Deploy the elastic-filebeat helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Elastic Filebeat Helm chart on an Azure Kubernetes Service (AKS) cluster using Pulumi, you'll follow these steps:

Set up an AKS Cluster: You need an AKS cluster where Filebeat will be deployed. Pulumi provides resources to create and configure AKS clusters.
Install Helm Chart: Pulumi has a Helm Chart resource that allows you to deploy Helm charts to a Kubernetes cluster.

Prerequisites

Before you begin, you should have:

An Azure account with an active subscription.
The Azure CLI installed and configured.
The Helm CLI installed on your machine.
Pulumi CLI installed and configured for Azure.

Step-by-Step Deployment

Here's a detailed TypeScript program to deploy the Elastic Filebeat Helm chart on an AKS cluster using Pulumi:

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import * as random from "@pulumi/random";

// Create a resource group
const resourceGroup = new azure.core.ResourceGroup("aksResourceGroup", {
   location: "WestUS", // You can choose the appropriate Azure region
});

// Create an AD service principal for the AKS cluster
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", { applicationId: adApp.applicationId });
const password = new random.RandomPassword("password", {
   length: 20,
   special: true,
});

// Assign the AD service principal to a role
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
   servicePrincipalId: adSp.id,
   value: password.result,
   endDate: "2099-01-01T00:00:00Z",
});

// Create the AKS cluster
const aksCluster = new azure.containerservice.KubernetesCluster("aksCluster", {
   resourceGroupName: resourceGroup.name,
   defaultNodePool: {
       name: "aksagentpool",
       nodeCount: 2,
       vmSize: "Standard_DS2_v2",
   },
   dnsPrefix: `${pulumi.getStack()}-kube`,
   linuxProfile: {
       adminUsername: "aksuser",
       sshKey: {
           keyData: "<YOUR_SSH_PUBLIC_KEY>", // Replace with your own SSH public key
       },
   },
   servicePrincipal: {
       clientId: adApp.applicationId,
       clientSecret: adSpPassword.value,
   },
   // Enable network policy for Calico.
   // You can use any other network policies supported in AKS as per your requirements.
   networkProfile: {
       networkPlugin: "azure",
       networkPolicy: "calico",
   },
   // Enable RBAC
   roleBasedAccessControl: { enabled: true },
});

// Export the kubeconfig
export const kubeconfig = aksCluster.kubeConfigRaw;

// Create a k8s provider instance using the kubeconfig from the AKS cluster
const k8sProvider = new k8s.Provider("k8sProvider", {
   kubeconfig: aksCluster.kubeConfigRaw,
});

// Deploy elastic-filebeat helm chart
const fileBeatChart = new k8s.helm.v3.Chart("filebeat", {
   chart: "filebeat",
   version: "7.14.0", // Specify the version of Filebeat you want to deploy
   fetchOpts:{
       repo: "https://helm.elastic.co",
   },
   namespace: "kube-system", // The namespace where to install Filebeat. It can be any namespace.
}, { provider: k8sProvider });

// Export the Filebeat Helm Chart status
export const filebeatStatus = fileBeatChart.status;

In this program:

Resource Group: A resource group is a container that holds related resources for an Azure solution. Here, we define one for the AKS cluster.
AD Service Principal: We create an Azure Active Directory application and service principal which AKS uses for the Kubernetes Azure cloud provider.
AKS Cluster: We create an AKS cluster using the azure.containerservice.KubernetesCluster class, specifying the default node pool configuration, SSH key, service principal credentials, and network profile.
Kubernetes Provider: We set up a Kubernetes provider using the kubeconfig from the newly created AKS cluster. This provider is used to interact with the Kubernetes cluster.
Helm Chart: The Filebeat Helm chart is deployed using the k8s.helm.v3.Chart class, specifying the chart name, repository, and version.
Exported Outputs: The kubeconfig needed to access the AKS cluster and the status of the Filebeat Helm Chart deployment are exported. You can use pulumi stack output to retrieve these values from the CLI.

Applying the Pulumi Program

You can apply this program by running the following commands:

pulumi stack init elastic-filebeat-on-aks
pulumi up

This will provision the resources as defined in the program above. When prompted, review the proposed changes and select yes to proceed with the deployment.

Please replace "<YOUR_SSH_PUBLIC_KEY>" with your actual SSH public key, and make sure you fill in any other configuration needed for your setup, such as selecting the appropriate Azure region for the resource group.