Deploy the cronjob-backup-jenkins helm chart on Azure Kubernetes Service (AKS)
TypeScriptTo deploy the
cronjob-backup-jenkins
Helm chart on Azure Kubernetes Service (AKS), you'll need to create an AKS cluster and then use the Helm chart to deploy your application. We'll walk through the process with Pulumi in TypeScript, explaining each step as we go.Step 1: Set Up AKS Cluster
First, you will need to create an AKS cluster. In this program, we define an AKS cluster using the
azure-native:containerservice:ManagedCluster
resource. You'll need to specify the necessary properties such as the resource group name, cluster name, and the properties relevant to an AKS cluster such as the agent pool profile.Step 2: Install Helm Chart
Once the cluster is set up, you'll need to install the Helm chart to the AKS cluster. Pulumi's
kubernetes
provider can be used to apply a Helm chart. We assume thatcronjob-backup-jenkins
is a Helm chart that's available in a public repository; you'll need to specify the repository URL. If the chart is in a private repository, you would need to configure access credentials.Now, let's write the program:
import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure-native"; import * as k8s from "@pulumi/kubernetes"; import * as azuread from "@pulumi/azuread"; import { Input } from "@pulumi/pulumi"; // Create an Azure Resource Group const resourceGroup = new azure.resources.ResourceGroup("aksResourceGroup"); // Define the default node pool profile const defaultNodePool: Input<azure.containerservice.AgentPoolProfileArgs> = { name: "agentpool", count: 1, vmSize: azure.containerservice.VMSizeTypes.Standard_DS2_v2, }; // Create an AKS cluster const cluster = new azure.containerservice.ManagedCluster("aksCluster", { resourceGroupName: resourceGroup.name, agentPoolProfiles: [defaultNodePool], dnsPrefix: `${pulumi.getStack()}-kube`, // Assuming we have a service principal (see Azure AD setup below) servicePrincipal: { clientId: adApp.applicationId, clientSecret: adSpPassword.value, }, kubernetesVersion: "1.20.7", // specify the desired Kubernetes version }); // Create a Kubernetes provider linked to the AKS cluster const clusterProvider = new k8s.Provider("clusterProvider", { kubeconfig: cluster.kubeConfigRaw, }); // Instantiate the Helm chart for the cronjob const cronJobChart = new k8s.helm.v3.Chart("cronjob-backup-jenkins", { chart: "cronjob-backup-jenkins", // You need to provide the proper repository URL or local path here fetchOpts: { repo: "http://your-helm-chart-repository/" }, }, { provider: clusterProvider }); export const kubeconfig = cluster.kubeConfigRaw;
Explanation
- Resource Group: All Azure resources need a resource group; it's a way to organize resources in Azure.
- AKS Cluster: This is the Kubernetes cluster managed by Azure. You need to specify details like the DNS prefix, the node pool profile, and the service principal details for the cluster.
- Kubernetes Provider: This is what Pulumi uses to communicate with the Kubernetes cluster. We get the kubeconfig from the AKS cluster to set it up.
- Helm Chart: We use the
k8s.helm.v3.Chart
class from Pulumi’s Kubernetes SDK to represent the Helm chart we want to install. We specify the chart name (which must be the same as in the Helm repository) and the repository URL.
Azure AD Service Principal Setup (Prerequisite)
For Azure Kubernetes Service to interact successfully with Azure APIs, it requires an Azure AD service principal. Below is a skeleton setup of how you can create a service principal. In a real-world scenario, you should handle secrets more cautiously using the Pulumi Config or Azure KeyVault.
// Create a new Azure AD application const adApp = new azuread.Application("adApp"); // Create a service principal for the application const adSp = new azuread.ServicePrincipal("adSp", { applicationId: adApp.applicationId, }); // Create a new service principal password const adSpPassword = new azuread.ServicePrincipalPassword("adSpPassword", { servicePrincipalId: adSp.id, endDate: "2099-01-01T00:00:00Z", }); // Now the `clientId` is `adApp.applicationId` and the `clientSecret` is `adSpPassword.value`
Make sure to replace
"http://your-helm-chart-repository/"
with the actual repository URL where thecronjob-backup-jenkins
Helm chart is hosted.The exported
kubeconfig
would be the one you can use withkubectl
to interface directly with your Kubernetes cluster.Next Steps
- Configure your Helm chart values, if you have any custom configurations to apply. This can be done by adding a
values
property to thecronJobChart
instantiation. - If your Helm chart requires you to be logged into Azure Container Registry or any other private registry, ensure to create a Kubernetes
Secret
with the registry credentials and reference it in your Helm chart values.
Remember to run
pulumi up
to build and deploy your infrastructure. And that's it! You have now defined an AKS cluster with Pulumi and deployed thecronjob-backup-jenkins
Helm chart to it.