Deploy the local-pv helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

In order to deploy a Helm chart on an Azure Kubernetes Service (AKS) cluster using Pulumi, you need to follow a sequence of steps, which I'll outline below. The steps involve setting up AKS, installing the Helm chart, and ensuring that the necessary configurations are in place. Here's a detailed breakdown of the process:

1. **Create an Azure Resource Group**: An Azure resource group is a container that holds related resources for an Azure solution. It's good practice to organize your cloud resources into resource groups.

2. **Create an AKS Cluster**: The AKS cluster is the managed Kubernetes service provided by Azure where you can deploy your applications.

3. **Install the Helm Chart**: Using Pulumi's `kubernetes` provider, you'll be able to install the `local-pv` Helm chart onto your AKS cluster.

Please make sure you have Pulumi and the necessary cloud provider CLI tools installed and configured before running the code.

Now, let's walk through the code that will set up the entire infrastructure described above:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as kubernetes from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import * as random from "@pulumi/random";

// Step 1: Create a new Azure Resource Group
const resourceGroup = new azure.core.ResourceGroup("aksResourceGroup", {
    location: "East US", // You can choose the location that is best for you
});

// Step 2: Create an AKS Cluster
// Generate a strong password for the Kubernetes cluster
const password = new random.RandomPassword("password", {
    length: 20,
    special: true,
}).result;

const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", { applicationId: adApp.applicationId });
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: adSp.id,
    value: password,
    endDate: "2099-01-01T00:00:00Z",
});

// Create the AKS cluster
const k8sCluster = new azure.containerservice.KubernetesCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    location: resourceGroup.location,
    agentPoolProfiles: [{
        name: "aksagentpool",
        count: 2,
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "aksk8s",
    linuxProfile: {
        adminUsername: "adminuser",
        sshKey: {
            keyData: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD...", // Replace this with your actual SSH public key
        },
    },
    servicePrincipal: {
        clientId: adApp.applicationId,
        clientSecret: adSpPassword.value,
    },
    roleBasedAccessControl: { enabled: true },
    networkProfile: {
        serviceCidr: "10.10.0.0/16",
        dnsServiceIp: "10.10.0.10",
        dockerBridgeCidr: "172.17.0.1/16",
    },
}, {
    dependsOn: [adApp, adSp, adSpPassword],
});

// Step 3: Install the local-pv Helm chart on the AKS cluster
// First, we need a Kubernetes provider that uses the credentials from the newly created AKS cluster
const k8sProvider = new kubernetes.Provider("k8sProvider", {
    kubeconfig: k8sCluster.kubeConfigRaw,
});

// Now install the `local-pv` helm chart onto the AKS cluster.
const localPVChart = new kubernetes.helm.v3.Chart("local-pv", {
    chart: "local-pv",
    version: "1.0.0", // Replace with the correct version of the chart
    resourcePrefix: "local-pv", // Optional: Prefix for all resources created by this chart
    // Values to pass to the Helm chart
    values: {
        // Add configurations for `local-pv` chart here
    },
}, { provider: k8sProvider });

// Export the kubeConfig of the cluster
export const kubeConfig = k8sCluster.kubeConfigRaw;
```

Here's what each step does in this program:

- **Resource Group**: Creates a new resource group to contain the AKS cluster.
- **AKS Cluster**: Sets up a new AKS cluster with two nodes. It also includes RBAC (role-based access control) for security, and a network profile for communication settings.
    - A `pulumi/random` resource is used to generate a secure password.
    - Azure AD entities (`application`, `service principal`, `service principal password`) are created and used for authenticating the AKS cluster with other Azure services.
- **Kubernetes Provider**: Instantiates a Pulumi provider for Kubernetes. This utilizes the `kubeConfig` from the AKS cluster for authentication.
- **Helm Chart**: Deploys a Helm chart named `local-pv` onto the AKS cluster. The version and values for the `local-pv` need to be specified according to the chart's requirements.

Lastly, it exports `kubeConfig`, which can be used to access your newly created Kubernetes cluster with tools like `kubectl`.

Keep in mind that deploying Kubernetes applications can be complex, and this code sets the groundwork for you to begin experimenting with Pulumi and AKS. Always refer to the official documentation for specific Helm charts for configuration details and best practices.