Deploy the elasticsearch-operator helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

Deploying a Helm chart onto an Azure Kubernetes Service (AKS) cluster involves several steps. I will guide you through the process using Pulumi in TypeScript, which includes the following:

Creating an AKS cluster: You need an AKS cluster to deploy the Elasticsearch operator Helm chart. We'll create one using azure-native.
Installing the Helm chart: After the AKS cluster is ready, we will deploy the Elasticsearch operator using the kubernetes provider for Pulumi, which allows us to manage Kubernetes resources, including Helm charts.

For this demonstration, I'm going to assume you're already familiar with Azure, Kubernetes, Helm, and you've got Pulumi CLI installed and configured with appropriate Azure credentials. If not, please ensure you have the Pulumi CLI installed and configured correctly to interact with your Azure account.

Let's start by installing the necessary Pulumi packages for Azure and Kubernetes:

$ pulumi plugin install resource azure-native <version>
$ pulumi plugin install resource kubernetes <version>

Replace <version> with the appropriate plugin versions you intend to use.

Here is the Pulumi program that accomplishes the deployment:

import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

const config = new pulumi.Config();
const prefix = config.get("prefix") || "elasticsearch";

// Step 1: Create an AKS cluster.
// Creating a new resource group.
const resourceGroup = new azure_native.resources.ResourceGroup(`${prefix}-rg`, {
    resourceGroupName: `${prefix}-rg`,
    location: 'West US',
});

// Creating an AD application for AKS.
const adApp = new azuread.Application(`${prefix}-app`);

// Creating a service principal for the AD application.
const adSp = new azuread.ServicePrincipal(`${prefix}-sp`, {
    applicationId: adApp.applicationId,
});

// Creating a service principal password.
const adSpPassword = new azuread.ServicePrincipalPassword(`${prefix}-sp-password`, {
    servicePrincipalId: adSp.id,
    value: config.requireSecret("password"),
    endDate: "2099-01-01T00:00:00Z",
});

// Creating the AKS cluster itself.
const k8sCluster = new azure_native.containerservice.ManagedCluster(`${prefix}-cluster`, {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 1,
        vmSize: "Standard_DS2_v2",
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osType: "Linux",
    }],
    dnsPrefix: `${prefix}-kube`,
    enableRBAC: true,
    kubernetesVersion: "1.19.11",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: config.require("sshPublicKey"),
            }],
        },
    },
    servicePrincipalProfile: {
        clientId: adApp.applicationId,
        secret: adSpPassword.value,
    },
}, {
    dependsOn: [adSp, adSpPassword],
});

const creds = pulumi.all([resourceGroup.name, k8sCluster.name]).apply(([rgName, clusterName]) => 
    azure_native.containerservice.listManagedClusterUserCredentials({
        resourceGroupName: rgName,
        resourceName: clusterName,
    }));

const kubeconfig = creds.kubeconfigs[0].value.apply(enc => Buffer.from(enc, 'base64').toString());

// Step 2: Deploy elasticsearch-operator Helm chart on the AKS cluster.
const elasticsearchOperatorChart = new k8s.helm.v3.Chart("elasticsearch-operator", {
    chart: "elasticsearch-operator",
    version: "1.0.0", // specify the version of the chart
    namespace: "default", // specify the namespace where the chart will be installed
    fetchOpts: {
        repo: "https://helm.elastic.co", // specify the Helm chart repository
    },
}, { provider: new k8s.Provider("k8s-provider", { kubeconfig }) });

// Export the kubeconfig to connect to the AKS cluster.
export const kubeConfig = pulumi.secret(kubeconfig);

In this program:

We begin by setting up new instances of ResourceGroup, Application, ServicePrincipal, and ServicePrincipalPassword to configure Azure AD for our AKS cluster.
Afterwards, we declare an AKS cluster using the ManagedCluster class provided by the azure-native.containerservice module. Note the dependency on the service principal password to ensure that resource is created before the cluster.
With the AKS cluster in place, we use the helm.v3.Chart class to deploy the Elasticsearch operator. We specify the chart name, version, the namespace for deployment, and the repository where the chart can be found.
Lastly, we create a Kubernetes provider that utilizes the AKS cluster's kubeconfig for authenticating to the cluster. This kubeconfig is exported so that you can use it with kubectl to interact with your AKS cluster.

Remember to populate the password and sshPublicKey fields with your actual Azure service principal password and SSH public key, respectively. You may use Pulumi config secrets to securely store the password:

$ pulumi config set --secret password <YOUR_PASSWORD>
$ pulumi config set sshPublicKey <YOUR_SSH_PUBLIC_KEY>

After running pulumi up with the above program, Pulumi will handle creating the resources in Azure and deploying the Elasticsearch operator Helm chart to your AKS cluster.

If you need assistance with generating an Azure service principal or SSH keys, or have other questions related to Azure resource creation, feel free to ask.