Deploy the opendistro-es helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Open Distro for Elasticsearch (opendistro-es) Helm chart on Azure Kubernetes Service (AKS), we will use Pulumi to manage the infrastructure as code. This process involves three main steps:

1. **Provision an AKS cluster**: This is the Kubernetes cluster where Open Distro for Elasticsearch will be deployed.
2. **Install the Helm chart**: Using Pulumi's ability to work with Helm charts, deploy opendistro-es on the AKS cluster.

The following Pulumi program written in TypeScript illustrates how to achieve this. I will go through each section of the code, explaining the resources being created and how they work together to deploy opendistro-es.

First, you need to have Pulumi installed and set up along with the Azure command-line tools. Ensure that you are logged into your Azure account using `az login` and have selected the appropriate subscription where you want to deploy the resources.

### Pulumi Program Explanation

- **Importing necessary packages**: The program starts by importing required Pulumi packages for Azure and Kubernetes, which allows us to interact with those services.

- **Creating AKS Cluster**: We define a managed AKS cluster using Pulumi's `azure-native.containerservice.ManagedCluster` class. This class abstracts the complexities of AKS creation and manages it based on the defined configuration.

- **Configuring Kubernetes Provider**: Once the AKS cluster is provisioned, we need a way for Pulumi to communicate with it. Pulumi's Kubernetes provider uses the kubeconfig from the AKS to authenticate and interact with the cluster.

- **Deploying the Helm Chart**: The final step is to use Pulumi's `helm.v3.Chart` resource, which allows you to manage Helm charts in your Pulumi applications. This resource will install the opendistro-es chart onto the AKS cluster with the given configuration.

Now, let's put these explanations into code:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Provisioning the AKS cluster
const resourceName = "opendistro-es-cluster";
const resourceGroup = new azure_native.resources.ResourceGroup(resourceName);

// Create an AKS cluster
const cluster = new azure_native.containerservice.ManagedCluster(resourceName, {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 1, // Number of nodes in the node pool
        vmSize: "Standard_DS2_v2", // Virtual Machine size for the nodes
        name: "nodepool1",
    }],
    dnsPrefix: pulumi.interpolate`${resourceName}-k8s`,
    enableRBAC: true,
    kubernetesVersion: "1.20.9", // You can specify another supported version of Kubernetes here
    linuxProfile: {
        adminUsername: "aksuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa YOUR_SSH_PUBLIC_KEY_HERE",
            }],
        },
    },
    location: resourceGroup.location,
    nodeResourceGroup: pulumi.interpolate`${resourceName}-node-rg`,
    resourceGroupName: resourceGroup.name,
});

// Step 2: Configuring the Kubernetes provider to connect to AKS
const creds = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) => 
    azure_native.containerservice.listManagedClusterUserCredentials({
        resourceGroupName: rgName,
        resourceName: clusterName,
    })
);

const kubeconfig = creds.apply(creds => creds.kubeconfigs[0].value);

const k8sProvider = new k8s.Provider(resourceName, {
    kubeconfig,
});

// Step 3: Install the Open Distro for Elasticsearch Helm chart
const opendistroChart = new k8s.helm.v3.Chart("opendistro-es", {
    chart: "opendistro-es",
    version: "1.13.2", // Specify the chart version you want to deploy
    fetchOpts: {
        repo: "https://opendistro.github.io/for-elasticsearch/",
    },
}, { provider: k8sProvider });

// Export the kubeconfig of the cluster to be used by the Kubernetes provider
export const kubeconfigOutput = pulumi.secret(kubeconfig);
```

### Using the Program

To apply this Pulumi program:

1. Save the code in a file named `index.ts` within a directory for your Pulumi project.
2. Replace `"ssh-rsa YOUR_SSH_PUBLIC_KEY_HERE"` with your actual SSH public key.
3. Run `pulumi up` on your terminal. Pulumi will perform a preview and ask for confirmation before creating the resources.

Pulumi will provision the AKS cluster, set up the Kubernetes provider, and deploy the opendistro-es Helm chart to your cluster. Once the deployment is successful, you will have a fully functional Open Distro for Elasticsearch running on AKS.

Remember, the `pulumi.secret` method is used to ensure sensitive data, like the kubeconfig, is encrypted when stored in the state. It is a best practice to treat kubeconfig files as sensitive and handle them securely.

Feel free to adjust the configurations like node count, VM sizes, and Kubernetes versions to match your production requirements.