Deploy the kubernetes-dashboard-1-7 helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

Deploying the Kubernetes Dashboard on Azure Kubernetes Service (AKS) via a Helm chart involves several steps, including setting up the AKS cluster, installing Helm on your machine (if not already installed), adding the necessary Helm chart repository, and finally deploying the chart to your AKS cluster. We will use Pulumi for these tasks because Pulumi enables you to define infrastructure as code using familiar programming languages, providing a consistent workflow for managing resources across different cloud providers.

Below you will find a Pulumi program in TypeScript that completes these tasks. Before running this code, make sure you have installed the Pulumi CLI and have an authenticated Azure account. Your environment must also have Node.js installed to run TypeScript programs.

### Detailed Explanation

1. `azure-native.containerservice.ManagedCluster`: This is the Pulumi resource that creates the Azure Kubernetes Service (AKS) cluster. 
2. `kubernetes.helm.v3.Chart`: This Pulumi resource is from the `@pulumi/kubernetes` package and represents a Helm chart deployment on Kubernetes. We will utilize it to deploy the Kubernetes dashboard.

The following TypeScript code sets up an AKS cluster and deploys the Kubernetes Dashboard:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Create a Resource Group
const resourceGroup = new azure.resources.ResourceGroup("myResourceGroup");

// Create an AKS cluster
const cluster = new azure.containerservice.ManagedCluster("myAKSCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 1,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "myakscluster",
    enableRBAC: true,
    kubernetesVersion: "1.18.14",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa ABCD1234... user@example.com"
            }],
        },
    },
    nodeResourceGroup: "myaksnodegroup",
    servicePrincipalProfile: {
        clientId: "use-a-service-principal-id",
        secret: "use-a-service-principal-secret",
    },
});

// Export the kubeconfig
export const kubeconfig = pulumi.
    all([cluster.name, resourceGroup.name]).
    apply(([clusterName, rgName]) => {
        return azure.containerservice.listManagedClusterUserCredentials({
            resourceGroupName: rgName,
            resourceName: clusterName,
        });
    }).
    apply(creds => {
        const encoded = creds.kubeconfigs[0].value;
        const kubeconfig = Buffer.from(encoded, 'base64').toString();
        return kubeconfig;
    });

// Create a Kubernetes provider instance using the kubeconfig
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Deploy the Kubernetes dashboard using Helm
const dashboardChart = new k8s.helm.v3.Chart("kubernetes-dashboard", {
    chart: "kubernetes-dashboard",
    version: "1.7.1",
    fetchOpts: {
        repo: "https://kubernetes.github.io/dashboard/",
    },
}, { provider: k8sProvider });

// Export the Dashboard ingress IP to access it
export const dashboardIP = dashboardChart.getResourceProperty("v1/Service", "kubernetes-dashboard", "status")
    .apply(status => status.loadBalancer.ingress[0].ip);
```

Make sure to replace the placeholder fields of `adminUsername`, `keyData`, `clientId`, and `secret` with your actual values for the AKS cluster. For the SSH public key (`keyData`), you can generate a new SSH key pair or use an existing one.

After running this program with Pulumi CLI, you will receive output that contains the kubeconfig for the AKS cluster and the external IP address for the Kubernetes Dashboard service. Use the kubeconfig to configure `kubectl` and access the cluster, and navigate to the `dashboardIP` in your web browser to access the Kubernetes Dashboard.

Please note that exposing the Kubernetes Dashboard publicly is not recommended for production environments due to security considerations. Consider setting up an ingress controller with proper authentication and authorization for secure access.

This code is ready to run and will provision the required resources in your Azure account. Just execute it using the Pulumi CLI with `pulumi up`. Remember to destroy the resources when you no longer need them with `pulumi destroy` to avoid incurring unwanted costs.