Pulumi, we will perform the following steps:

Provision an AKS cluster: Set up an AKS cluster that will be used to host our Argo CD deployment.
Install the Helm chart for Argo CD: Once the AKS cluster is ready, we'll deploy the Argo CD controller Helm chart to the cluster.

Below, we will use TypeScript with the Pulumi Kubernetes provider to script out these steps. The Pulumi program consists of three main parts:

Importing necessary packages and initializing resources.
Creating an AKS cluster.
Deploying the Argo CD Helm chart on the AKS cluster.

Before running this Pulumi code, ensure you have the proper Azure credentials set up on the machine you're running Pulumi from. This typically involves logging in via the Azure CLI (az login) and setting the default subscription (az account set --subscription <SUBSCRIPTION_ID>).

I'll first share the Pulumi code that performs the above steps, and afterwards, I'll go into more detail about each part of the program.

import * as azure from "@pulumi/azure";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import * as azureNative from "@pulumi/azure-native";

// Step 1: Provision an AKS cluster.
// Create an Azure Resource Group.
const resourceGroup = new azure.core.ResourceGroup("myResourceGroup");

// Create an Azure AD service principal for the AKS cluster to use.
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", {applicationId: adApp.applicationId});
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: adSp.id,
    value: "password", // Replace with a secure password.
    endDate: "2099-01-01T00:00:00Z", // Specify the appropriate end date.
});

// Create the AKS cluster.
const cluster = new azure.containerservice.KubernetesCluster("myAksCluster", {
    resourceGroupName: resourceGroup.name,
    defaultNodePool: {
        name: "aksagentpool",
        nodeCount: 2,
        vmSize: "Standard_D2_v2",
    },
    dnsPrefix: pulumi.interpolate`${resourceGroup.name}-kube`,
    linuxProfile: {
        adminUsername: "adminuser",
        sshKey: {
            keyData: "<SSH_PUBLIC_KEY>", // Replace with your SSH public key.
        },
    },
    servicePrincipal: {
        clientId: adApp.applicationId,
        clientSecret: adSpPassword.value,
    },
    kubernetesVersion: "1.18.14",
});

// Export the kubeconfig.
export const kubeconfig = cluster.kubeConfigRaw;

// Step 2: Install the Argo CD Helm chart.
// Create a Kubernetes provider instance that uses the AKS cluster's kubeconfig.
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: cluster.kubeConfigRaw,
});

// Deploy the Argo CD Helm chart using the Helm Chart resource.
const argoChart = new k8s.helm.v3.Chart("argo-cd", {
    chart: "argo-cd",
    version: "3.2.3",
    namespace: "argocd",
    fetchOpts: {
        repo: "https://argoproj.github.io/argo-helm",
    },
}, {provider: k8sProvider});

// Export the Argo CD server address.
const argoServer = argoChart.getResourceProperty("v1/Service", "argocd/argo-cd-argocd-server", "status");
export const argoServerAddress = pulumi.interpolate`http://${argoServer.loadBalancer.ingress[0].ip}`;

Now, let's break down what each section of the code does:

Provision an AKS Cluster

We import the necessary Pulumi packages for Azure and generate an Azure Resource Group which acts as a container for our AKS cluster. We then set up an Azure Active Directory (AD) service principal, which acts as the identity for the AKS cluster, allowing it to interact with Azure resources.

Next, we create the AKS cluster itself, configuring the default node pool, SSH access, the service principal, and the Kubernetes version. We export the raw Kubernetes configuration (kubeConfigRaw) so it can be used by the Pulumi Kubernetes provider to interact with the cluster.

Install the Argo CD Helm Chart

We set up a Pulumi Kubernetes provider configured with the kubeConfigRaw from the AKS cluster we previously created.

Using this provider, we then deploy the Argo CD Helm chart to the "argocd" namespace in the AKS cluster. We specify the Helm chart name, version, and the Helm repository where the chart can be fetched from. Note that you might need to replace the chart version with the most current one compatible with your cluster.

Finally, we export the address of the Argo CD server service that gets created as part of the Helm chart deployment. This allows us to access the Argo CD UI from our browser.

Important Notes Before Running the Code:

Replace the placeholder for <SSH_PUBLIC_KEY> with the actual content of your SSH public key.
Similarly, replace password with a secure password of your choosing for the Azure AD service principal password.

After you apply this Pulumi program, it will provision an AKS cluster and deploy Argo CD onto it, making it ready for you to start deploying applications into your new Kubernetes cluster. To apply the program, save it to a file (e.g., index.ts), then run pulumi up in the terminal in the same directory as the file.