Deploy the edge-sftp helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the edge-sftp Helm chart on Azure Kubernetes Service (AKS), you can use Pulumi's infrastructure as code (IaC) approach. Below, I will guide you through the steps and the required code to accomplish this. We will perform the following tasks:

1. Provision an AKS cluster.
2. Deploy the edge-sftp Helm chart using Pulumi's Kubernetes provider.

We will use two Pulumi resources to create the AKS cluster and deploy the Helm chart to it:

- `azure.containerservice.KubernetesCluster` to create the AKS cluster.
  - Documentation: [KubernetesCluster](https://www.pulumi.com/registry/packages/azure/api-docs/containerservice/kubernetescluster/)
- `kubernetes.helm.v3.Chart` to deploy the Helm chart on the Kubernetes cluster.
  - Documentation: [Chart](https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/)

First, we'll create a new AKS cluster. To do this, we define a resource using `azure.containerservice.KubernetesCluster`. When creating this resource, we specify properties like the location of the cluster, the size of the nodes, and the number of nodes.

After the cluster is up, we will need to configure Pulumi to use the generated Kubernetes configuration. Pulumi allows you to obtain this by invoking an AKS method that retrieves the kubeconfig file for our new cluster.

Then we'll deploy the Helm chart. Helm charts are packages of pre-configured Kubernetes resources. By using `kubernetes.helm.v3.Chart` in Pulumi, you can deploy the Helm chart just as you would with the Helm CLI. You will need to specify the chart name, any values to override in the Helm chart, and the namespace to deploy it in.

Let's see this in action with some TypeScript code.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as k8s from "@pulumi/kubernetes";

// Create an AKS cluster.
const cluster = new azure.containerservice.KubernetesCluster("aksCluster", {
    resourceGroupName: "resource_group_name",
    location: "West Europe",
    agentPoolProfiles: [{
        name: "aksagentpool",
        count: 1,
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "sftp-dns-prefix",
    linuxProfile: {
        adminUsername: "adminuser",
        sshKey: {
            keyData: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3b...user@example.com",
        },
    },
    servicePrincipal: {
        clientId: "client-id",
        clientSecret: "client-secret",
    },
    kubernetesVersion: "1.18.14",
});

// Export the kubeconfig.
export const kubeconfig = cluster.kubeConfigRaw;

// Create a Kubernetes provider instance that uses our AKS cluster from above.
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: cluster.kubeConfigRaw,
});

// Deploy the edge-sftp Helm chart into the AKS cluster.
const sftpChart = new k8s.helm.v3.Chart("edge-sftp", {
    chart: "edge-sftp",
    version: "1.0.0",  // specify the chart version you want to deploy
    fetchOpts: {
        repo: "http://charts.example.com/",  // replace with the actual Helm chart repository URL
    },
}, { provider: k8sProvider });

// Export the public IP to access the SFTP server.
export const frontlineServiceIP = sftpChart.getResourceProperty("v1/Service", "edge-sftp-edge-sftp", "status").apply(status => status.loadBalancer.ingress[0].ip);
```

In the above TypeScript code:

- We create an AKS cluster with a single node in the "West Europe" location.
- Provide your SSH public key which will be used for authentication to the nodes.
- Insert your Azure `clientId` and `clientSecret`. These are needed for Pulumi to authenticate with Azure and provision the cluster on your behalf.
- Next, we grab the raw Kubernetes configuration from the Azure cluster object which is needed to interact with the cluster.
- We then instantiate the Kubernetes provider with the kubeconfig from the AKS cluster.
- After setting up the provider, we deploy the edge-sftp Helm chart using the `k8s.helm.v3.Chart` resource which Pulumi manages similarly to other resources.
- Lastly, we export the public IP address of the service that the Helm chart has created so that we can access the SFTP server from the internet.

Remember to replace `"resource_group_name"` with the name of an Azure Resource Group you want to use, and `http://charts.example.com/` with the URL of the Helm chart repository where `edge-sftp` is located. Make sure to also use the correct Helm chart version.

This Pulumi program provides you with a simple way to deploy and manage the SFTP server in an AKS environment. The advantage of using Pulumi is that you can control cloud resources just like any other code objects which means easier management, versioning, and replication across different environments.