Deploy the keda-add-ons-http helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

Deploying a Helm chart on an Azure Kubernetes Service (AKS) cluster using Pulumi involves several steps:

1. **Set up the AKS cluster**: This is where you would define the AKS cluster infrastructure, including its node pools, networking, identity, and so on.
2. **Deploy the Helm chart**: After setting up the AKS cluster, you would use Pulumi's Helm Chart resource to deploy the `keda-add-ons-http` chart on the AKS cluster.

Below is a TypeScript program using Pulumi to accomplish the above steps. The program will:

- Provision an AKS cluster.
- Deploy the `keda-add-ons-http` Helm chart on the newly created AKS cluster.

Keep in mind that, for this code to work, you should have the Azure CLI installed and configured with the appropriate permissions, and Pulumi CLI installed on your machine.

First, let's install the necessary Pulumi packages for AKS and Helm:

```bash
pulumi plugin install resource azure-native 2.11.0
pulumi plugin install resource kubernetes 4.4.0
```

Now, let's look at the program:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azureNative from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";

// Create a new Azure resource group
const resourceGroup = new azureNative.resources.ResourceGroup("myResourceGroup");

// Create an AD service principal
const adApp = new azuread.Application("myAdApp");
const adSp = new azuread.ServicePrincipal("myAdSp", { applicationId: adApp.applicationId });

const adSpPassword = new azuread.ServicePrincipalPassword("myAdSpPassword", {
    servicePrincipalId: adSp.id,
    value: "a-secure-password",
    endDate: "2099-01-01T00:00:00Z",
});

// Now let's create the AKS cluster
const cluster = new azureNative.containerservice.ManagedCluster("myAKSCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "myakscluster",
    enableRBAC: true,
    kubernetesVersion: "1.18.14",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa AAA...",
            }],
        },
    },
    servicePrincipalProfile: {
        clientId: adApp.applicationId,
        secret: adSpPassword.value,
    },
});

// Export the cluster's kubeconfig
export const kubeconfig = pulumi
    .all([cluster.name, resourceGroup.name])
    .apply(([clusterName, rgName]) => {
        return azureNative.containerservice.listManagedClusterUserCredentials({
            resourceGroupName: rgName,
            resourceName: clusterName,
        }).then(creds => {
            const encoded = creds.kubeconfigs[0].value;
            return Buffer.from(encoded, "base64").toString();
        });
    });

// Using a k8s provider to connect to the AKS cluster
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Finally, deploy the KEDA HTTP add-on via a Helm Chart
const kedaHttpAddonChart = new k8s.helm.v3.Chart("keda-http-addon", {
    chart: "keda-add-ons-http",
    version: "1.0.0", // replace with the actual chart version
    fetchOpts: {
        repo: "https://kedacore.github.io/charts", // replace with the actual Helm chart repository
    },
}, { provider: k8sProvider });

// Export the KEDA HTTP add-on Helm release status
export const kedaHttpAddonStatus = kedaHttpAddonChart.status;

```

### Explanation:

- Import the required Pulumi packages for interacting with Azure and Kubernetes.
- Create an Azure resource group to hold the AKS-related resources.
- Set up an Azure Active Directory (AD) application and service principal which will be used by AKS for interaction with other Azure services.
- Provision an AKS cluster with the `ManagedCluster` resource. The `agentPoolProfiles` defines the VM sizes and count for your nodes, while the `servicePrincipalProfile` specifies the AD service principal credentials for the cluster.
- Use `listManagedClusterUserCredentials` to retrieve the necessary credentials to access the AKS cluster programmatically.
- Create an instance of the Pulumi Kubernetes provider configured to use the AKS cluster's `kubeconfig`.
- Deploy the `keda-add-ons-http` Helm chart using the `Chart` resource. Ensure the version and repo are set to the correct values where the chart is hosted.
- Export outputs such as `kubeconfig` and `kedaHttpAddonStatus` that you can use to interact with the AKS cluster and check the status of the Helm release.

Make sure to replace placeholder strings like `ssh-rsa AAA...` with your actual SSH public key and set a secure password for the AD service principal password. This code assumes that you are using Pulumi's automation API or the Pulumi CLI to execute this program.

After deploying this program with Pulumi, you will have a running AKS cluster along with the KEDA HTTP add-on deployed. The `kubeconfig` output can be used to access the cluster using `kubectl`, and the `kedaHttpAddonStatus` output will tell you if the Helm release is successfully deployed.