Deploy the nginx-logging-cw-demo helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the `nginx-logging-cw-demo` Helm chart on Azure Kubernetes Service (AKS), we will follow these steps:

1. **Create an AKS Cluster**: We will begin by provisioning an AKS cluster using Pulumi's `azure-native` provider.

2. **Deploy the Helm Chart**: Once the cluster is up and running, we will configure `kubectl` to communicate with the AKS cluster and then deploy the `nginx-logging-cw-demo` Helm chart to the cluster.

In this guide, I'll walk you through the process by first explaining the Pulumi program and then presenting you with the code.

### Explanation

The Pulumi program is divided into two parts:

- **Provisioning the AKS Cluster**: This involves using the `azure-native` provider to create resources such as the resource group, AKS cluster, etc.
- **Deploying the Helm Chart**: To deploy the Helm chart, we firstly need to fetch the KubeConfig of our provisioned cluster and configure `kubectl`. Using Pulumi's `kubernetes` provider, we'll then deploy the Helm chart into the cluster.

Below you will find the Pulumi TypeScript code implementing these steps:

```typescript
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
import * as azureNative from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Create a new resource group for the AKS cluster
const resourceGroup = new azureNative.resources.ResourceGroup("resourceGroup");

// Step 2: Create an Azure AD application for the AKS cluster
const app = new azuread.Application("aks");

// Step 3: Create a service principal for the Azure AD application
const servicePrincipal = new azuread.ServicePrincipal("aksSp", {
    applicationId: app.applicationId,
});

// Step 4: Create a random password for the service principal
const password = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: servicePrincipal.id,
    endDate: "2099-01-01T00:00:00Z",
});

// Step 5: Create the AKS cluster
const cluster = new azure.containerservice.KubernetesCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    location: resourceGroup.location,
    agentPoolProfiles: [{
        name: "aksagentpool",
        count: 2,
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: `${resourceGroup.name}`,
    linuxProfile: {
        adminUsername: "adminuser",
        sshKey: {
            keyData: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC..."
        },
    },
    servicePrincipal: {
        clientId: app.applicationId,
        clientSecret: password.value,
    },
    identity: {
        type: "SystemAssigned"
    },
    defaultNodePool: {
        vmSize: "Standard_DS2_v2"
    },
    skuTier: "Free",
    kubernetesVersion: "1.18.14",
});

// Step 6: Export the Kubernetes configuration
export const kubeConfig = cluster.kubeConfigRaw;

// Step 7: Use the resulting kubeconfig to create a Kubernetes provider
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeConfig,
});

// Step 8: Deploy the nginx-logging-cw-demo Helm chart
const nginxLoggingDemoChart = new k8s.helm.v3.Chart("nginx-logging-cw-demo", {
    chart: "nginx-logging-cw-demo",
    fetchOpts:{
        repo: "https://charts.example.com/", // Replace with the URL of the chart repository
    },
}, { provider: k8sProvider });

// Step 9: Export the URL of the deployed nginx service
export const nginxUrl = nginxLoggingDemoChart.getResourceProperty("v1/Service", "nginx-logging-cw-demo-nginx", "status").apply(status => `http://${status.loadBalancer.ingress[0].ip}`);
```

Make sure you replace the `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC...` with your actual public SSH key and update the repository URL in the Helm chart deployment section with the actual URL where your `nginx-logging-cw-demo` chart is located.

Here is a detailed explanation of what each step does:

- **Step 1**: A new resource group is created to host all the resources related to the AKS cluster.
- **Step 2-4**: These steps are about setting up a service principal which is necessary for the AKS cluster to interact with various Azure services.
- **Step 5**: The AKS cluster is provisioned with two nodes in the default agent pool.
- **Step 6**: We export the Kubernetes configuration which will be used by `kubectl` to manage the Kubernetes cluster.
- **Step 7**: A Kubernetes provider is created using the exported kubeconfig. It will allow the Pulumi Kubernetes resources to communicate with our AKS cluster.
- **Step 8**: The `nginx-logging-cw-demo` Helm chart is deployed using the Pulumi Kubernetes provider. We specify the chart and the repository in the options.
- **Step 9**: Finally, we export the URL for the nginx service deployed by the Helm chart (assuming that the service type is LoadBalancer and it provisions an external IP).

Remember, after you write the Pulumi program, you should install the required NPM packages (`@pulumi/azure`, `@pulumi/azuread`, `@pulumi/azure-native`, `@pulumi/kubernetes`) and run `pulumi up` to execute it. The output will show you the endpoint URL of the deployed Nginx instance.