Deploy the ngingo helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

Deploying a Helm chart to an Azure Kubernetes Service (AKS) cluster involves several steps. First, an AKS cluster needs to be created and configured. After the cluster is ready, the Helm CLI is used to install the Helm chart. In this case, we're deploying the "ngingo" chart, which is likely a typo for "nginx", a popular web server that is often used as an ingress controller in Kubernetes clusters.

In the given context, since the Helm chart name "ngingo" is not a recognized chart, we'll proceed with the assumption that this is meant to be "nginx". If this is not correct, please ensure the chart name is accurate before deploying.

Here's how you can create an AKS cluster and deploy the nginx Helm chart to it using Pulumi in TypeScript:

Set up Azure Provider: Ensure you're logged in to Azure and Pulumi CLI is installed.
Create an AKS cluster: Define an AKS cluster using Pulumi's Azure Native provider.
Deploy the nginx Helm chart: Once the AKS cluster is available, deploy the nginx Helm chart to it using Pulumi's Kubernetes provider.

Below is a complete Pulumi program written in TypeScript that performs these steps:

import * as azure from "@pulumi/azure";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import * as random from "@pulumi/random";

// Create an Azure Resource Group
const resourceGroup = new azure.core.ResourceGroup("aksResourceGroup");

// Create an Azure AD application for AKS
const app = new azuread.Application("aks");

// Create a Service Principal for the application so AKS can act on behalf of our Azure account
const servicePrincipal = new azuread.ServicePrincipal("aksSp", {
    applicationId: app.applicationId,
});

// Create a random password for the Service Principal.
const password = new random.RandomPassword("password", {
    length: 20,
    special: true,
});

// Create the Service Principal Password
const servicePrincipalPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: servicePrincipal.id,
    value: password.result,
    endDate: "2099-01-01T00:00:00Z",
});

// Create the AKS cluster
const cluster = new azure.containerservice.KubernetesCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    defaultNodePool: {
        name: "aksagentpool",
        nodeCount: 2,
        vmSize: "Standard_DS2_v2",
    },
    dnsPrefix: `${pulumi.getStack()}-kube`,
    linuxProfile: {
        adminUsername: "adminuser",
        sshKey: {
            keyData: "<YOUR_SSH_PUBLIC_KEY>", // replace <YOUR_SSH_PUBLIC_KEY> with your SSH public key
        },
    },
    servicePrincipal: {
        clientId: app.applicationId,
        clientSecret: servicePrincipalPassword.value,
    },
    kubernetesVersion: "1.18.14",
});

// Export the kubeconfig
export const kubeconfig = cluster.kubeConfigRaw;

// Create a Kubernetes provider instance that uses our kubeconfig
const k8sProvider = new k8s.Provider("k8s", {
    kubeconfig: kubeconfig,
});

// Deploy the nginx ingress using a Helm Chart
const nginxIngress = new k8s.helm.v3.Chart("nginx-ingress", {
        chart: "nginx-ingress",
        version: "1.41.3",
        namespace: "default",
        fetchOpts:{
            repo: "https://kubernetes.github.io/ingress-nginx",
        },
    },
    {
        provider: k8sProvider,
    },
);

// Export the endpoint to access the nginx ingress
export const ingressIp = nginxIngress.getResourceProperty("v1/Service", "nginx-ingress-controller", "status")
    .apply(status => status.loadBalancer.ingress[0].ip);

This program creates an Azure Kubernetes Service (AKS) cluster along with the necessary Azure Active Directory application and Service Principal. The azure.containerservice.KubernetesCluster resource from Pulumi's Azure package is used to create the AKS cluster. After the cluster is created, the program exports the raw Kubernetes configuration needed to interact with your cluster through kubectl.

We create a Kubernetes provider instance with the generated kubeconfig. This allows Pulumi to deploy applications to the AKS cluster.

Lastly, the k8s.helm.v3.Chart resource is used to deploy the nginx ingress controller to the AKS cluster. The repo attribute specifies the Helm chart repository location where the nginx ingress controller chart is hosted.

To run this program:

Replace <YOUR_SSH_PUBLIC_KEY> with your actual SSH public key.
Ensure you have the necessary permissions in Azure to create these resources.
Run pulumi up to provision the resources.

Once the deployment is complete, Pulumi will output the IP address of the ingress which can be used to access the NGINX Ingress Controller.