Deploy the dapr-ambient helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Dapr Ambient Helm chart on Azure Kubernetes Service (AKS), you'll need to perform several steps. First, you'll create an AKS cluster where your application will run. Then, you'll instruct Pulumi to use Helm to deploy the Dapr Ambient chart onto the AKS cluster.

Below is a TypeScript program that uses Pulumi to accomplish your goal. The program does the following:

1. Creates an AKS cluster using the `ManagedCluster` resource from the `azure-native` package.
2. Deploys the Dapr Ambient Helm chart using the `Chart` resource from the `kubernetes` package, which is capable of deploying Helm charts.

Make sure you have Pulumi installed, along with the necessary cloud provider CLI (in this case Azure CLI) and have logged in and correctly set up your credentials before running the Pulumi program.

Let's go through the following TypeScript code which illustrates the process:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";

// Create a new resource group
const resourceGroup = new azure_native.resources.ResourceGroup("aksResourceGroup");

// Create an AD service principal for the AKS cluster.
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", {applicationId: adApp.applicationId});
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: adSp.id,
    value: "PASSWORD_HERE", // Use a secure method to generate and manage the service principal password.
    endDate: "2099-01-01T00:00:00Z",
});

// Obtain the default version for AKS for our region
const k8sVersion = pulumi.output(azure_native.containerregistry.getRegistryOperationList({
    location: resourceGroup.location,
})).map(list => list.output?.find(op => op.name === "containerregistry/registries/read")?.serviceSpecification.logSpecifications[0].blobDuration);

// Create the AKS cluster
const cluster = new azure_native.containerservice.ManagedCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "akspulumi",
    enableRBAC: true,
    kubernetesVersion: k8sVersion,
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa PUBLIC_KEY_HERE", // Replace with your SSH public key
            }],
        },
    },
    nodeResourceGroup: `MC_azurepulumi_${resourceGroup.name}`,
    servicePrincipalProfile: {
        clientId: adApp.applicationId,
        secret: adSpPassword.value,
    },
});

// Expose the kubeconfig for the newly created AKS cluster
export const kubeconfig = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) =>
    azure_native.containerservice.listManagedClusterUserCredentials({
        resourceName: clusterName,
        resourceGroupName: rgName,
    })
).apply(creds => Buffer.from(creds.kubeconfigs[0].value, 'base64').toString());

// Create a provider for the AKS cluster
const aksProvider = new k8s.Provider("aksProvider", {
    kubeconfig: kubeconfig,
});

// Deploy the Dapr Ambient Helm chart using the AKS cluster's provider
const daprAmbientChart = new k8s.helm.v3.Chart("dapr-ambient", {
    chart: "dapr-ambient", // The name of the chart in the Helm repository.
    version: "VERSION", // Specify the version of the Helm chart.
    fetchOpts: {
        repo: "https://charts.dapr.io/", // The Helm repository URL where the chart is hosted.
    },
}, { provider: aksProvider });

// Export any properties from the Helm chart that you may need to access
export const daprAmbientChartValues = daprAmbientChart.getResourceProperty("v1/Service", "dapr-ambient", "metadata").apply(metadata => metadata.name);
```

In this program, you should replace `PASSWORD_HERE` with a secure password for the service principal and `PUBLIC_KEY_HERE` with your SSH public key. You shouldn't hardcode secrets like passwords directly in your Pulumi programs; instead, consider using a secrets manager.

To run this Pulumi program, save it to a `.ts` file, install required dependencies via `npm` or `yarn`, and then use the Pulumi CLI to create the resources with commands like `pulumi up`.

Do note that for this example to work correctly, you would need proper permissions set up in Azure which includes permissions to create resources and service principals. Ensure you have these permissions or ask your Azure administrator for assistance.