Deploy the tyk-oss helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Tyk OSS Helm chart on Azure Kubernetes Service (AKS), we will need to accomplish a series of tasks:

Provision an AKS cluster: The core of your deployment, this is where your applications and services will run.
Install the Helm CLI: Helm is a package manager for Kubernetes, and we will use it to deploy the Tyk OSS chart.
Configure Helm in our Pulumi program: We use Pulumi's Helm support to install the chart onto our AKS cluster.

Steps in detail:

Provision an AKS cluster

We are going to use Pulumi's azure-native package to create an AKS cluster. An AKS cluster requires a resource group, and we define the characteristics of our cluster within the Pulumi program, such as the location, the Kubernetes version, and the size of the nodes.

Install the Helm CLI

Helm must be installed on your local machine or in your CI/CD pipeline environment to be available for Pulumi's Helm support to operate.

Configure Helm in our Pulumi program

With the AKS cluster provisioned and Helm installed, we then use Pulumi's kubernetes package to set up Helm and the Tyk OSS chart. We will specify the repository where the Tyk OSS Helm chart is located and the version of the chart we want to install.

Here is the TypeScript program which accomplishes these steps:

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import * as random from "@pulumi/random";

// Create a resource group
const resourceGroup = new azure_native.resources.ResourceGroup("myResourceGroup");

// Create an AD service principal for our AKS cluster
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", { applicationId: adApp.applicationId });
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: adSp.id,
    endDate: "2099-01-01T00:00:00Z",
});

// Now let's create an AKS cluster
const cluster = new azure_native.containerservice.ManagedCluster("myAksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2, // Specify the size of the cluster (2 VMs for example)
        vmSize: "Standard_DS2_v2", // Specify the size of VMs
        name: "agentpool" // Name of the agent pool
    }],
    dnsPrefix: pulumi.interpolate`${resourceGroup.name}-kube`, // A prefix for the Kubernetes DNS service
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{ keyData: "<YOUR SSH PUBLIC KEY>" }],
        },
    },
    servicePrincipalProfile: {
        clientId: adApp.applicationId,
        secret: adSpPassword.value,
    },
});

// Export the kubeconfig
export const kubeconfig = pulumi.
    all([ cluster.name, resourceGroup.name ]).
    apply(([ clusterName, rgName ]) => {
        const creds = azure_native.containerservice.listManagedClusterUserCredentials({
            resourceGroupName: rgName,
            resourceName: clusterName,
        });
        return creds.kubeconfigs[0].value.apply((enc: Buffer) => Buffer.from(enc).toString());
    });

// Create a Kubernetes provider instance that uses our AKS kubeconfig
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Deploy tyk-oss Helm chart using the Kubernetes provider
const tykOssChart = new k8s.helm.v3.Chart("tyk-oss", {
    chart: "tyk-headless", // The name of the chart to deploy
    version: "0.6.0", // Specify the version of the chart
    fetchOpts: {
        repo: "https://helm.tyk.io/public/helm/charts/", // Location of the Tyk OSS Helm chart repository
    }
}, { provider: k8sProvider });

// Export the IP address of the Tyk Gateway service
export const tykGatewayIP = tykOssChart.getResourceProperty("v1/Service", "tyk-oss-tyk-gateway", "status").apply(status => status.loadBalancer.ingress[0].ip);

Notes:

Replace <YOUR SSH PUBLIC KEY> with your actual SSH public key for secure access to the Kubernetes cluster.
The AKS cluster name, resource group name, and Linux profile are defined with placeholder values; these can be modified to suit your requirements.
The Tyk OSS Helm chart version used is 0.6.0. Check the official Tyk Helm Chart repository for the latest version.
Once the code is ready, you can use Pulumi CLI commands (pulumi up, pulumi preview, pulumi destroy) to create, preview, or destroy your infrastructure as needed.

After deploying:

After running pulumi up, the AKS cluster will be provisioned, and the Tyk OSS Helm chart will be deployed onto the cluster. Pulumi will output the Kubernetes config needed to interact with your AKS cluster (kubeconfig) and the IP address for the Tyk Gateway service (tykGatewayIP).

Once the deployment is successful, use the kubeconfig to configure kubectl and interact with your AKS cluster. Validate that the Tyk Gateway service is running by querying its IP address.