Deploy the tekton-pipelines helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the `tekton-pipelines` Helm chart on Azure Kubernetes Service (AKS), you will need to perform the following steps:

1. Set up an AKS cluster using Pulumi's Azure Native provider.
2. Install the Helm chart onto the AKS cluster using Pulumi's Kubernetes provider.

In this program, we will construct an AKS cluster and then use a Helm chart to deploy Tekton Pipelines onto that cluster. We will use the `azure-native` provider to create the AKS cluster and the `kubernetes` provider to deploy the Helm chart.

Each step needs to initialize the respective provider. The Azure Native provider is used for creating cloud resources within Azure, and the `kubernetes` provider interfaces with Kubernetes resources, which in this case is used to handle the Helm chart deployment.

Here is your TypeScript program to deploy the Tekton Pipelines Helm chart on AKS:

```typescript
import * as azure from "@pulumi/azure-native";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Create an AKS cluster
const resourceGroup = new azure.resources.ResourceGroup("resourceGroup", {
    // Resource groups are a logical collection of Azure resources, provide a location for your cluster.
    location: "WestUS", // Choose the appropriate region for your resources.
});

const cluster = new azure.containerservice.ManagedCluster("aksCluster", {
    // The ManagedCluster resource represents an AKS cluster.
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 3, // Set the number of nodes you want in your cluster.
        maxPods: 110, // Define the maximum number of pods that can run on a single node.
        mode: "System",
        name: "agentpool",
        osType: "Linux",
        vmSize: "Standard_DS2_v2", // Choose your desired VM size for the nodes.
    }],
    dnsPrefix: "aksk8s", // A DNS prefix that is used with the FQDN of the cluster.
    identity: {
        type: "SystemAssigned",
    },
});

// Export the Kubeconfig for the AKS cluster
const creds = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) => 
    azure.containerservice.listManagedClusterUserCredentials({
        resourceGroupName: rgName,
        resourceName: clusterName,
    }),
);

const kubeconfig = creds.kubeconfigs[0].value.apply((enc) => Buffer.from(enc, "base64").toString());

// Step 2: Deploy the tekton-pipelines helm chart on AKS
const tekton = new k8s.helm.v3.Chart("tekton-pipelines", {
    // The Chart resource is what Pulumi uses to deploy Helm charts.
    chart: "tekton-pipelines",
    version: "0.19.0", // Specify the version of the Helm chart.
    fetchOpts: {
        repo: "https://tekton.dev/charts", // The repository where the Helm chart is hosted.
    },
    values: {
        // Values to provide to the Helm chart, this is equivalent to using the values.yaml file.
    },
}, { provider: new k8s.Provider("k8s-provider", { kubeconfig }) });

// Export the kubeconfig to access the cluster using kubectl
export const kubeConfigOutput = kubeconfig;

```

**Explanation:**

In the first step, we create an Azure Resource Group to group our resources logically and specify a location within Azure. Then we create an AKS cluster within this resource group, specifying parameters like the number of nodes, maximum pods per node, VM size, and DNS prefix.

The `dnsPrefix` is unique across Azure and is combined with the region to form the fully qualified domain name (FQDN) for the AKS cluster.

For the identity type `SystemAssigned`, Azure automatically creates a service principal for the cluster which allows AKS to interact with other Azure services on your behalf.

After the AKS cluster is created, we fetch its credentials to construct a kubeconfig file. This file is needed to communicate with the Kubernetes cluster and is used by the Kubernetes provider to deploy resources to the cluster.

In the second step, we deploy the `tekton-pipelines` Helm chart using Pulumi's `Chart` resource from its Kubernetes package. We specify the chart name, version, and Helm repository URL. The `values` field can be used to override default values from the chart’s `values.yaml` file, similar to how you might use `helm install` with a custom `values.yaml`.

We create a new instance of the Pulumi Kubernetes Provider passing it the kubeconfig. This provider instance is then associated with the `tekton-pipelines` chart to ensure that the deployment is sent to the AKS cluster we just created.

The program concludes with exporting the kubeconfig as an output. This allows you to interact with your cluster via `kubectl` by setting this output as your local kubeconfig.

Remember, to run this program, you will first need to set up Pulumi with Azure credentials and then apply the program using the Pulumi CLI. The program is designed to run without any modifications, assuming all necessary Pulumi and Azure configurations are in place.