Deploy the prometheus-customizations helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy a Helm chart on an Azure Kubernetes Service (AKS) cluster using Pulumi, you'll need to perform a series of steps:

1. Set up a new AKS cluster or use an existing one.
2. Install and configure Pulumi with the required dependencies for Azure and Kubernetes.
3. Write a TypeScript Pulumi program that uses the Helm Chart resource to deploy Prometheus to your AKS cluster.

Below is a step-by-step TypeScript program that demonstrates how to accomplish this, broken down into different stages for clarity.

Please ensure that you have the following prerequisites taken care of:
- You have Azure CLI or PowerShell installed and configured with credentials to access your Azure subscription.
- You have `kubectl` installed to interact with the Kubernetes cluster.
- You have Pulumi CLI installed and set up. Pulumi supports several programming languages, including TypeScript.
- You have Node.js installed to work with TypeScript.

Firstly, you need to start by importing the necessary Pulumi packages for Azure and Kubernetes in your TypeScript program.

### TypeScript Program to Deploy a Helm Chart on AKS

Below is the Pulumi TypeScript program that creates a new AKS cluster and deploys the Prometheus Helm chart onto it.

```typescript
import * as pulumi from '@pulumi/pulumi';
import * as azure from '@pulumi/azure';
import * as k8s from '@pulumi/kubernetes';
import * as azuread from '@pulumi/azuread';
import * as azureNative from '@pulumi/azure-native';

// Create a new AKS cluster.
const name = 'aks';
const resourceGroup = new azure.core.ResourceGroup(name);

// Create an Azure AD application for AKS
const app = new azuread.Application("aks");

// Create service principal for the application so AKS can act on behalf of the application
const servicePrincipal = new azuread.ServicePrincipal("aksSp", { applicationId: app.applicationId });

// Create the service principal password
const servicePrincipalPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
  servicePrincipalId: servicePrincipal.id,
  value: "YOUR_SERVICE_PRINCIPAL_PASSWORD", // replace with an actual strong password
  endDate: "2099-01-01T00:00:00Z", // long-lived credential
});

// Create the AKS cluster
const cluster = new azure.containerservice.KubernetesCluster(name, {
  resourceGroupName: resourceGroup.name,
  defaultNodePool: {
    name: "aksagentpool",
    nodeCount: 2,
    vmSize: "Standard_D2_v2",
  },
  dnsPrefix: `${pulumi.getStack()}-kube`,
  linuxProfile: {
    adminUsername: "aksuser",
    sshKeys: [{
      keyData: "ssh-rsa YOUR_SSH_PUBLIC_KEY", // replace with your own SSH public key
    }],
  },
  servicePrincipal: {
    clientId: app.applicationId,
    clientSecret: servicePrincipalPassword.value,
  },
  kubernetesVersion: "1.18.14",
});

// Export the kubeconfig
export const kubeconfig = pulumi.
  all([cluster.name, resourceGroup.name, cluster.kubeConfigRaw])
  .apply(([name, rgName, kubeConfig]) => {
    const aksCluster = azure.containerservice.getKubernetesCluster({
      name: name,
      resourceGroupName: rgName,
    });
    return aksCluster.kubeConfigRaw;
  });

// Create a Kubernetes provider instance that uses our cluster from above.
const k8sProvider = new k8s.Provider("k8s", {
  kubeconfig: kubeconfig,
});

// Deploy the Prometheus Helm chart.
const chart = new k8s.helm.v3.Chart(
  "prometheus-customizations",
  {
    chart: "prometheus",
    version: "11.0.3", // specify the version of Chart here
    fetchOpts:{
        repo: "https://prometheus-community.github.io/helm-charts",
    },
    // Values from the default chart version may be overridden here.
    values: {
      server: {
        service: {
          type: "LoadBalancer",
        },
      },
    },
  },
  { provider: k8sProvider },
);

// Export the Prometheus server LoadBalancer IP
export const prometheusServerIp = chart.getResourceProperty(
    "v1/Service", "prometheus-customizations-server", "status"
).apply(status => status.loadBalancer.ingress[0].ip);
```

This program does the following:
- Sets up a new Azure Resource Group to contain our AKS cluster. You can also use an existing Resource Group.
- Creates an Azure AD application and service principal which are required by AKS for interaction with other Azure services.
- Generates an SSH key and a service principal password for securing our AKS cluster.
- Creates an AKS cluster with a default node pool configuration.
- Exports the kubeconfig needed to interact with the AKS cluster using `kubectl`.
- Creates a Kubernetes provider which points to the newly created AKS cluster.
- Defines a new Helm Chart resource representing the Prometheus deployment and uses an online Helm chart repository as the source.
- Exports the IP address of the Prometheus server once it's deployed and accessible.

Please replace the placeholder `YOUR_SERVICE_PRINCIPAL_PASSWORD` and `YOUR_SSH_PUBLIC_KEY` with your actual service principal password and SSH public key respectively.

Each part of the code contains comments explaining what that piece is doing, making it easier to understand. Just ensure you have the correct versions of Pulumi packages, and replace placeholders with your actual data where necessary.

To deploy the above Pulumi program, save the code into a `.ts` file, then run `pulumi up` from the command line in the same directory as your code. This will perform the steps outlined in the code and deploy Prometheus via the Helm chart onto your AKS cluster.

Remember, managing your cloud infrastructure with Pulumi is declarative; the state of the resources is described in the code and Pulumi handles creating, updating, and deleting resources to match that desired state.