Deploy the argocd-app-bootstrap helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the `argocd-app-bootstrap` Helm chart on Azure Kubernetes Service (AKS), you will create an AKS cluster and then use the Pulumi Kubernetes provider to deploy the Helm chart onto the cluster.

Here's a step-by-step guide and a corresponding Pulumi program written in TypeScript:

1. **Set up your Pulumi project:** You need to have a Pulumi project set up. If you've not done that already, use the Pulumi CLI to create a new project.

2. **Create AKS Cluster:** First, we'll declare a resource for the AKS cluster using the `azure-native` Pulumi provider, which corresponds to the Azure Resource Manager (ARM) APIs.

3. **Deploy Helm Chart to AKS:** Once the AKS cluster is up and running, we'll then declare a Helm chart resource using the `@pulumi/kubernetes` provider. This step assumes you have Helm CLI installed and configured.

Below is the Pulumi TypeScript program:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Create an AKS cluster.
const resourceGroup = new azure.resources.ResourceGroup("myResourceGroup");

const cluster = new azure.containerservice.ManagedCluster("myAKSCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "myakscluster",
    enableRBAC: true,
    kubernetesVersion: "1.20.7",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa ...", // Replace with your SSH public key
            }],
        },
    },
    nodeResourceGroup: `MC_${resourceGroup.name}_myAKSCluster_${pulumi.getLocation()}`,
    resourceGroupName: resourceGroup.name,
});

// Export the cluster's kubeconfig.
export const kubeconfig = pulumi.
    all([cluster.name, resourceGroup.name]).
    apply(([clusterName, rgName]) => {
        return azure.containerservice.listManagedClusterUserCredentials({
            resourceGroupName: rgName,
            resourceName: clusterName,
        });
    }).
    apply(creds => {
        const encoded = creds.kubeconfigs[0].value;
        return Buffer.from(encoded, 'base64').toString('utf-8');
    });

// Step 2: Deploy the `argocd-app-bootstrap` Helm chart on the AKS cluster.
const argoCDChart = new k8s.helm.v3.Chart("argocd-app-bootstrap", {
    chart: "argo-cd",
    version: "2.11.0", // specify the version of the Helm chart
    fetchOpts: {
        repo: "https://argoproj.github.io/argo-helm", // the repository URL of the Helm chart
    },
    // Values from a local file can alternatively be used by specifying `valuesFiles`.
    values: {
        server: {
            service: {
                type: "LoadBalancer",
            },
        },
    },
}, { provider: new k8s.Provider("k8s-provider", { kubeconfig }) });

// Export the public IP address of the Argo CD server.
export const argoCDServerIp = argoCDChart
    .getResourceProperty("v1/Service", "argo-cd/argocd-server", "status")
    .apply(status => status.loadBalancer.ingress[0].ip);
```

Make sure to replace `"ssh-rsa ..."` with your actual SSH public key.

### Explanation

- We start by importing the required Pulumi packages.
- We then create a new resource group for our AKS deployment.
- We define the AKS cluster with two nodes (`agentPoolProfiles`), enabling RBAC, specifying the Kubernetes version, and setting up SSH access (`linuxProfile`).
- We export the `kubeconfig` so that we can interact with the AKS cluster using `kubectl` or any Kubernetes client.
- Next, we declare a Helm chart resource for deploying Argo CD, specifying the chart version and the Helm repository URL.
- We configure the Helm chart to use a LoadBalancer service so that Argo CD is accessible over the internet.
- Finally, we export the public IP address of the Argo CD server so we can access the Argo CD UI.

### Importing the SSH public key
Ensure that you have an SSH public key that is allowed to access the AKS cluster. This key should be in the RSA format and begin with "ssh-rsa ...".

### Deploying the Helm chart
The program uses Pulumi's Helm support to deploy `argocd-app-bootstrap`. It references the Helm repository and specifies a version of the chart to use. You can modify the `values` to customize the installation of Argo CD.

### Accessing Argo CD
Once the deployment is complete, you will be able to access the Argo CD dashboard using the exported public IP address. If DNS settings need to be configured to point to this IP address, please set up the appropriate DNS A records or use an external DNS service.

To apply this Pulumi program:

1. Save the code in a file `index.ts` within your Pulumi project directory.
2. Ensure you are logged into Pulumi and Azure (`az login`).
3. Run `pulumi up` to preview and deploy the changes.

Remember to check the versions of the Azure provider and Helm chart; as of my knowledge cutoff in February 2024, the versions used here might need updating. Consult the official Pulumi package and Helm chart repositories for the latest versions.