Deploy the sumologic-fluentd helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Sumo Logic Fluentd Helm chart on an Azure Kubernetes Service (AKS) cluster using Pulumi, you'll need to perform several steps:

1. Set up an AKS cluster if you don't already have one.
2. Install the Helm chart onto your AKS cluster.

For this task, we'll focus on using Pulumi with TypeScript, which allows you to define your infrastructure in a strongly-typed functional language which then gets transpiled to JavaScript during deployment.

Below is the Pulumi TypeScript code that accomplishes this:

1. **Create an AKS cluster**:
   - We'll define an AKS cluster using the `azure-native:containerservice:ManagedCluster` resource from the Pulumi Azure Native provider.
   - We'll also set up a default node pool for our AKS cluster. This is a collection of nodes, which are the VMs where your Kubernetes pods will run.

2. **Install the Fluentd Helm Chart**:
   - We will use the `kubernetes.helm.v3.Chart` class from the Pulumi Kubernetes provider to deploy the Helm chart.
   - A Helm chart is a package of pre-configured Kubernetes resources. You can install and manage Helm charts with the Helm tool, but Pulumi allows you to do this within their API, which provides more integrated management experience.

Here's how you can do this:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azuread from "@pulumi/azuread";
import * as azure from "@pulumi/azure";
import * as containerservice from "@pulumi/azure-native/containerservice";
import * as resources from "@pulumi/azure-native/resources";
import * as helm from "@pulumi/kubernetes/helm";

// Create a resource group for the AKS cluster
const resourceGroup = new resources.ResourceGroup("aksResourceGroup");

// Create an AD service principal for the AKS cluster
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", { applicationId: adApp.applicationId });
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: adSp.id,
    endDate: "2099-01-01T00:00:00Z",
});

// Now create the AKS cluster
const cluster = new containerservice.ManagedCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "aksk8s",
    enableRBAC: true,
    kubernetesVersion: "1.21.2",
    linuxProfile: {
        adminUsername: "aksuser",
        ssh: {
            publicKeys: [{
                keyData: sshPublicKey, // provide your SSH public key string here
            }],
        },
    },
    servicePrincipalProfile: {
        clientId: adApp.applicationId,
        secret: adSpPassword.value,
    },
});

// Grant access to the AKS cluster
const creds = pulumi.output(containerservice.listManagedClusterUserCredentials({
    resourceGroupName: resourceGroup.name,
    resourceName: cluster.name,
}));

const encoded = creds.kubeconfigs[0].value;
export const kubeconfig = encoded.apply(e => Buffer.from(e, 'base64').toString());

// Deploy the fluentd Helm chart on the AKS cluster using the kubeconfig
const fluentdChart = new helm.v3.Chart("fluentd-chart", {
    chart: "sumologic-fluentd",
    version: "1.1.0", // specify the version of the Helm chart
    fetchOpts: {
        repo: "https://sumologic.github.io/sumologic-kubernetes-collection/", // the Helm chart repository URL
    },
}, { provider: new k8s.Provider("k8s-provider", { kubeconfig }) });

// Export the kubeconfig and the Helm chart resources
export const fluentdResources = fluentdChart.resources;
```

Make sure to replace the `sshPublicKey` variable with the actual SSH public key string for the AKS cluster's admin user.

In the code above, we start by importing the required modules (`pulumi`, `azuread`, `azure`, `containerservice`, `resources`, and `helm`). Then, we create a resource group and an Azure AD service principal, which are prerequisites for creating an AKS cluster. Next, we define the AKS cluster with a single default node pool and specify the Kubernetes version and other configuration details as needed.

After the cluster is created, we use the Pulumi program to retrieve the kubeconfig that is required to communicate with the AKS cluster. It is essential to handle the `kubeconfig` securely since it provides administrative access to your Kubernetes cluster.

The last part of the code defines the Helm chart deployment for Sumo Logic Fluentd. The `helm.v3.Chart` resource is used to deploy the chart from the specified Helm repository to the AKS cluster we just created.

Finally, we export the `kubeconfig` and the resources created by the Helm chart to interact with our cluster and Fluentd outside of Pulumi, if needed.

This program defines the desired state of your infrastructure, and when you run it with Pulumi, the service will handle the necessary API calls to Azure to create and configure the AKS cluster, and to Kubernetes to install the Sumo Logic Fluentd Helm chart.