Deploy the check-mk helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Check_MK Helm chart on Azure Kubernetes Service (AKS), we will go through several steps:

1. Create an AKS cluster using the `azure-native.containerservice.ManagedCluster` resource from the `azure-native` provider.
2. Install the Helm chart for Check_MK onto the AKS cluster.

Before doing this, you need to have Pulumi installed and configured for TypeScript, the `azure-native` Pulumi provider set up, and Helm installed on your local machine to manage the deployment of the chart.

The Check_MK Helm chart is not available directly in the Azure or Pulumi registries; therefore, we'll need to use the `kubernetes.helm.v3.Chart` resource from the `kubernetes` provider to install the Check_MK Helm chart from an external Helm repository onto the AKS cluster.

Here's a Pulumi program in TypeScript that performs these steps:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as kubernetes from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import * as random from "@pulumi/random";

// Step 1: Create an Azure Resource Group
const resourceGroup = new azure_native.resources.ResourceGroup("rg");

// Step 2: Create an Azure AD application for the AKS cluster
const aksApp = new azuread.Application("aksApp");

// Step 3: Create a Service Principal for the AKS cluster
const aksSp = new azuread.ServicePrincipal("aksSp", {
    applicationId: aksApp.applicationId,
});

// Step 4: Generate a random password for the Service Principal
const aksSpPassword = new random.RandomPassword("aksSpPassword", {
    length: 20,
    special: true,
});

// Step 5: Create a Service Principal Password
const aksSpPasswordValue = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: aksSp.id,
    value: aksSpPassword.result,
    endDate: "2099-01-01T00:00:00Z",
});

// Step 6: Create the AKS cluster
const aksCluster = new azure_native.containerservice.ManagedCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 3,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        vmSize: "Standard_DS2_v2",
        osType: "Linux",
    }],
    dnsPrefix: "aksk8s",
    servicePrincipalProfile: {
        clientId: aksApp.applicationId,
        secret: aksSpPasswordValue.value,
    },
    kubernetesVersion: "1.18.14",
    linuxProfile: {
        adminUsername: "aksuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa YOUR_SSH_PUBLIC_KEY",
            }],
        },
    },
});

// Export the kubeconfig for the AKS cluster
export const kubeconfig = aksCluster.kubeConfig;

// Step 7: Use the Kubeconfig to create a Kubernetes provider instance
const k8sProvider = new kubernetes.Provider("k8sProvider", {
    kubeconfig: aksCluster.kubeConfig.apply(JSON.stringify),
});

// Step 8: Install the Check_MK Helm chart on the AKS cluster
const checkMkChart = new kubernetes.helm.v3.Chart("check-mk", {
    fetchOpts: {
        // Replace with the correct repo URL and chart name if they differ
        repo: "https://checkmk.com/",
        version: "1.0", // specify the version you wish to use
    },
    chart: "check-mk",
    // Define the values for your Helm chart configuration here
    // values: {},
}, { provider: k8sProvider });
```

#### Explanation:

- **Steps 1-6** create a new AKS cluster with a new Azure Resource Group, Azure AD application, and a Service Principal with a password. This is required for AKS to manage resources like load balancers and managed disks in Azure.

- **Step 7** sets up a Kubernetes provider instance using the AKS cluster's kubeconfig, which we need to communicate with the cluster.

- **Step 8** deploys the Check_MK Helm chart on the AKS cluster using the Helm Chart resource from the Pulumi Kubernetes provider. This assumes that a Helm chart for Check_MK is located in a Helm repository hosted at `https://checkmk.com/`. If the location or name of the chart is different, you will need to adjust the `repo` and `chart` properties in the `fetchOpts` accordingly. The `values` map is where you can specify Helm values, which are optional and can be omitted if you wish to use the defaults.

Make sure that the Helm repository URL and the Chart name 'check-mk' is correct as these values can change. The example assumes you've obtained the necessary SSH public key data to be placed where `'YOUR_SSH_PUBLIC_KEY'` is written in the code.

Please, replace `'YOUR_SSH_PUBLIC_KEY'` with your actual SSH public key.

When you deploy this Pulumi program, it will spin up an AKS cluster and then deploy the Check_MK Helm chart onto that cluster. The `kubeconfig` is exported so that you can interact with the cluster using `kubectl` or other Kubernetes tools, should you need to.