Deploy the sample-hpa-app helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the `sample-hpa-app` Helm chart on Azure Kubernetes Service (AKS), we need to perform the following steps:

1. Create an AKS cluster if we don't already have one.
2. Establish a Helm chart resource within the AKS cluster, which will manage the deployment of the `sample-hpa-app`.

We will use Pulumi's `azure-native` and `kubernetes` providers for this task. The `azure-native` provider interacts with Azure's resources natively, while the `kubernetes` provider allows managing Kubernetes resources, including Helm charts.

First, we will represent the AKS cluster using `azure-native.containerservice.ManagedCluster` and then create a Helm chart resource using `kubernetes.helm.v3.Chart`. The chart will be deployed within the AKS cluster.

Here is a detailed TypeScript program that demonstrates how to accomplish this:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azureNative from "@pulumi/azure-native";
import * as kubernetes from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";

// Step 1: Create a new Azure Resource Group
const resourceGroup = new azureNative.resources.ResourceGroup("resourceGroup");

// Step 2: Create an AD service principal for the AKS cluster
const adApp = new azuread.Application("adApp");
const adSp = new azuread.ServicePrincipal("adSp", { applicationId: adApp.applicationId });
const adSpPassword = new azuread.ServicePrincipalPassword("adSpPassword", { servicePrincipalId: adSp.id });

// Step 3: Grant the required permissions to the service principal (e.g. monitoring, etc.)
// This code assumes you have enough permissions; remove if not necessary.

// Step 4: Create the AKS cluster using azure-native provider
const managedCluster = new azureNative.containerservice.ManagedCluster("managedCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: `${pulumi.getStack()}-kube`,
    enableRBAC: true, // Enable Kubernetes RBAC
    kubernetesVersion: "1.21.2",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{ keyData: "ssh-rsa YOUR_SSH_PUBLIC_KEY" }],
        },
    },
    servicePrincipalProfile: {
        clientId: adApp.applicationId,
        secret: adSpPassword.value,
    },
});

// Step 5: Define the K8s provider using the AKS cluster's kubeconfig
const k8sProvider = new kubernetes.Provider("k8sProvider", {
    kubeconfig: managedCluster.kubeConfigRaw,
});

// Step 6: Deploy the Helm chart onto the AKS cluster
const sampleHpaApp = new kubernetes.helm.v3.Chart("sample-hpa-app-chart", {
    chart: "sample-hpa-app",
    version: "0.1.0", // Replace with the desired chart version
    fetchOpts: {
        repo: "https://raw.githubusercontent.com/helm/charts/master/stable", // Replace with the chart's repository URL
    },
}, { provider: k8sProvider });

// Export the Kubeconfig so you can access the cluster with kubectl
export const kubeConfig = managedCluster.kubeConfigRaw;
```

Here is a breakdown of what each section in this program is doing:

- **Step 1**: We create a new Azure Resource Group, which is a logical collection holding related resources for an Azure solution.

- **Step 2-3**: We set up an Azure AD application and an associated service principal which AKS uses to interact with other Azure services securely.

- **Step 4**: We create an AKS cluster with system-assigned identities and define parameters like the agent pool profile, the size of the virtual machines to be used by the agents, and the version of Kubernetes.

- **Step 5**: After the AKS cluster is provisioned, we define a Kubernetes provider that will use the AKS cluster's kubeconfig. This kubeconfig allows Pulumi to connect to the AKS cluster and manage Kubernetes resources.

- **Step 6**: Finally, we deploy the `sample-hpa-app` Helm chart to our AKS cluster. Make sure you have the correct chart name, version, and repository URL. These can be replaced with the details of your `sample-hpa-app` chart.

- At the end of the program, we export the kubeconfig, which allows us to manage the cluster using kubectl from our local machine.

Please replace `"YOUR_SSH_PUBLIC_KEY"` with your actual SSH public key and ensure you have the correct repository URL for the Helm chart. Also, the `azuread` resources are for setting up the required Azure Active Directory entities to ensure the AKS cluster can interact with other Azure services.

Make sure you have the Pulumi CLI installed and configured to use your Azure account. You would typically run `pulumi up` to create or update the resources defined in the code.

Remember that managing cloud resources and permissions may incur costs and require specific permissions. Always review the configuration and ensure you understand the resources that will be created and managed in your cloud account.