Deploy the grafana-chart helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the `grafana-chart` Helm chart on Azure Kubernetes Service (AKS), we will follow a set of orchestrated tasks:

1. **Provision an AKS cluster**: We will create an AKS cluster using the `azure-native.hybridcontainerservice.ProvisionedCluster` resource. For simplicity, we will use a predefined node size, single node count, and the latest Kubernetes version available for the region. We will also ensure network and resource group prerequisites are met.

2. **Deploy the grafana-chart**: Once the AKS cluster is running, we will use Pulumi's Kubernetes provider to install the Grafana Helm chart. For this, we will employ the `kubernetes.helm.v3.Chart` resource, which allows us to deploy Helm charts onto a Kubernetes cluster.

3. **Configure AKS cluster access for Pulumi**: We will configure the Pulumi program to communicate with the AKS cluster using the Kubernetes provider, which requires access to the cluster's kubeconfig.

4. **Install and manage Helm chart**: We will deploy the Grafana Helm chart onto the cluster. Helm charts are packages of pre-configured Kubernetes resources.

Below is a Pulumi TypeScript program that carries out the above steps:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as kubernetes from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";

// Step 1: Provision an AKS cluster
const resourceGroup = new azure_native.resources.ResourceGroup("myResourceGroup");

const k8sCluster = new azure_native.containerservice.ManagedCluster("myAKSCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 1,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "myakscluster",
    enableRBAC: true,
    kubernetesVersion: "1.19.11",
    linuxProfile: {
        adminUsername: "testuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa AAAAB3N...",
            }],
        },
    },
    nodeResourceGroup: `MC_azure-native-go_${pulumi.getStack()}`,
    resourceGroupName: resourceGroup.name,
});

// Step 3: Configure AKS cluster access for Pulumi
const creds = pulumi.all([resourceGroup.name, k8sCluster.name]).apply(([rgName, clusterName]) => {
    return azure_native.containerservice.listManagedClusterUserCredentials({
        resourceGroupName: rgName,
        resourceName: clusterName,
    });
});

// Use `creds` to obtain the generated kubeconfig for the AKS cluster which allows the Kubernetes provider to connect to the cluster.
const kubeconfig = creds.kubeconfigs[0].value.apply(enc => Buffer.from(enc, "base64").toString());

// Step 4: Deploy the grafana-chart Helm chart on AKS
const k8sProvider = new kubernetes.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

const grafana = new kubernetes.helm.v3.Chart("grafana", {
    chart: "grafana",
    fetchOpts: {
        repo: "https://grafana.github.io/helm-charts",
    },
}, { provider: k8sProvider });

export const kubeconfigOutput = pulumi.secret(kubeconfig);
```

### Explanation:

- We declare a new resource group using the `azure_native.resources.ResourceGroup` resource. This resource group is where all resources pertaining to the AKS cluster will reside.

- We create an AKS cluster with `azure_native.containerservice.ManagedCluster`, providing a minimal required configuration – a single node pool with a single node of the size "Standard_DS2_v2" and enabling RBAC for security.

- We obtain the credentials for the created AKS cluster using `azure_native.containerservice.listManagedClusterUserCredentials`, which includes the kubeconfig needed to communicate with our AKS cluster.

- We set up the Kubernetes provider with the obtained kubeconfig to allow Pulumi to manage Kubernetes resources within the AKS cluster.

- We declare a Helm chart resource, `kubernetes.helm.v3.Chart`, to deploy Grafana from the official Helm chart repository.

- Finally, we export the kubeconfig, marking it as a secret because it contains sensitive information that can be used to access the AKS cluster.

The program will, upon execution with Pulumi CLI, prompt for the Azure credentials necessary and then proceed to provision and configure the resources in Azure. It renders the management of infrastructure in a declarative and easily trackable manner using code which greatly simplifies the process as opposed to manual setup.