Deploy the provider-hcloud helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

Deploying a Helm chart from an external provider such as Hetzner (`hcloud`) onto an Azure Kubernetes Service (AKS) cluster requires several steps. We'll use Pulumi to create an AKS cluster, and then deploy the `hcloud` Helm chart onto it.

Here is what we are going to do:
1. Create an AKS cluster using the `azure-native` library.
2. Set up the Helm chart repository that contains the `hcloud` chart.
3. Use the Kubernetes provider and the Helm chart resource to deploy the `hcloud` chart to the Kubernetes cluster.

To accomplish the above, you'll need to have Azure credentials set up and configured for Pulumi to use. Ensure that you're logged into Azure with the `az` CLI and have selected the appropriate subscription where you want to deploy your resources.

Below is a Pulumi program written in TypeScript that creates an AKS cluster and deploys a Helm chart to it. Please note that without access to the exact `hcloud` Helm chart, I will outline the steps with a placeholder chart, and you will need to replace it with the actual chart details.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
import * as k8s from "@pulumi/kubernetes";
import * as azureNative from "@pulumi/azure-native";

// Create a new resource group
const resourceGroup = new azure.core.ResourceGroup("aksResourceGroup");

// Create an Azure AD application for AKS
const adApp = new azuread.Application("aks");

// Create a service principal for the Azure AD application
const adSp = new azuread.ServicePrincipal("aksSp", {
    applicationId: adApp.applicationId,
});

// Create the AKS cluster
const k8sCluster = new azure.containerservice.KubernetesCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    defaultNodePool: {
        name: "akspool",
        nodeCount: 2,
        vmSize: azure.containerservice.KubernetesClusterDefaultNodePoolArgsVmSize.StandardDs2V2,
    },
    dnsPrefix: "akscluster",
    linuxProfile: {
        adminUsername: "aksuser",
        sshKey: {
            keyData: "your_public_key",
        },
    },
    servicePrincipal: {
        clientId: adApp.applicationId,
        clientSecret: adSp.password,
    },
    kubernetesVersion: "1.18.14",
});

// Export the kubeconfig file for the AKS cluster
export const kubeconfig = k8sCluster.kubeConfigRaw;

// Create a Kubernetes provider instance that uses the kubeconfig from our AKS cluster
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Deploy the Helm chart for hcloud using the Kubernetes provider we created
const hcloudChart = new k8s.helm.v3.Chart("hcloud-chart", {
    repo: "your_repo_name",
    chart: "hcloud",
    version: "your_chart_version", // specify the chart version here
    // values here reflect your particular configuration for hcloud,
    // replace these with the actual values required for the hcloud Helm chart
    values: {
        serviceType: "LoadBalancer",
        // ... more configuration values
    },
}, { provider: k8sProvider });

// Export the endpoint of the load balancer created by the Helm chart, if applicable
export const hcloudEndpoint = hcloudChart.getResourceProperty("v1/Service", "hcloud-service", "status").apply(status => status.loadBalancer.ingress[0].ip);
```

Let's go through the important parts of the code:

- We start by creating a resource group to hold our AKS cluster resources.
- We then create an Azure AD application and service principal which AKS uses to interact with other Azure services under the hood.
- Next, we create the AKS cluster itself. In the `defaultNodePool`, you can adjust the `nodeCount` and `vmSize` to match the requirements of your `hcloud` chart and expected workload.
- Once the cluster is created, we export the `kubeconfig` which allows us to interact with the cluster using the Kubernetes API.
- With the `kubeconfig`, we instantiate a Pulumi Kubernetes provider to manage the Kubernetes resources.
- We deploy the Helm chart by creating a `Chart` resource. Since we don't have the exact repository nor the chart details, you would need to replace `"your_repo_name"`, `"hcloud"`, and `"your_chart_version"` with the actual details of the `hcloud` Helm chart.
- Lastly, we export the load balancer endpoint if the `hcloud` service type is a load balancer. You will need to adjust the resource type (`v1/Service`) and name (`hcloud-service`) to match the details specified in your Helm chart.

You can run this Pulumi program by saving it to a file named `index.ts`, ensuring you have all the node modules installed (`@pulumi/pulumi`, `@pulumi/azure`, `@pulumi/azuread`, `@pulumi/kubernetes`, and `@pulumi/azure-native`), and then running `pulumi up`. Remember to provide your SSH public key at the `sshKey.keyData` property and fill in the repository and chart details for `hcloud`.