Deploy the pi-hole helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

Deploying a Pi-hole Helm chart on Azure Kubernetes Service (AKS) involves several steps. Here's a high-level overview of the process, which we will then translate into a Pulumi TypeScript program:

1. **Create an AKS Cluster**: We start by provisioning an AKS cluster where our applications will run. In Pulumi, we use the `azure-native` package which interacts directly with Azure Resource Manager APIs to define the AKS cluster.

2. **Install the Helm Chart**: Helm is a package manager for Kubernetes, and we'll utilize it to deploy Pi-hole, which is packaged as a Helm chart. Pulumi's `kubernetes` package provides a resource named `helm.v3.Chart` that we can use to deploy Helm charts to a Kubernetes cluster.

3. **Configure Kubernetes Provider**: The Kubernetes provider will need to be configured to ensure it can connect to our newly provisioned AKS cluster.

Now let's walk through the Pulumi TypeScript program that automates this process:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";
import * as helm from "@pulumi/kubernetes/helm/v3";

// Step 1: Create an AKS Cluster
const resourceGroup = new azure_native.resources.ResourceGroup("aksResourceGroup");

const aksCluster = new azure_native.containerservice.ManagedCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 1, // Single node cluster for demonstration purposes
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: pulumi.interpolate`${resourceGroup.name}-kube`,
    enableRBAC: true,
    kubernetesVersion: "1.20.9",
    location: resourceGroup.location,
    resourceName: resourceGroup.name,
});

// Export the Kubernetes config and cluster name
export const kubeConfig = aksCluster.kubeConfig;
export const clusterName = aksCluster.name;

// Step 2: Configure Kubernetes Provider
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: aksCluster.kubeConfig.apply(JSON.stringify),
});

// Step 3: Install the Pi-hole Helm Chart
const piHoleChart = new helm.Chart("pi-hole", {
    chart: "pi-hole",
    version: "1.8.8", // Use the preferred version of Pi-hole Helm chart
    fetchOpts:{
        repo: "https://mojo2600.github.io/pihole-kubernetes/", // Pi-hole's Helm repository
    },
}, { provider: k8sProvider });

// Export any resources we want to make easily accessible
export const piHoleServiceIP = piHoleChart.getResourceProperty("v1/Service", "pi-hole", "status", "loadBalancer", "ingress", 0, "ip");
```

### Explanation:

- We begin by importing the necessary Pulumi packages.
- In step 1, a resource group is created followed by the AKS cluster within it. We've configured the AKS cluster with a single node and enabled RBAC for security. Note that you may want to customize the `agentPoolProfiles` to fit your needs and possibly choose a different VM size for production environments.
- The Kubernetes configuration file from the AKS cluster is exported because it will be necessary to connect to the cluster and manage resources within it.
- In step 2, we initialize the Pulumi Kubernetes provider by providing it the kubeconfig of our AKS cluster. We convert the kubeconfig to a JSON string because the Kubernetes provider expects it in this format.
- In step 3, we deploy Pi-hole using the Helm chart by specifying the chart name, version, and repository. We ensure that the chart is deployed using the Kubernetes provider we created earlier, which connects to our AKS cluster.
- Finally, we export the load balancer IP for the Pi-hole service as `piHoleServiceIP`. This IP can be used to point your device's DNS settings to Pi-hole.

To get your Pi-hole service up and running, you would run this Pulumi program using the Pulumi CLI. After authentication and selecting the appropriate stack, you could simply run `pulumi up` to have everything provisioned and set up.

Remember, Pulumi stores the state of your infrastructure, which makes it easy to make incremental changes, roll back to previous states, and manage your infrastructure as code. Moreover, always review the configurations and adjust them to match your use case, including security adjustments for production workloads.