Deploy the fluentbit-resource helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the `fluentbit` Helm chart on an Azure Kubernetes Service (AKS) cluster using Pulumi, we'll go through a series of steps:

1. **Create an AKS cluster**: We need an AKS cluster to deploy Fluent Bit to. If you already have one, you can skip this step. Otherwise, we'll define an AKS cluster resource using Pulumi's `azure-native` package.

2. **Integrate AKS with Azure Container Registry (ACR)**: This is not strictly necessary for deploying a Helm chart, but it's a common setup where you store your container images. We will set up the integration of AKS with ACR so that AKS can pull images from ACR if needed.

3. **Deploy Fluent Bit using the Helm Chart**: With the AKS cluster and ACR ready, we'll use the Helm Chart resource from Pulumi's `kubernetes` package to deploy Fluent Bit to the AKS cluster. We need to ensure that Helm and the Kubernetes provider are configured with the correct context to interact with our AKS cluster.

Below, we have a Pulumi program written in TypeScript that demonstrates these steps. The Pulumi program relies on you having an Azure account and the Azure CLI installed and logged in. It is also assumed that you have the necessary Pulumi CLI and associated packages installed (`@pulumi/azure-native`, `@pulumi/azure`, and `@pulumi/kubernetes`).

### Detailed Pulumi TypeScript Program:

```typescript
import * as azure from "@pulumi/azure";
import * as azureNative from "@pulumi/azure-native";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Create an AKS cluster
// Define the AKS cluster resource
const resourceGroup = new azureNative.resources.ResourceGroup("myResourceGroup");
const aksCluster = new azureNative.containerservice.ManagedCluster("myAKSCluster", {
    resourceGroupName: resourceGroup.name,
    identity: {
        type: "SystemAssigned",
    },
    agentPoolProfiles: [{
        count: 1,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "mykube",
    enableRBAC: true,
    kubernetesVersion: "1.18.14",
});

// Export the KubeConfig
export const kubeConfig = aksCluster.kubeConfig;

// Step 2: Integrate AKS with ACR (Optional)
// Example of integrating Azure Container Registry if you plan to use private container images
const acr = new azure.containerservice.Registry("myACR", {
    resourceGroupName: resourceGroup.name,
    sku: "Basic",
    adminEnabled: true,
});

// Grant AKS-generated service principal the ACR pull role
const acrPullRoleAssignment = new azure.authorization.Assignment("acrPullRole", {
    principalId: aksCluster.identityProfile.apply(profile => profile["kubeletidentity"].objectId),
    roleDefinitionName: "AcrPull",
    scope: acr.id,
});

// Step 3: Deploy Fluent Bit using Helm Chart
// We'll use Helm Chart resource from Pulumi's `kubernetes` package to deploy Fluent Bit to AKS
const fluentbitChart = new k8s.helm.v3.Chart("fluentbit", {
    chart: "fluent-bit",
    version: "0.15.0", // specify the version of the chart to deploy
    fetchOpts:{
        repo: "https://fluent.github.io/helm-charts",
    },
    namespace: "kube-system",
    values: {
        // Define any helm values here that you want to override,
        // For example to change the backend from Elasticsearch to another service.
    },
}, { provider: new k8s.Provider("k8sProvider", { kubeconfig: kubeConfig }) });

// Export the Fluent Bit Helm chart deployment name
export const fluentbitDeploymentName = fluentbitChart.getResourceProperty("v1/Service", "fluentbit", "metadata").apply(m => m.name);

```

This program defines three main resources: an Azure resource group, an Azure Kubernetes Service (AKS) cluster, and a Helm deployment of the `fluentbit` chart.

The AKS cluster is created with a single node pool that can run Kubernetes workloads. The `kubeConfig` output is exported, which contains the credentials necessary to interact with the Kubernetes cluster using `kubectl` or other Kubernetes tooling.

The `fluentbit` chart is deployed into the `kube-system` namespace on the AKS cluster. The `values` field in the Helm chart resource can be used to set Helm values to configure Fluent Bit to your needs, such as setting different log backend services or tuning other settings. In this example, we left it empty, but you will want to specify your own custom settings.

Finally, we export the Fluent Bit Helm chart deployment name, which is dynamically obtained from the deployed resources' metadata. This name can be useful for reference, management, or further automation.

To deploy your infrastructure, save the above code as `index.ts`, and run the following command in your terminal:

```bash
pulumi up
```

The `pulumi up` command will show you a preview of the resources that Pulumi will create or modify. If everything looks correct, confirm the deployment, and Pulumi will provision the specified resources in Azure and deploy the Fluent Bit Helm chart to your AKS cluster.