Deploy the kubecon helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the KubeCon Helm chart on Azure Kubernetes Service (AKS), we will follow these general steps:

Create an AKS Cluster: We will use the azure-native.containerservice.ManagedCluster resource to define and create an AKS cluster. This managed Kubernetes service by Azure abstracts away much of the underlying infrastructure management, letting you focus on deploying containerized applications.
Install the Helm Chart: To deploy the KubeCon Helm chart, we will use the kubernetes.helm.v3.Chart resource from the kubernetes provider in Pulumi. Helm charts are packages of pre-configured Kubernetes resources. The Chart resource allows us to apply a Helm chart to an AKS cluster, specifying any configuration values that the chart permits.

First, make sure you have the Pulumi CLI and Azure CLI installed and configured with the appropriate access rights to your target subscription.

Here is the Pulumi TypeScript program that performs this deployment:

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";

// Step 1: Create an Azure Resource Group
const resourceGroup = new azure_native.resources.ResourceGroup("aksResourceGroup", {
    resourceGroupName: "kubecon-aks-resources",
    location: "East US", // Choose the appropriate Azure region
});

// Step 2: Set up an Azure AD Application for AKS
const app = new azuread.Application("aksApp", {
    displayName: "kubeconAksApp",
});

const servicePrincipal = new azuread.ServicePrincipal("aksServicePrincipal", {
    applicationId: app.applicationId,
});

const adAppPassword = new azuread.ApplicationPassword("aksAppPassword", {
    applicationObjectId: app.objectId,
});

// Step 3: Create a Virtual Network for the AKS cluster
const virtualNetwork = new azure_native.network.VirtualNetwork("vnet", {
    resourceGroupName: resourceGroup.name,
    location: resourceGroup.location,
    addressSpace: {
        addressPrefixes: ["10.2.0.0/16"],
    },
});

// Step 4: Create a Subnet for the AKS cluster
const subnet = new azure_native.network.Subnet("subnet", {
    resourceGroupName: resourceGroup.name,
    virtualNetworkName: virtualNetwork.name,
    addressPrefix: "10.2.0.0/24",
});

// Step 5: Create an AKS Cluster
const managedCluster = new azure_native.containerservice.ManagedCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    location: resourceGroup.location,
    dnsPrefix: pulumi.interpolate`${resourceGroup.name}-kubecon`,
    agentPoolProfiles: [{
        name: "default",
        count: 3,
        vmSize: "Standard_DS2_v2",
        osType: "Linux",
    }],
    linuxProfile: {
        adminUsername: "kubeconadmin",
        ssh: {
            publicKeys: [{
                keyData: "<YOUR_SSH_PUBLIC_KEY>", // Replace with your SSH public key
            }],
        },
    },
    servicePrincipalProfile: {
        clientId: app.applicationId,
        secret: adAppPassword.value,
    },
    networkProfile: {
        networkPlugin: "azure",
        serviceCidr: "10.3.0.0/24",
        dnsServiceIP: "10.3.0.10",
        dockerBridgeCidr: "172.17.0.1/16",
        loadBalancerSku: "Standard",
    },
    defaultNodePool: {
        name: "default",
        type: azure_native.containerservice.AgentPoolType.System,
        subnetResourceId: subnet.id,
    },
});

// Step 6: Configure Pulumi to use the created AKS cluster's kubeconfig
const creds = pulumi.output(azure_native.containerservice.listManagedClusterUserCredentials({
    resourceGroupName: resourceGroup.name,
    resourceName: managedCluster.name,
}));

const kubeconfig = creds.apply(list => Buffer.from(list.kubeconfigs[0].value, "base64").toString());

const provider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Step 7: Install the KubeCon Helm Chart
const kubeconHelmChart = new k8s.helm.v3.Chart("kubeconChart", {
    chart: "kubecon",
    // Here, we specify the repository that hosts the kubecon Helm chart. Please replace this with the actual one
    repo: "https://helm-repo-url.com/", 
    version: "1.0.0", // Specify the version of the helm chart
    values: { /* custom values here */ },
}, { provider: provider });

// Export the kubeconfig and cluster name
export const kubeconfigOutput = kubeconfig;
export const clusterName = managedCluster.name;

Replace <YOUR_SSH_PUBLIC_KEY> with your own SSH public key to ensure access to the cluster nodes.

Explanation of the Program:

Resource Group: We start by creating a resource group named kubecon-aks-resources which will contain all the resources.
Azure AD Application & Service Principal: Since AKS requires an identity for creating and managing resources in Azure on behalf of the Kubernetes cluster, we create an Azure AD application and a corresponding service principal along with a secret.
Virtual Network & Subnet: Then we create a virtual network and a subnet where the AKS cluster's nodes will run.
AKS Cluster: We create the managed cluster itself with a Linux profile and service principal profile utilizing the previously generated application and service principal. The agentPoolProfiles defines the size and number of nodes.
Provider Configuration: We retrieve the kubeconfig content from the AKS cluster to configure the Kubernetes provider for Pulumi. This allows Pulumi to manage resources in the cluster.
Helm Chart: Next, we install the Helm chart with the name kubecon from the specified Helm repository.

Make sure to replace https://helm-repo-url.com/ with the URL to the repository where the KubeCon Helm chart is hosted and also set any values that should be passed to the Helm chart.

Finally, we export the kubeconfig and the cluster name for easy access to the newly created AKS cluster.