Deploy the ms-java-spring-boot helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the `ms-java-spring-boot` Helm chart on Azure Kubernetes Service (AKS), we first need to create an AKS cluster if you don't have one already. Then we'll be using the Pulumi's `@pulumi/azure-native` package to create the necessary resources for AKS as well as the `@pulumi/kubernetes` package to deploy the Helm chart. Below I will walk you through the TypeScript code for deploying an AKS cluster and then deploying the `ms-java-spring-boot` Helm chart using Pulumi. Let's start by installing the necessary npm packages: - `@pulumi/pulumi`: The core Pulumi SDK. - `@pulumi/azure-native`: The Pulumi Azure Native package to manage Azure resources. - `@pulumi/kubernetes`: The Pulumi Kubernetes package to manage Kubernetes resources, like Helm charts. ```bash npm install @pulumi/pulumi @pulumi/azure-native @pulumi/kubernetes ``` Next, we will create two primary resources: 1. An AKS cluster using the `azure-native.containerservice.KubernetesCluster` resource. 2. A Helm chart deployment using the `kubernetes.helm.v3.Chart` resource. Here is the full program. ```typescript import * as pulumi from "@pulumi/pulumi"; import * as azure_native from "@pulumi/azure-native"; import * as kubernetes from "@pulumi/kubernetes"; import * as random from "@pulumi/random"; // We start by creating a new resource group in Azure where our AKS resources will live. const resourceGroupName = new azure_native.resources.ResourceGroup("myResourceGroup").name; // Create an AD service principal for the K8s cluster. const adApp = new azure_native.graphrbac.Application("adApp"); const adSp = new azure_native.graphrbac.ServicePrincipal("adSp", { applicationId: adApp.applicationId, }); const password = new random.RandomPassword("password", { length: 20, special: true, }); const adSpPassword = new azure_native.graphrbac.ServicePrincipalPassword("adSpPassword", { servicePrincipalId: adSp.id, value: password.result, endDate: "2099-01-01T00:00:00Z", }); // Now let's create the AKS cluster. const cluster = new azure_native.containerservice.KubernetesCluster("myAKSCluster", { resourceGroupName: resourceGroupName, agentPoolProfiles: [ { count: 1, // Single node cluster for simplicity, adjust count as needed. vmSize: "Standard_DS2_v2", // VM size for the nodes, select based on your needs. mode: "System", // Required property for the first node pool, which is the default. name: "agentpool" // Name of the node pool. }, ], dnsPrefix: "aksdns", // DNS prefix for the AKS cluster. linuxProfile: { adminUsername: "adminuser", // Admin user for the Linux VMs. ssh: { publicKeys: [{ keyData: "" }], }, }, kubernetesVersion: "1.18.14", // Specify your desired Kubernetes version. servicePrincipalProfile: { clientId: adApp.applicationId, secret: adSpPassword.value, }, }); // We need to get the kubeconfig from AKS to be used by the Helm chart to deploy // the ms-java-spring-boot application. const creds = pulumi.all([resourceGroupName, cluster.name]).apply(([rgName, clusterName]) => azure_native.containerservice.listManagedClusterUserCredentials({ resourceGroupName: rgName, resourceName: clusterName, })); const kubeconfig = creds.apply(creds => Buffer.from(creds.kubeconfigs[0].value, 'base64').toString()); // Create a Kubernetes provider instance that uses our kubeconfig. const k8sProvider = new kubernetes.Provider("k8sProvider", { kubeconfig: kubeconfig, }); // Deploy the ms-java-spring-boot Helm chart into our AKS cluster. const springBootChart = new kubernetes.helm.v3.Chart("ms-java-spring-boot", { chart: "ms-java-spring-boot", version: "1.0.0", // Replace with the desired version of the Helm chart. fetchOpts: { repo: "http://", // Specify the Helm repository URL. }, }, { provider: k8sProvider }); // Export the cluster's kubeconfig and public IP endpoints for the service. export const kubeconfigOut = kubeconfig; export const frontendServiceIp = springBootChart.getResourceProperty("v1/Service", "ms-java-spring-boot", "status").apply(status => status.loadBalancer.ingress[0].ip); ``` Replace `` and `` with your SSH public key and the URL of your Helm chart repository. Please note that handling secrets like `adSpPassword.value` inline is not recommended for production. Instead consider using Pulumi's [secrets management](https://www.pulumi.com/docs/intro/concepts/secrets/) or store secrets in Azure Key Vault. What the program does: 1. Creates a new resource group. 2. Sets up an Azure Active Directory application and service principal for AKS to interact with other Azure services. 3. Generates a strong password for the service principal account. 4. Creates an AKS cluster with one node. 5. Retrieves AKS credentials to interact with the cluster using `listManagedClusterUserCredentials`. 6. Converts the retrieved credentials to a kubeconfig file inline. 7. Initializes a Pulumi Kubernetes provider with this kubeconfig. 8. Deploys the `ms-java-spring-boot` Helm chart to the AKS cluster using this provider. 9. Exports the kubeconfig and the public IP of the deployed service. To apply this Pulumi program, save it in a file (e.g., `index.ts`), then execute it using the Pulumi CLI: ```bash pulumi up ``` This will provision the resources in Azure and deploy the Helm chart to your AKS cluster.