Deploy the grafaml helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Grafana Helm chart on an Azure Kubernetes Service (AKS) cluster, you will need to create several resources:

1. **AKS Cluster**: The managed Kubernetes service provided by Azure where your Grafana Helm chart will be deployed.
2. **Helm Chart**: Helm is a package manager for Kubernetes that allows you to define, install, and upgrade even the most complex Kubernetes applications. Helm Charts help you define, install, and upgrade Kubernetes applications.

Here is how you would deploy Grafana on AKS with Pulumi:

- You will create an AKS cluster using Pulumi's `azure-native` package.
- You will then use Pulumi's `kubernetes` package to install the Grafana Helm chart on the AKS cluster.

Below is a step-by-step TypeScript program that uses Pulumi to perform this deployment:

1. First, import the required Pulumi libraries. You need the `azure-native` library to interact with Azure resources, `kubernetes` to work with Kubernetes resources, and additionally, `kubernetes.helm.v3` to work with Helm charts in Kubernetes.

2. Then, set up the AKS cluster.
3. Finally, deploy the Grafana Helm chart to the AKS cluster using the Helm Chart resource from Pulumi's Kubernetes SDK.

Ensure you have the following prerequisites before running the code:
- An Azure account with permissions to create resources.
- Pulumi CLI installed and configured with Azure credentials.
- `kubectl` installed to interact with the cluster.
- Node.js and NPM installed since we are using TypeScript.

Now, let's look at the Pulumi TypeScript program. The comments inside the code will guide you through what each section does.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Create an Azure Resource Group
const resourceGroup = new azure_native.resources.ResourceGroup("myResourceGroup");

// Create an Azure AD Service Principal for the AKS cluster
const adApp = new azure_native.graphrbac.Application("myAdApp", {
    availableToOtherTenants: false,
    displayName: "myAdApp",
});

const adSp = new azure_native.graphrbac.ServicePrincipal("myAdSp", {
    appId: adApp.applicationId,
});

const adSpPassword = new azure_native.graphrbac.ServicePrincipalPassword("myAdSpPassword", {
    servicePrincipalId: adSp.id,
    value: "your-strong-password", // Please replace with a secure password
    endDate: "2099-01-01T00:00:00Z", // Far future expiration
});

// Create the AKS cluster
const cluster = new azure_native.containerservice.ManagedCluster("myAksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "myakscluster",
    enableRBAC: true,
    kubernetesVersion: "1.18.14",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa YOUR_SSH_PUBLIC_KEY", // Replace with your SSH public key
            }],
        },
    },
    servicePrincipalProfile: {
        clientId: adSp.appId,
        secret: adSpPassword.value,
    },
});

// Expose the Kubernetes cluster name and kubeconfig
export const clusterName = cluster.name;

const creds = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) => {
    return azure_native.containerservice.listManagedClusterUserCredentials({
        resourceGroupName: rgName,
        resourceName: clusterName,
    });
});

const encodedKubeconfig = creds.kubeconfigs[0].value;
export const kubeconfig = encodedKubeconfig.apply(enc => Buffer.from(enc, "base64").toString());

// Create a Kubernetes provider instance that uses our kubeconfig
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Deploy the Grafana Helm chart using the Helm Chart resource with the Pulumi Kubernetes SDK
const grafana = new k8s.helm.v3.Chart("grafana", {
    chart: "grafana",
    version: "6.1.17", // Use the version of the chart you desire
    namespace: "default", // The Kubernetes namespace to deploy into
    fetchOpts:{
        repo: "https://grafana.github.io/helm-charts",
    },
}, { provider: k8sProvider });

// Export the Grafana service endpoint
export const grafanaServiceEndpoint = grafana.getResourceProperty("v1/Service", "grafana", "status").apply(status => status.loadBalancer.ingress[0].ip);
```

Make sure to replace the placeholder `your-strong-password` with a password of your choice and `YOUR_SSH_PUBLIC_KEY` with your SSH public key.

This program will:
- Create an Azure Resource Group to contain all resources.
- Set up an Azure AD application and service principal for AKS authentication.
- Provision an AKS cluster with the defined properties such as node size and count.
- Export the `kubeconfig` which is required to interact with the AKS cluster using `kubectl`.
- Create a Kubernetes provider to interact with the AKS cluster using Pulumi.
- Deploy the Grafana Helm chart to the AKS cluster.
- Export the endpoint of the Grafana service for accessing the Grafana dashboard.

To run this code:
- Save the above in a file named `index.ts`.
- Run `pulumi up` in the same directory as your code, which will execute the Pulumi program and provision all defined resources.