Deploy the harbor-scanner-sysdig-secure helm chart on Azure Kubernetes Service (AKS)
TypeScriptDeploying a Helm chart on an Azure Kubernetes Service (AKS) cluster involves several steps. Firstly, you need to create an AKS cluster where the Helm chart will be deployed. After the cluster is up and running, you can utilize Pulumi's Kubernetes provider to deploy the Helm chart.
To facilitate this process, we will be using two primary Pulumi resources from the
azure-native
andkubernetes
packages:azure-native:containerservice:KubernetesCluster
to create an AKS cluster. (azure-native Kubernetes Cluster Documentation)kubernetes:helm.sh/v3:Chart
to deploy theharbor-scanner-sysdig-secure
Helm chart. (Helm Chart Documentation)
Below is a TypeScript program that sets up an AKS cluster and then deploys the
harbor-scanner-sysdig-secure
Helm chart onto it.Before running the program, make sure you've installed Pulumi and set up the Azure CLI with the right permissions. You must be logged in to both Pulumi and Azure CLI on your local machine.
Here's the TypeScript program:
import * as pulumi from "@pulumi/pulumi"; import * as azure_native from "@pulumi/azure-native"; import * as k8s from "@pulumi/kubernetes"; // Create an Azure Resource Group const resourceGroup = new azure_native.resources.ResourceGroup("myResourceGroup"); // Create an AKS cluster const cluster = new azure_native.containerservice.ManagedCluster("myAKSCluster", { resourceGroupName: resourceGroup.name, agentPoolProfiles: [{ count: 3, vmSize: "Standard_DS2_v2", name: "agentpool", mode: "System", osType: "Linux", }], dnsPrefix: "myakscluster", enableRBAC: true, kubernetesVersion: "1.19.7", sku: { name: "Basic", tier: "Free", }, }); // Export the kubeconfig to access the AKS cluster export const kubeconfig = pulumi. all([cluster.name, resourceGroup.name]). apply(([clusterName, rgName]) => azure_native.containerservice.listManagedClusterUserCredentials({ resourceName: clusterName, resourceGroupName: rgName, }), ).apply(creds => Buffer.from(creds.kubeconfigs[0].value, "base64").toString()); // Create a Kubernetes provider using the AKS cluster's kubeconfig const k8sProvider = new k8s.Provider("k8sProvider", { kubeconfig: kubeconfig, }); // Deploy harbor-scanner-sysdig-secure Helm chart using the 'kubernetes.helm.v3.Chart' resource const helmChart = new k8s.helm.v3.Chart("harbor-scanner-sysdig-secure", { chart: "harbor-scanner-sysdig-secure", version: "1.0.0", // Replace with the target version of the Helm chart fetchOpts: { repo: "https://your-helm-chart-repository", // Replace with the Helm chart repository URL }, }, { provider: k8sProvider }); // Export the Harbor Scanner Sysdig Secure endpoint to access it export let harborScannerEndpoint = helmChart.getResourceProperty("v1/Service", "harbor-scanner-sysdig-secure", "status") .apply(status => status.loadBalancer.ingress[0].ip);
In the above code:
- We start by creating a resource group which is a logical container where all resources are deployed.
- We define an AKS cluster with a default node pool of VM size
Standard_DS2_v2
and set the Kubernetes version. - We export the
kubeconfig
which is required to communicate with the AKS cluster. This is sensitive data and should be handled securely. - A
k8s.Provider
is instantiated using the acquiredkubeconfig
which allows Pulumi to deploy resources on our newly created AKS cluster. - We then define a
k8s.helm.v3.Chart
which represents the Helm chart that we want to deploy. We specify the Helm chart name, version, and the repository containing the chart. This Helm chart resource utilizes the Kubernetes provider we've created. - Lastly, we export the IP address of the deployed service to be able to access the Harbor Scanner once it's up and running.
Please replace
"https://your-helm-chart-repository"
with the actual repository URL of theharbor-scanner-sysdig-secure
Helm chart and specify the correct version of the chart you intend to deploy.To run the program, save the code to a
index.ts
file and execute it using the Pulumi CLI commandspulumi up
to deploy the stack.Keep in mind that running this program might incur costs on your Azure account, as it provisions resources that are billed by Azure. Also, make sure that billing and service quota/limit permissions in Azure are understood and monitored.