1. Deploy the harbor-scanner-sysdig-secure helm chart on Azure Kubernetes Service (AKS)


    Deploying a Helm chart on an Azure Kubernetes Service (AKS) cluster involves several steps. Firstly, you need to create an AKS cluster where the Helm chart will be deployed. After the cluster is up and running, you can utilize Pulumi's Kubernetes provider to deploy the Helm chart.

    To facilitate this process, we will be using two primary Pulumi resources from the azure-native and kubernetes packages:

    1. azure-native:containerservice:KubernetesCluster to create an AKS cluster. (azure-native Kubernetes Cluster Documentation)
    2. kubernetes:helm.sh/v3:Chart to deploy the harbor-scanner-sysdig-secure Helm chart. (Helm Chart Documentation)

    Below is a TypeScript program that sets up an AKS cluster and then deploys the harbor-scanner-sysdig-secure Helm chart onto it.

    Before running the program, make sure you've installed Pulumi and set up the Azure CLI with the right permissions. You must be logged in to both Pulumi and Azure CLI on your local machine.

    Here's the TypeScript program:

    import * as pulumi from "@pulumi/pulumi"; import * as azure_native from "@pulumi/azure-native"; import * as k8s from "@pulumi/kubernetes"; // Create an Azure Resource Group const resourceGroup = new azure_native.resources.ResourceGroup("myResourceGroup"); // Create an AKS cluster const cluster = new azure_native.containerservice.ManagedCluster("myAKSCluster", { resourceGroupName: resourceGroup.name, agentPoolProfiles: [{ count: 3, vmSize: "Standard_DS2_v2", name: "agentpool", mode: "System", osType: "Linux", }], dnsPrefix: "myakscluster", enableRBAC: true, kubernetesVersion: "1.19.7", sku: { name: "Basic", tier: "Free", }, }); // Export the kubeconfig to access the AKS cluster export const kubeconfig = pulumi. all([cluster.name, resourceGroup.name]). apply(([clusterName, rgName]) => azure_native.containerservice.listManagedClusterUserCredentials({ resourceName: clusterName, resourceGroupName: rgName, }), ).apply(creds => Buffer.from(creds.kubeconfigs[0].value, "base64").toString()); // Create a Kubernetes provider using the AKS cluster's kubeconfig const k8sProvider = new k8s.Provider("k8sProvider", { kubeconfig: kubeconfig, }); // Deploy harbor-scanner-sysdig-secure Helm chart using the 'kubernetes.helm.v3.Chart' resource const helmChart = new k8s.helm.v3.Chart("harbor-scanner-sysdig-secure", { chart: "harbor-scanner-sysdig-secure", version: "1.0.0", // Replace with the target version of the Helm chart fetchOpts: { repo: "https://your-helm-chart-repository", // Replace with the Helm chart repository URL }, }, { provider: k8sProvider }); // Export the Harbor Scanner Sysdig Secure endpoint to access it export let harborScannerEndpoint = helmChart.getResourceProperty("v1/Service", "harbor-scanner-sysdig-secure", "status") .apply(status => status.loadBalancer.ingress[0].ip);

    In the above code:

    1. We start by creating a resource group which is a logical container where all resources are deployed.
    2. We define an AKS cluster with a default node pool of VM size Standard_DS2_v2 and set the Kubernetes version.
    3. We export the kubeconfig which is required to communicate with the AKS cluster. This is sensitive data and should be handled securely.
    4. A k8s.Provider is instantiated using the acquired kubeconfig which allows Pulumi to deploy resources on our newly created AKS cluster.
    5. We then define a k8s.helm.v3.Chart which represents the Helm chart that we want to deploy. We specify the Helm chart name, version, and the repository containing the chart. This Helm chart resource utilizes the Kubernetes provider we've created.
    6. Lastly, we export the IP address of the deployed service to be able to access the Harbor Scanner once it's up and running.

    Please replace "https://your-helm-chart-repository" with the actual repository URL of the harbor-scanner-sysdig-secure Helm chart and specify the correct version of the chart you intend to deploy.

    To run the program, save the code to a index.ts file and execute it using the Pulumi CLI commands pulumi up to deploy the stack.

    Keep in mind that running this program might incur costs on your Azure account, as it provisions resources that are billed by Azure. Also, make sure that billing and service quota/limit permissions in Azure are understood and monitored.