Integrating Azure Cognitive Services with Azure Kubernetes Service

Question

Pulumi · Accepted Answer

To integrate Azure Cognitive Services with Azure Kubernetes Service (AKS), you'll need to create two primary resources:

1. **Azure Kubernetes Service**: This will be your managed container orchestration service, which simplifies the deployment, management, and operations of Kubernetes.

2. **Azure Cognitive Services**: These are a collection of machine learning algorithms and APIs that enable your applications to see, hear, speak, understand, and interpret the needs of users through natural methods of communication.

Below is a Pulumi program in Python that sets up the integration. It assumes that you have Azure account credentials configured locally where Pulumi can access them.

I'll walk through the steps to accomplish this:

- Define the AKS cluster.
- Define the Cognitive Services account.
- Create a Kubernetes secret with Cognitive Services account keys.
- Deploy a Kubernetes pod that uses Cognitive Services.

First, let's write the Pulumi program:

```python
import pulumi
import pulumi_azure_native as azure_native
from pulumi_azure_native import containerservice, resources, cognitiveservices

# Create an Azure Resource Group
resource_group = resources.ResourceGroup('resource_group')

# Create an AKS cluster
managed_cluster = containerservice.ManagedCluster(
    'aksCluster',
    resource_group_name=resource_group.name,
    location=resource_group.location,
    identity=containerservice.ManagedClusterIdentity(type="SystemAssigned"),
    # Setting the default node pool for the cluster. Adjust these parameters as needed for your use case.
    agent_pool_profiles=[{
        'count': 1,
        'max_pods': 110,
        'mode': 'System',
        'name': 'agentpool',
        'node_labels': {},
        'os_disk_size_gb': 30,
        'os_type': 'Linux',
        'vm_size': 'Standard_DS2_v2',
    }],
    dns_prefix='akscognitiveservices',
    kubernetes_version='1.19.11',
)

# Create a Cognitive Services account
cognitive_services_account = cognitiveservices.Account(
    'cognitiveServicesAccount',
    resource_group_name=resource_group.name,
    # The kind specifies which type of Cognitive Services you want.
    # Adjust the kind and sku as needed for your use case or particular service.
    kind='Face',
    sku={'name': 'S0'},  # S0 is a standard tier, you can choose other tiers as required.
    location=resource_group.location,
)

# Export the AKS cluster name and Cognitive Services key (DO NOT share these keys publicly in a real-world scenario)
pulumi.export('aks_cluster_name', managed_cluster.name)
pulumi.export('cognitive_services_key', cognitive_services_account.keys)
```

In this program, I've done the following:

- Created an Azure Resource Group to hold all the resources.
- Created an AKS cluster with one node pool containing one node of size `Standard_DS2_v2`.
- Set up Azure Cognitive Services for the `Face` API at the standard tier (`S0`).

Next, you would use the `cognitive_services_key` in your application running on the AKS cluster to authenticate with Cognitive Services. For security reasons, it's recommended to store such keys in Kubernetes secrets rather than hard-coding them into your applications.

Here is an example of how you would create a Kubernetes Secret for the Cognitive Services key obtained from the Pulumi output:

```python
import pulumi_kubernetes as k8s

# Create a Kubernetes secret for Cognitive Services account keys (assuming Kubernetes provider is configured)

# This step depends on the output of the Cognitive Services account creation.
# Therefore, we need to run this after the main pulumi program has completed and outputs are available.
def create_k8s_secret(keys):
    secret = k8s.core.v1.Secret(
        'cognitive-services-secret',
        metadata={'name': 'cognitiveservicessecret'},
        data={
            'cognitive-services-key': keys.apply(lambda k: k.keys[0].value),
        }
    )

# Call the create_k8s_secret function with the account keys output from the Cognitive Services account
cognitive_services_account.keys.apply(create_k8s_secret)
```

In this additional section, I've added the creation of a Kubernetes Secret resource that stores the Cognitive Services key in a secure way within your Kubernetes cluster.

Please make sure to configure Pulumi's Kubernetes provider to point to your AKS cluster, and be mindful of security considerations when handling secrets. This can be achieved by fetching kubeconfig from the AKS cluster with Pulumi's output and setting it in the provider.

Lastly, you would deploy your applications to AKS as pods or deployments, making sure they are configured to use the secrets to access the Cognitive Services APIs. This typically involves modifying your application code or deployment manifests to read the secret keys as environment variables or files within the pods.

Remember not to expose the sensitive Cognitive Services keys publicly or in any insecure manner. Always use Kubernetes Secrets to manage sensitive information in your clusters.