Deploy the bff-vrecli-service helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy a Helm chart on Azure Kubernetes Service (AKS) using Pulumi, you'll first need to provision an AKS cluster. Once the cluster is running, you can deploy your Helm chart to that cluster. The Helm chart deployment will be defined as a Pulumi resource, specifically using the kubernetes.helm.v3.Chart resource.

Below is a program written in TypeScript that demonstrates this process. This program does the following:

Creates an AKS cluster with the required configurations.
Deploys a Helm chart onto the AKS cluster.

In the code, you'll find comments that explain each step of the program. Make sure to replace placeholders like <RESOURCE_GROUP>, <AKS_NAME>, and <CHART_VALUES> with your actual resource group name, AKS cluster name, and chart values or configurations.

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import * as azureNative from "@pulumi/azure-native";

// Create an Azure Resource Group
const resourceGroup = new azure.core.ResourceGroup("<RESOURCE_GROUP>");

// Create an Azure AD Service Principal for the AKS cluster to use for Azure API operations
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", {
    applicationId: adApp.applicationId,
});

// Create a Service Principal Password
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: adSp.id,
    value: "<PASSWORD>", // Replace '<PASSWORD>' with a secure password
    endDate: "2099-01-01T00:00:00Z",
});

// Create the AKS cluster
const cluster = new azure.containerservice.KubernetesCluster("<AKS_NAME>", {
    resourceGroupName: resourceGroup.name,
    defaultNodePool: {
        name: "akspool",
        nodeCount: 2,
        vmSize: "Standard_D2_v2",
    },
    dnsPrefix: `${pulumi.getStack()}-kube`,
    linuxProfile: {
        adminUsername: "myadmin",
        sshKey: {
            keyData: "<SSH_PUBLIC_KEY>", // Replace '<SSH_PUBLIC_KEY>' with your actual SSH public key
        },
    },
    servicePrincipal: {
        clientId: adApp.applicationId,
        clientSecret: adSpPassword.value,
    },
    roleBasedAccessControl: { enabled: true },
    addonProfiles: {
        KubeDashboard: {
            enabled: true,
        },
    },
    tags: {
        environment: "testing",
    },
});

// Export the Kubeconfig
export const kubeconfig = cluster.kubeConfigRaw;

// Use the Kubeconfig to create a Kubernetes provider instance.
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Deploy the Helm chart using the Kubernetes provider created above
const helmChart = new k8s.helm.v3.Chart("bff-vrecli-service", {
    chart: "bff-vrecli-service",
    // The repository where the Helm chart is located.
    // Replace below with the chart repository URL or local chart path
    // repo: "http://chart-repo-url/",
    // path: "./path-to-chart",
    version: "<CHART_VERSION>", // Replace '<CHART_VERSION>' with the version of the Helm chart
    values: {
        // Provide configuration values for the Helm chart here.
        // This object should match the values you'd typically provide in a values.yaml file or via --set
        // Example:
        // replicaCount: 2,
    },
    namespace: "default", // Kubernetes namespace to deploy the Helm chart. Adjust if needed.
}, { provider: k8sProvider });

// Export the Chart name
export const chartName = helmChart.getResourceName();

We initiate the creation of a resource group where all resources for the AKS will reside.
An Azure AD service principal is created, which the AKS will use to perform actions on behalf of the application.
We then create a password for the service principal.
The AKS cluster is defined with a specified node count, VM size, admin username, and ssh key. This also includes configuring role-based access control (RBAC) for more secure operations and optionally enabling the Kubernetes dashboard.
A Kubernetes provider is instantiated using the kubeconfig from the newly created AKS cluster. This provider will be used to manage Kubernetes resources.
Finally, the Helm chart is deployed to the AKS cluster using the Kubernetes provider. You will need to specify the repository URL and version of the Helm chart you are deploying.

Remember to provide all required placeholders before running the Pulumi program, including passwords and SSH public keys.

For more detailed documentation on Pulumi resources:

AKS Cluster: Azure Kubernetes Service (AKS)
Helm Chart: Helm Chart

To execute this program, save it in a file, install the required packages by running npm install for Pulumi with Azure and Kubernetes SDKs. Then, simply run pulumi up within the CLI in the directory of the file to provision the resources as defined.

Please ensure you have Pulumi and the necessary cloud CLI tools configured for your environment before running the program.