Deploy the keycloak-helm-chart helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Keycloak Helm chart on an Azure Kubernetes Service (AKS) cluster, you will first need to create an AKS cluster (if you don't have one already) and then use Helm to deploy the Keycloak application to it.

Below, you will find a detailed Pulumi program written in TypeScript that sets up an AKS cluster and deploys the Keycloak Helm chart to it. Here are the steps you'll take in the program:

1. **Set up an AKS cluster** - You'll create a managed Kubernetes cluster on Azure using the `azure-native` package which provides native Azure resources. The `ProvisionedCluster` resource defines the cluster itself, including its size, location, and other parameters.

2. **Configure KubeConfig** - Once the cluster is provisioned, you will extract the configuration needed to access the cluster programmatically. This is typically in the form of a KubeConfig file.

3. **Deploy Keycloak using Helm** - With the `kubernetes.helm.sh/v3.Chart` resource, you will specify the Keycloak Helm chart for deployment. You'll need to provide the chart name, version, and any custom values you wish to apply.

Please ensure you've got Pulumi installed and configured, along with access to an Azure account.

Here is the full Pulumi program:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azureNative from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

const config = new pulumi.Config();

// Provision an Azure Kubernetes Service (AKS) Cluster
const resourceGroup = new azureNative.resources.ResourceGroup("resourceGroup", {
    resourceGroupName: "myResourceGroup",
    location: "westus", // Choose an Azure location
});

const cluster = new azureNative.containerservice.ManagedCluster("cluster", {
    resourceGroupName: resourceGroup.name,
    location: resourceGroup.location,
    agentPoolProfiles: [{
        count: 1, // Number of agents (VMs) to host k8s nodes
        maxPods: 110, // Max pods per node
        mode: "System",
        name: "agentpool",
        osType: "Linux",
        vmSize: "Standard_DS2_v2", // VM size for the nodes
    }],
    dnsPrefix: "myakscluster",
    enableRBAC: true,
    kubernetesVersion: "1.20.9",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa ...", // Replace with your public SSH key
            }],
        },
    },
});

// Retrieve the KubeConfig from the AKS cluster
const creds = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) => {
    return azureNative.containerservice.listManagedClusterUserCredentials({
        resourceGroupName: rgName,
        resourceName: clusterName,
    });
});

const kubeConfig = creds.apply(creds => Buffer.from(creds.kubeconfigs[0].value, "base64").toString());

// Create a new K8s provider using the kubeconfig
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeConfig,
});

// Deploy the Keycloak Helm chart using the K8s provider
const chart = new k8s.helm.v3.Chart("keycloak", {
    chart: "keycloak",
    version: "9.8.1", // Specify the Helm chart version you want to deploy
    fetchOpts: {
        repo: "https://codecentric.github.io/helm-charts", // The repository containing the Keycloak Helm chart
    },
}, { provider: k8sProvider });

// Export the cluster's kubeconfig
export const kubeConfigOut = kubeConfig
```
This will set up an AKS cluster with a single node and deploy the Keycloak Helm chart to the cluster. You can modify the number of nodes, node size, and Keycloak settings as per your requirements.

Please replace the placeholder `'ssh-rsa ...'` with your actual SSH public key data.

### Running the Program

Save the above program in a file with a `.ts` extension (for example, `deployKeycloak.ts`). You'll need to compile the TypeScript code to JavaScript before running it with Pulumi. Run the following commands:

```bash
# Install dependencies
npm install @pulumi/pulumi @pulumi/azure-native @pulumi/kubernetes

# Compile TypeScript to JavaScript
tsc deployKeycloak.ts

# Run the Pulumi program to provision the resources
pulumi up
```

After running `pulumi up` and confirming the actions, Pulumi will execute the plan and provide you with output similar to what you would get from running `kubectl apply`. When the deployment is complete, you'll get a Keycloak instance running in your AKS cluster.

Do note that deploying cloud resources incur costs, and running Helm charts may also involve fetching images from container registries that could have associated costs or require specific access permissions. Always review the costs involved and secure your deployments according to your organization's policies.