Deploy the nginxdemo helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

I will guide you through the process of deploying an NGINX demo application using a Helm chart on Azure Kubernetes Service (AKS) with Pulumi in TypeScript.

### Explanation

Firstly, we will need to set up an AKS cluster to host our application. An AKS cluster can be created using the `azure-native.containerservice.ManagedCluster` resource, which allows you to provision and manage the Kubernetes environment on the Azure cloud.

After setting up the AKS cluster, we will need to install the NGINX demo Helm chart onto our cluster. The Helm chart is a collection of pre-configured Kubernetes resources that represent the NGINX application. To achieve this, Pulumi provides the `kubernetes.helm.v3.Chart` resource. This resource allows us to deploy Helm charts to a Kubernetes cluster.

Here's a step-by-step breakdown of the Pulumi program:

1. **Create an AKS Cluster**: We'll define a managed Kubernetes cluster utilizing Azure's native capabilities.
2. **Install the nginx-demo Helm Chart**: After the cluster is provisioned, we'll deploy the NGINX demo application using a Helm chart.

### Prerequisites

Before running the Pulumi program, ensure that you have the following prerequisites in place:
- Azure account with active subscription.
- Pulumi account and the Pulumi CLI installed.
- `kubectl` installed to interact with the Kubernetes cluster.
- Azure CLI installed to authenticate with your Azure subscription.

### Pulumi Program

Now, let's see the Pulumi program that deploys the NGINX demo Helm chart on AKS:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
import * as k8s from "@pulumi/kubernetes";
import * as azureNative from "@pulumi/azure-native";

// Define the name of the Kubernetes Service Principal and the usage of its credentials.
const k8sServicePrincipal = new azuread.ServicePrincipal("aksServicePrincipal", {});
const k8sServicePrincipalPassword = new azuread.ServicePrincipalPassword("aksServicePrincipalPassword", {
    servicePrincipalId: k8sServicePrincipal.id,
    endDate: "2099-01-01T00:00:00Z",
});

// Create an Azure Resource Group for the AKS cluster.
const resourceGroup = new azure.core.ResourceGroup("aksResourceGroup", {
    location: azure.Locations.EastUS,
});

// Create an AKS cluster.
const aksCluster = new azure.containerservice.KubernetesCluster("aksCluster", {
    location: resourceGroup.location,
    resourceGroupName: resourceGroup.name,
    defaultNodePool: {
        name: "aksagentpool",
        nodeCount: 3,
        vmSize: "Standard_B2s",
    },
    dnsPrefix: `${pulumi.getStack()}-kube`,
    servicePrincipal: {
        clientId: k8sServicePrincipal.applicationId,
        clientSecret: k8sServicePrincipalPassword.value,
    },
    kubernetesVersion: "1.18.14",
});

// Export the Cluster's kubeconfig.
export const kubeconfig = aksCluster.kubeConfigRaw;

// Now we deploy the NGINX Helm chart to the AKS cluster.
// We need the kubeconfig to connect and authenticate to the cluster.
const nginxHelmChart = new k8s.helm.v3.Chart("nginx-demo", {
    chart: "nginx-demo",
    version: "1.16.1",
    fetchOpts: {
        repo: "https://helm.nginx.com/stable",
    },
}, { provider: new k8s.Provider("k8sProvider", { kubeconfig: aksCluster.kubeConfigRaw }) });

```

In this program:
- We begin by defining an Azure Active Directory service principal which AKS will use to interact with other Azure services.
- We then create a new resource group that will contain our AKS cluster.
- Next, we define and create the AKS cluster. The default node pool is configured to have 3 nodes using the `Standard_B2s` VM size.
- We are exporting the AKS cluster kubeconfig, which will be used to authenticate kubectl commands.
- Lastly, we define the NGINX Helm chart resource that installs the NGINX demo application on our AKS cluster. This is assuming that the `nginx-demo` chart is available in the NGINX stable Helm repository.

### Next Steps

After the Pulumi program runs successfully, it will output a `kubeconfig` file which you can use with `kubectl` to interact with your AKS cluster:

```shell
$ pulumi up # Deploys the resources defined in the program.
$ pulumi stack output kubeconfig > kubeconfig.yaml
$ export KUBECONFIG=kubeconfig.yaml
$ kubectl get pods # Lists the Pods in the cluster to verify the deployment of the NGINX demo.
```

This finishes the deployment of the NGINX demo application on Azure Kubernetes Service using Pulumi. You can navigate to the services in Kubernetes to find an external IP of the NGINX service and access the application in your browser.

Remember that Helm charts often have optional configurations that you can customize by passing values to the `values` property of the `k8s.helm.v3.Chart` resource. Additionally, ensure you are running commands in a shell with the appropriate Azure and Pulumi CLI tools and permissions.