Deploy the Knative helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Knative Helm chart on an Azure Kubernetes Service (AKS) cluster using Pulumi, you need to perform the following steps:

1. Create an AKS cluster.
2. Install the Helm chart for Knative.

We will use the `azure-native` package to create the AKS cluster since it is a native Azure provider for Pulumi and offers fine-grained control over Azure resources.

Once the AKS cluster is provisioned, Pulumi can manage Helm chart deployments through the `helm` package. This requires having Helm and Kubernetes configured in your environment. Pulumi will interact with Helm to deploy Knative to the AKS cluster we created.

First, ensure you have the Azure CLI installed and configured with the necessary permissions to create resources in your Azure subscription. This setup is required to manage Azure resources through Pulumi.

Below is the Pulumi program written in TypeScript that does the following:

- Defines an AKS cluster with a specified node count and size.
- Installs the Knative Helm chart on the AKS cluster using the `helm` package.

Make sure to have Pulumi installed and set up before running this program. If you haven't already logged in to Pulumi, use `pulumi login` to authenticate.

```typescript
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
import * as random from "@pulumi/random";

// Create an Azure Resource Group
const resourceGroup = new azure.core.ResourceGroup("aksResourceGroup", {
    location: "WestUS",
});

// Create an Azure AD service principal for the AKS cluster
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", {
    applicationId: adApp.applicationId,
});

// Generate random password for the service principal
const adSpPassword = new random.RandomPassword("password", {
    length: 20,
    special: true,
});

// Create a service principal password
const spPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: adSp.id,
    value: adSpPassword.result,
    endDate: "2099-01-01T00:00:00Z",
});

// Create the AKS cluster
const k8sCluster = new azure.containerservice.KubernetesCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    location: resourceGroup.location,
    agentPoolProfiles: [{
        name: "aksagentpool",
        count: 3, // Specify the desired number of cluster nodes
        vmSize: "Standard_DS2_v2", // Specify the size of the cluster nodes
    }],
    dnsPrefix: `${pulumi.getStack()}-kube`,
    linuxProfile: {
        adminUsername: "aksuser",
        sshKey: {
            keyData: "ssh-rsa ...", // Replace with your SSH public key
        },
    },
    servicePrincipal: {
        clientId: adApp.applicationId,
        clientSecret: spPassword.value,
    },
    kubernetesVersion: "1.18.14",
});

// Export the kubeconfig to access the AKS cluster
export const kubeconfig = pulumi.
    all([k8sCluster.name, resourceGroup.name]).
    apply(([clusterName, rgName]) => {
        return azure.containerservice.listKubernetesClusterUserCredentials({
            resourceGroupName: rgName,
            resourceName: clusterName,
        }).then(creds => {
            return creds.kubeconfigs[0].value.apply(kc => Buffer.from(kc, 'base64').toString());
        });
    });

// Using the generated kubeconfig, create a Kubernetes provider instance.
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Specify the Helm chart for Knative.
const knativeHelmChart = new k8s.helm.v3.Chart("knative", {
    chart: "knative",
    version: "0.20.0", // Specify the exact chart version
    namespace: "knative-serving",
    fetchOpts:{
        repo: "https://charts.knative.dev",
    },
}, { provider: k8sProvider });

// Export the public IP to access Knative
export const knativeIp = knativeHelmChart.getResourceProperty(
    "v1/Service", "knative-serving/knative-ingressgateway", "status").loadBalancer.ingress[0].ip;
```

Here's what each part of the script does:

- **Azure Resource Group**: A resource group is created to organize all the Azure resources.
- **Azure AD Application and Service Principal**: These are used for the AKS cluster to interact with other Azure services securely.
- **Random Password**: Generates a random password for the AD service principal.
- **AKS Cluster**: Defines a Kubernetes cluster with worker nodes.
- **Kubeconfig**: The kubeconfig is required to interact with your AKS cluster via `kubectl` or any Kubernetes client library.
- **Kubernetes Provider**: A Pulumi Kubernetes provider is instantiated using the generated kubeconfig from the AKS cluster.
- **Helm Chart for Knative**: Defines a Helm chart resource for Knative, including where to fetch the chart and which version to install.

After the Pulumi program is executed, it will export:

- **Kubeconfig**: The kubeconfig required to connect to the AKS cluster.
- **Knative IP**: The public IP to access the Knative services.

This Pulumi program should be all you need to get the Knative Helm chart deployed on AKS. If you need more information on any of the used resources, visit the [Pulumi Registry](https://www.pulumi.com/registry/).