Deploy the node helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

When you're looking to deploy an application on Azure Kubernetes Service (AKS) using a Helm chart, you'll first need to set up a few things:

1. Provision an AKS cluster, which is your container orchestration service.
2. Install Helm on your local machine or within a continuous integration (CI) system to manage the deployment of your Kubernetes applications.

Pulumi allows you to define and create your entire cloud infrastructure with code in TypeScript, including provisioning an AKS cluster and deploying your application using a Helm chart.

Below, you'll find a Pulumi TypeScript program that does the following:

- Provisions an AKS cluster on Azure using `azure-native`.
- Deploys an application using a Node.js Helm chart.

Before running the following code ensure:

- You have [installed Pulumi](https://www.pulumi.com/docs/get-started/install/).
- You have [installed Node.js](https://nodejs.org/en/download/).
- You have [configured your Azure credentials for Pulumi](https://www.pulumi.com/docs/intro/cloud-providers/azure/setup/).

Now let's dive into the code. I'll guide you through each step with comments explaining what's happening.

```typescript
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
import * as kubernetes from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";
import * as random from "@pulumi/random";
import * as tls from "@pulumi/tls";

const config = new pulumi.Config();
const k8sVersion = config.get("k8sVersion") || "1.18.14";

// Create a new resource group for the AKS cluster
const resourceGroup = new azure.core.ResourceGroup("aksResourceGroup");

// Create an Azure AD application for the AKS cluster
const aksApp = new azuread.Application("aks");

// Create a service principal for the Azure AD application
const aksSp = new azuread.ServicePrincipal("aksSp", { applicationId: aksApp.applicationId });

// Generate a random password for the service principal
const password = new random.RandomPassword("password", {
    length: 20,
    special: true,
});

// Create the service principal password
const aksSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: aksSp.id,
    value: password.result,
    endDate: "2099-01-01T00:00:00Z",
});

// Create a new AKS cluster
const cluster = new azure.containerservice.KubernetesCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    // These are default settings and could be customized as needed
    defaultNodePool: {
        name: "aksagentpool",
        nodeCount: 2,
        vmSize: "Standard_DS2_v2",
    },
    dnsPrefix: `${pulumi.getStack()}-kube`,
    servicePrincipal: {
        clientId: aksApp.applicationId,
        clientSecret: aksSpPassword.value,
    },
    kubernetesVersion: k8sVersion,
});

// Export the kubeconfig
export const kubeconfig = cluster.kubeConfigRaw;

// Set up a provider to deploy Helm charts to the AKS cluster
const k8sProvider = new kubernetes.Provider("aksK8s", {
    kubeconfig: cluster.kubeConfigRaw,
});

// Deploy a Helm chart for a Node.js application
const nodeApp = new kubernetes.helm.v3.Chart("nodeApp", {
    repo: "bitnami",
    chart: "node",
    version: "6.x.x", // Specify the version of the chart you want to deploy
    // Values from the Helm chart's `values.yaml` can be set here
    values: {
        service: {
            type: "LoadBalancer",
        },
    },
}, { provider: k8sProvider });

// Export the Service URL
export const serviceUrl = nodeApp.getResourceProperty("v1/Service", "nodeapp-node", "status")
    .apply(status => status.loadBalancer.ingress[0].ip);
```

In this script, we:

- Import the required Pulumi packages to interact with Azure and Kubernetes resources.
- Set up a new resource group in Azure to hold all our resources.
- Create an Azure AD application and a service principal, which AKS uses to interact with other Azure services securely.
- Generate a strong random password for the service principal.
- Define the AKS cluster to be created with a default node pool.
- Export the generated Kubernetes configuration (`kubeconfig`) needed to connect to the AKS cluster.
- Create a K8s Provider instance configured to use our newly generated `kubeconfig`.
- Deploy the Node.js Helm chart using the Helm Provider, which will pull the chart from the Bitnami Helm repository and create the required Kubernetes resources.

To deploy this code:
- Save this code in a file with the extension `.ts`, for example `index.ts`.
- Run `pulumi up` command in the terminal in the same directory as your `index.ts` file. Pulumi CLI will handle the deployment of these resources.
- After the deployment finishes, the output will display the cluster's `kubeconfig` and the IP address of the Node.js service.

Keep in mind that Pulumi programs create real resources in your Azure subscription. If you experiment with different cloud configurations, remember to clean up resources that you no longer need by running `pulumi destroy`.

Happy Coding with Pulumi!