Deploy the nginx-revproxy helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the nginx reverse proxy Helm chart on an Azure Kubernetes Service (AKS) cluster using Pulumi, you need to perform a few high-level tasks:

1. **Set up an AKS cluster**: Create an AKS cluster that will host your application(s) and Helm charts.

2. **Install the Pulumi Kubernetes provider**: This provider allows Pulumi to interact with Kubernetes resources.

3. **Deploy the nginx reverse proxy Helm chart**: Use the Pulumi Kubernetes provider to deploy a Helm chart on your AKS cluster.

Here's a step-by-step Pulumi program written in TypeScript that accomplishes these tasks. This program assumes that you have `@pulumi/azure-native` and `@pulumi/kubernetes` NPM packages installed in your Pulumi project.

### Step 1: Initializing a New Pulumi Program
To begin, you initialize a Pulumi program with the necessary imports and setup. You should define the resource options like region and resource group for your AKS cluster.

```typescript
import * as azure from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Configuration for your Azure AKS cluster
const resourceGroup = new azure.resources.ResourceGroup("myResourceGroup");
const aksCluster = new azure.containerservice.ManagedCluster("myAksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2,
        vmSize: "Standard_B2s",
        name: "agentpool",
        mode: "System",
        osType: "Linux",
    }],
    dnsPrefix: "myakscluster",
    enableRbac: true,
    kubernetesVersion: "1.20.9",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl0uoVAK..." // replace with your actual RSA public key
            }]
        }
    }
});
```

### Step 2: Obtaining Kubeconfig
Once your AKS cluster is created, you need the kubeconfig file to interact with your cluster using the Kubernetes API. Pulumi can automatically fetch this for you.

```typescript
const creds = azure.containerservice.listManagedClusterUserCredentials({
    resourceGroupName: resourceGroup.name,
    resourceName: aksCluster.name,
});

const encoded = creds.then(c => c.kubeconfigs[0].value);
const kubeconfig = encoded.apply(e => Buffer.from(e, 'base64').toString());
```

### Step 3: Setting up the Kubernetes Provider
With the kubeconfig in hand, you can instantiate the Kubernetes provider. This provider is responsible for deploying Kubernetes resources, including Helm charts.

```typescript
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});
```

### Step 4: Deploying the Helm Chart
Now, you'll deploy the nginx reverse proxy Helm chart.

```typescript
const nginxRevProxyChart = new k8s.helm.v3.Chart("nginx-revproxy", {
    chart: "nginx-revproxy",
    version: "1.0.1", // replace with the exact chart version you want to deploy
    fetchOpts: {
        repo: "https://charts.bitnami.com/bitnami", // replace with the actual repo URL if different
    },
    // Define values to override the defaults in the Helm chart
    values: {
        service: {
            type: "LoadBalancer",
        },
    },
}, { provider: k8sProvider });
```

### Step 5: Accessing Your nginx Service
The nginx Helm chart exposes a service through which you can access nginx. To get the external IP for this service, you can query the service resource.

```typescript
const nginxService = nginxRevProxyChart.getResource("v1/Service", "my-nginx-nginx-revproxy");
export const nginxExternalIP = nginxService.status.loadBalancer.ingress[0].ip;
```

The `nginxExternalIP` will be displayed as an output once the Pulumi program is successfully run. You can then use this IP to interact with your nginx reverse proxy.

Now, putting it all together:

```typescript
import * as azure from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Initialize New Pulumi Program
// ...

// Step 2: Obtain Kubeconfig
// ...

// Step 3: Setup Kubernetes Provider
// ...

// Step 4: Deploy Helm Chart
// ...

// Step 5: Access Your nginx Service
// ...

// Perform an export for the nginx service's external IP address
export const nginxExternalIP = nginxService.status.apply(status => status.loadBalancer.ingress[0].ip);
```

### Running Your Pulumi Program
To run this program, you'd typically use the Pulumi CLI:

```shell
pulumi up
```

This command initiates the deployment process which includes creating an AKS cluster, configuring Kubernetes, and deploying the nginx reverse proxy Helm chart. The command line will provide a summary of the resources created, updated, or deleted.

Keep in mind that real-world use would require securely managing sensitive values, tuning the cluster size and settings to your needs, and likely integrating with other Azure services.

Please replace placeholders like the RSA public key and Helm chart version with your actual data. Additionally, ensure your Azure account is set up correctly and has the required permissions to provision these resources.

By following these steps, you've successfully deployed an nginx reverse proxy service on an Azure Kubernetes Service cluster using Pulumi.