Deploy the vault-token-injector helm chart on Azure Kubernetes Service (AKS)
TypeScriptTo deploy the
vault-token-injector
Helm chart on Azure Kubernetes Service (AKS), you will need to follow these steps:-
Set up an AKS cluster: You will need to create an AKS cluster where your applications will be hosted.
-
Install the Helm chart: Once you have the AKS cluster set up, you will use Pulumi to deploy the
vault-token-injector
Helm chart to the cluster.
Let's break down each step with the corresponding Pulumi TypeScript code:
Step 1: Setting Up an AKS Cluster
You will start by creating an AKS cluster. The Pulumi resource
azure-native.containerservice.ManagedCluster
from theazure-native
package will be used to provision an AKS cluster. This resource allows you to define the properties of an AKS cluster including the node pool, which defines the size and number of VMs that run your applications.Step 2: Deploy the Helm Chart
With the AKS cluster in place, you'll then deploy the
vault-token-injector
Helm chart using thekubernetes.helm.v3.Chart
resource from thekubernetes
provider. Helm charts help you define, install, and upgrade even the most complex Kubernetes applications.Below is a program written in TypeScript which carries out these steps. Make sure you have Pulumi installed and configured to run with Azure.
import * as pulumi from "@pulumi/pulumi"; import * as azure_native from "@pulumi/azure-native"; import * as kubernetes from "@pulumi/kubernetes"; import * as azuread from "@pulumi/azuread"; // Step 1: Create an Azure Resource Group const resourceGroup = new azure_native.resources.ResourceGroup("myResourceGroup"); // Create an AKS cluster const managedCluster = new azure_native.containerservice.ManagedCluster("myAksCluster", { resourceGroupName: resourceGroup.name, agentPoolProfiles: [{ count: 1, maxPods: 110, mode: "System", name: "agentpool", osType: "Linux", vmSize: "Standard_DS2_v2", }], dnsPrefix: "myakscluster", enableRBAC: true, kubernetesVersion: "1.18.14", linuxProfile: { adminUsername: "adminuser", ssh: { publicKeys: [{ keyData: "your-ssh-public-key", }], }, }, resourceGroupName: resourceGroup.name, servicePrincipalProfile: { clientId: "your-service-principal-client-id", secret: "your-service-principal-client-secret", }, }); // Export the AKS cluster kubeconfig export const kubeconfig = managedCluster.kubeConfig; // Step 2: Deploy the Helm Chart onto the AKS cluster const aksCluster = new kubernetes.Provider("aksCluster", { kubeconfig: managedCluster.kubeConfig.apply(JSON.stringify), }); const chart = new kubernetes.helm.v3.Chart("vault-token-injector", { chart: "vault-token-injector", version: "0.1.0", // replace with the exact chart version fetchOpts: { repo: "https://your-helm-chart-repository/", // replace with the vault-token-injector Helm chart repository URL }, }, { provider: aksCluster }); // Export the Chart's status export const chartStatus = chart.status;
In the code above, replace
your-ssh-public-key
with your actual public SSH key, and put the actualclientId
andsecret
for your service principal. Also, replacehttps://your-helm-chart-repository/
with the correct Helm chart repository URL forvault-token-injector
.The
kubeconfig
output will allow you to interact with your AKS cluster using tools likekubectl
. ThechartStatus
can be used to check the status of the deployment.What's happening in the code?
-
Resource Group: A resource group is a container that holds related resources for an Azure solution. In this code, a resource group named
myResourceGroup
is created. -
AKS Cluster: The AKS cluster is defined with one agent pool that has a VM size suitable for most general-purpose workloads. RBAC is enabled for security, and you must provide your own SSH public key and service principal credentials.
-
Kubernetes Provider: This is the Pulumi provider instance which uses the kubeconfig of the AKS cluster to interact with it.
-
Helm Chart: Using the
kubernetes.helm.v3.Chart
resource, thevault-token-injector
chart is fetched from the provided Helm repository and deployed to the AKS cluster. Theprovider
field ensures that this Helm chart is deployed on the previously created AKS cluster.
Running the program
To run this Pulumi program, save it to a file named
index.ts
, then execute the following commands in the terminal:pulumi stack init dev # Initialize a new Pulumi stack called 'dev' pulumi up # Deploy the changes
After you run
pulumi up
, you will be shown a preview of the resources that will be created. Upon confirmation, Pulumi will provision the resources in the order specified by the program.Once deployment is complete, you can use the output
kubeconfig
to manage your AKS cluster withkubectl
and see the status of your Helm chart deployment.Remember, it is important to keep your service principal credentials and SSH keys secure and manage access to them according to your organization’s security policies.
-