Deploy the cronjob-backup-jenkins helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the `cronjob-backup-jenkins` Helm chart on Azure Kubernetes Service (AKS), you'll need to create an AKS cluster and then use the Helm chart to deploy your application. We'll walk through the process with Pulumi in TypeScript, explaining each step as we go.

### Step 1: Set Up AKS Cluster

First, you will need to create an AKS cluster. In this program, we define an AKS cluster using the `azure-native:containerservice:ManagedCluster` resource. You'll need to specify the necessary properties such as the resource group name, cluster name, and the properties relevant to an AKS cluster such as the agent pool profile.

### Step 2: Install Helm Chart

Once the cluster is set up, you'll need to install the Helm chart to the AKS cluster. Pulumi's `kubernetes` provider can be used to apply a Helm chart. We assume that `cronjob-backup-jenkins` is a Helm chart that's available in a public repository; you'll need to specify the repository URL. If the chart is in a private repository, you would need to configure access credentials.

Now, let's write the program:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import { Input } from "@pulumi/pulumi";

// Create an Azure Resource Group
const resourceGroup = new azure.resources.ResourceGroup("aksResourceGroup");

// Define the default node pool profile
const defaultNodePool: Input<azure.containerservice.AgentPoolProfileArgs> = {
    name: "agentpool",
    count: 1,
    vmSize: azure.containerservice.VMSizeTypes.Standard_DS2_v2,
};

// Create an AKS cluster
const cluster = new azure.containerservice.ManagedCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [defaultNodePool],
    dnsPrefix: `${pulumi.getStack()}-kube`,
    // Assuming we have a service principal (see Azure AD setup below)
    servicePrincipal: {
        clientId: adApp.applicationId,
        clientSecret: adSpPassword.value,
    },
    kubernetesVersion: "1.20.7", // specify the desired Kubernetes version
});

// Create a Kubernetes provider linked to the AKS cluster
const clusterProvider = new k8s.Provider("clusterProvider", {
    kubeconfig: cluster.kubeConfigRaw,
});

// Instantiate the Helm chart for the cronjob
const cronJobChart = new k8s.helm.v3.Chart("cronjob-backup-jenkins", {
    chart: "cronjob-backup-jenkins",
    // You need to provide the proper repository URL or local path here
    fetchOpts: { repo: "http://your-helm-chart-repository/" },
}, { provider: clusterProvider });

export const kubeconfig = cluster.kubeConfigRaw;
```

### Explanation

- **Resource Group**: All Azure resources need a resource group; it's a way to organize resources in Azure.
- **AKS Cluster**: This is the Kubernetes cluster managed by Azure. You need to specify details like the DNS prefix, the node pool profile, and the service principal details for the cluster.
- **Kubernetes Provider**: This is what Pulumi uses to communicate with the Kubernetes cluster. We get the kubeconfig from the AKS cluster to set it up.
- **Helm Chart**: We use the `k8s.helm.v3.Chart` class from Pulumi’s Kubernetes SDK to represent the Helm chart we want to install. We specify the chart name (which must be the same as in the Helm repository) and the repository URL.

### Azure AD Service Principal Setup (Prerequisite)

For Azure Kubernetes Service to interact successfully with Azure APIs, it requires an Azure AD service principal. Below is a skeleton setup of how you can create a service principal. In a real-world scenario, you should handle secrets more cautiously using the Pulumi Config or Azure KeyVault.

```typescript
// Create a new Azure AD application
const adApp = new azuread.Application("adApp");

// Create a service principal for the application
const adSp = new azuread.ServicePrincipal("adSp", {
    applicationId: adApp.applicationId,
});

// Create a new service principal password
const adSpPassword = new azuread.ServicePrincipalPassword("adSpPassword", {
    servicePrincipalId: adSp.id,
    endDate: "2099-01-01T00:00:00Z",
});

// Now the `clientId` is `adApp.applicationId` and the `clientSecret` is `adSpPassword.value`
```

Make sure to replace `"http://your-helm-chart-repository/"` with the actual repository URL where the `cronjob-backup-jenkins` Helm chart is hosted.

The exported `kubeconfig` would be the one you can use with `kubectl` to interface directly with your Kubernetes cluster.

### Next Steps

- Configure your Helm chart values, if you have any custom configurations to apply. This can be done by adding a `values` property to the `cronJobChart` instantiation.
- If your Helm chart requires you to be logged into Azure Container Registry or any other private registry, ensure to create a Kubernetes `Secret` with the registry credentials and reference it in your Helm chart values.

Remember to run `pulumi up` to build and deploy your infrastructure. And that's it! You have now defined an AKS cluster with Pulumi and deployed the `cronjob-backup-jenkins` Helm chart to it.