Deploy the strimzi-topic-operator helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Strimzi Kafka Topic Operator Helm chart on Azure Kubernetes Service (AKS), you need to take the following steps:

1. **Set up an AKS Cluster**: Before deploying the Helm chart, you need to have an AKS cluster running. If you don't have one, you will need to create it.
   
2. **Install the Helm Chart**: Helm charts are packages that contain pre-configured Kubernetes resources. They are a great way to deploy and manage applications on Kubernetes clusters. The Strimzi Kafka Topic Operator Helm chart contains all the necessary Kubernetes resources to run Strimzi and manage Kafka topics within a Kubernetes cluster.

Now, let's dig into the Pulumi code to perform these steps. I'll guide you through creating an AKS cluster and then deploying the Strimzi Kafka Topic Operator Helm chart to it.

Here's the TypeScript Pulumi program to deploy the Strimzi Topic Operator on AKS:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";

// Create an Azure Resource Group
const resourceGroup = new azure.core.ResourceGroup("aksResourceGroup", {
    location: "East US",
});

// Create an Azure AD Application for AKS
const app = new azuread.Application("aks", {});

// Create a Service Principal for the Application
const sp = new azuread.ServicePrincipal("aksSp", {
    applicationId: app.applicationId,
});

// Create the Service Principal Password
const spPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: sp.id,
    value: "password", // Replace with an actual strong password.
    endDate: "2099-01-01T00:00:00Z", // Adjust to an appropriate expiration date.
});

// Create an AKS cluster
const aksCluster = new azure.containerservice.KubernetesCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    location: resourceGroup.location,
    agentPoolProfiles: [{
        name: "aksagentpool",
        count: 2,
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "aksk8s",
    linuxProfile: {
        adminUsername: "adminuser",
        sshKey: {
            keyData: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCe0tiGH...", // Replace with your SSH public key.
        },
    },
    servicePrincipal: {
        clientId: app.applicationId,
        clientSecret: spPassword.value,
    },
    kubernetesVersion: "1.18.14",
});

// Export the AKS cluster's kubeconfig
export const kubeconfig = aksCluster.kubeConfigRaw;

// Create a Kubernetes Provider
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: aksCluster.kubeConfigRaw,
});

// Deploy the Strimzi Topic Operator Helm Chart
const strimziTopicOperator = new k8s.helm.v3.Chart("strimzi-topic-operator", {
    chart: "strimzi-kafka-operator",
    version: "0.20.0", // Specify the version of the chart you want to deploy
    fetchOpts: {
        repo: "https://strimzi.io/charts/",
    },
}, { provider: k8sProvider });

```

Here's the breakdown of what the above code is doing:

1. **Create an Azure Resource Group** - The resource group is a container that holds related resources for an Azure solution. In this case, it's used to hold the AKS resources.

2. **Create an Azure AD Application and a Service Principal** - An application in Azure AD is required to define the service principal's role assignments. The service principal is vital as it allows the AKS cluster to interact securely with Azure APIs.

3. **Create an AKS Cluster** - The `KubernetesCluster` resource defines the AKS cluster. The `agentPoolProfiles` section defines the size and number of nodes, while the `linuxProfile` section adds your SSH public key for security.

4. **Extract the kubeconfig** - We export the kubeconfig of the AKS cluster, which gives you the necessary authentication to interact with the cluster via `kubectl`.

5. **Create a Kubernetes Provider** - A Kubernetes Provider in Pulumi is used to interact with the AKS cluster. This provider uses the kubeconfig that we got from the AKS cluster.

6. **Deploy the Helm Chart** - We declare a `Chart` resource which tells Pulumi to deploy the specified Helm chart.

Please remember to replace placeholder strings like `password`, and the SSH public key with your own secure values. The `kubeconfig` is exported, which you can use to interact with your cluster using `kubectl`.

After the Pulumi program runs, you should have an AKS cluster running with the Strimzi Kafka Topic Operator installed. To apply this Pulumi program, save the code to a file (e.g., `index.ts`), run `pulumi up`, and follow the prompts.

Use the exported `kubeconfig` output to configure `kubectl`, allowing you to interact with your cluster:

```bash
export KUBECONFIG=./kubeconfig.json
kubectl get nodes
kubectl get pods -n strimzi-kafka-operator
```

You can then use `kubectl` to manage your Kafka topics and observe the status of the Strimzi Topic Operator within AKS.