Deploy the telemetry-e2e helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

Deploying a Helm chart on Azure Kubernetes Service (AKS) with Pulumi involves several steps. Below is an explanation of the process, followed by a Pulumi TypeScript program that demonstrates how to achieve this.

### Explanation

1. **AKS Cluster Creation**: We need an AKS cluster to deploy the Helm chart to. We will create a cluster using the `azure-native.containerservice.ManagedCluster` resource.
2. **Helm Chart Deployment**: Once the cluster is ready, we will deploy the 'telemetry-e2e' Helm chart into the AKS cluster. This is accomplished using the `kubernetes.helm.v3.Chart` resource.
3. **Configuring Kubernetes Provider**: The Kubernetes provider must be configured to communicate with the AKS cluster. This ensures that the Helm charts are deployed to the correct Kubernetes cluster.
4. **Prerequisites**: You need to have Pulumi CLI installed, and you should have appropriate access to your Azure account configured on your machine.

### Pulumi TypeScript Program

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import * as azure_native from "@pulumi/azure-native";
import * as kubernetes from "@pulumi/kubernetes";

// Set up an Azure Active Directory service principal for the cluster.
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", {applicationId: adApp.applicationId});
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
  servicePrincipalId: adSp.id,
  value: "YOUR_PASSWORD", // Replace with a secure password.
  endDate: "2099-01-01T00:00:00Z",
});

const resourceGroup = new azure_native.resources.ResourceGroup("resourceGroup");

// Create the AKS cluster.
const cluster = new azure_native.containerservice.ManagedCluster("aksCluster", {
  resourceGroupName: resourceGroup.name,
  agentPoolProfiles: [{
    count: 2,
    vmSize: azure_native.containerservice.VMSizeTypes.Standard_DS2_v2,
    name: "agentpool"
  }],
  dnsPrefix: pulumi.getStack(), // Define a DNS prefix for the cluster.
  enableRBAC: true,
  kubernetesVersion: "1.18.14",
  linuxProfile: {
    adminUsername: "aksuser",
    ssh: {
      publicKeys: [{
        keyData: sshPublicKey, // Add the SSH public key for the admin user.
      }],
    },
  },
  servicePrincipalProfile: {
    clientId: adApp.applicationId,
    secret: adSpPassword.value,
  },
});
const creds = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) =>
  azure_native.containerservice.listManagedClusterUserCredentials({
    resourceGroupName: rgName,
    resourceName: clusterName,
  }));

// Output the kubeconfig.
export const kubeconfig = creds.apply(creds => Buffer.from(creds.kubeconfigs[0].value, 'base64').toString());

// Create a Kubernetes provider instance that uses our cluster credentials.
const k8sProvider = new k8s.Provider("k8sProvider", {
  kubeconfig: kubeconfig,
});

// Deploy the 'telemetry-e2e' helm chart.
const telemetryChart = new kubernetes.helm.v3.Chart("telemetry-e2e", {
  chart: "telemetry-e2e",
  version: "1.0.0", // Replace with the actual chart version you want to deploy.
  fetchOpts: {
    repo: "http://chart-repository-url", // Replace with the actual Helm chart repository URL.
  },
}, { provider: k8sProvider });

// Export the kubeconfig.
export const kubeconfig = creds.apply(creds => Buffer.from(creds.kubeConfigs[0].value, "base64").toString());

```

In the example above, replace `"YOUR_PASSWORD"` with a strong password to be used for the AD service principal, and replace `"http://chart-repository-url"` with the actual Helm repository URL where the 'telemetry-e2e' chart is located. Also, make sure to provide a valid SSH public key string for the `sshPublicKey` variable to ensure you have SSH access to the cluster.

This program defines the necessary resources for the AKS cluster and deploys a Helm chart named 'telemetry-e2e'. Once deployed, you can manage your Kubernetes resources through the `kubeconfig` that is exported as an output by Pulumi.

When the Pulumi program runs, it performs the following actions:
- Creates an Azure Active Directory application and service principal which are used to define identity for the AKS cluster.
- Defines and creates a new AKS cluster with the defined properties such as VM size, node count, and enables RBAC.
- Retrieves the kubeconfig credentials from the deployed AKS cluster.
- Instantiates a Kubernetes provider with the AKS kubeconfig which is then used to deploy the Helm chart.

Ensure you have the Azure and Kubernetes CLI tools installed and configured correctly to apply the above Pulumi code. Once you run `pulumi up` with this program, Pulumi will provision the resources and deploy the chart to your cluster.