Deploy the rook-cluster helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the `rook-cluster` Helm chart on an Azure Kubernetes Service (AKS) cluster using Pulumi, you'll follow these steps:

1. Create an AKS cluster: This involves setting up an AKS cluster with the necessary configurations such as node size, node count, and Kubernetes version.
2. Install Helm and Tiller onto the cluster: Tiller is the server-side component Helm talks to. We will be using Helm 3 which does not need Tiller installed, so we can skip Tiller setup.
3. Deploy the `rook-cluster` Helm chart: You will write the Pulumi code that specifies the Helm chart to be deployed, including the chart name, version, and any custom values you want to provide.

Before moving to the code, here's a brief explanation of the Pulumi resources you will use:

- `azure-native.containerservice.ManagedCluster`: This resource is used to define and manage an AKS cluster within Azure.
- `kubernetes.helm.v3.Chart`: Represents a Helm chart in a Kubernetes cluster. With Pulumi, you can deploy a Helm chart into a cluster directly.

Now, let's write the Pulumi TypeScript code to achieve your goal:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure-native";
import * as kubernetes from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";

// Step 1: Create an AKS cluster in Azure

// Creating a new resource group
const resourceGroup = new azure.resources.ResourceGroup("aksResourceGroup");

// Creating an AD service principal for the AKS cluster
const adApp = new azuread.Application("aks");
const adSp = new azuread.ServicePrincipal("aksSp", { applicationId: adApp.applicationId });

// Create the AD service principal password
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: adSp.id,
    endDate: "2099-01-01T00:00:00Z",
});

// Now we can create the AKS cluster
const cluster = new azure.containerservice.ManagedCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: `${pulumi.getStack()}-kube`,
    linuxProfile: {
        adminUsername: "aksuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3bxx...",
            }],
        },
    },
    servicePrincipalProfile: {
        clientId: adApp.applicationId,
        secret: adSpPassword.value,
    },
});

// Export the cluster's kubeconfig
export const kubeconfig = cluster.kubeConfigRaw;

// Step 2: Install the Rook Ceph operator using Helm

// Use the AKS cluster kubeconfig to communicate with the cluster
const k8sProvider = new kubernetes.Provider("k8sProvider", {
    kubeconfig: cluster.kubeConfigRaw,
});

// Install the Rook Ceph Helm chart into the AKS cluster
const rookCluster = new kubernetes.helm.v3.Chart("rook-ceph", {
    chart: "rook-ceph",
    repo: "https://charts.rook.io/release",
    version: "1.5.9",
}, { provider: k8sProvider });

// Export the Helm chart's resources
export const rookResources = rookCluster.resources;
```

This code does the following:

- Defines a Pulumi project with the necessary imports at the top.
- Creates a new resource group for our AKS cluster.
- Sets up an Azure Active Directory application and service principal for AKS, which is required for AKS to manage resources within Azure on your behalf.
- Creates a new AKS cluster with two nodes of type `Standard_DS2_v2`.
- Exports the raw Kubernetes configuration to interact with your AKS cluster; this is necessary for configuring the Kubernetes provider.
- Installs the Rook Ceph chart using Helm into this AKS cluster and exports the resources that the Helm chart creates.

Please replace the placeholder SSH public key (`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3bxx...`) with your actual SSH public key. You can generate a new SSH key pair if you don't already have one.

After populating the `kubeconfig`, the script uses it to set up a Kubernetes provider, which allows Pulumi to communicate with your AKS cluster.

The `rook-ceph` Helm chart is then deployed to the AKS cluster using this provider. You can customize the `chart`, `repo`, and `version` parameters based on the specific version of the Rook Ceph chart you wish to deploy. The `rookResources` are exported so you can see the details of the resources created by Helm in the Pulumi console.