Deploy the knative-installer helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the knative-installer Helm chart on Azure Kubernetes Service (AKS), you will need to follow these steps:

1. Create an AKS cluster.
2. Install the Helm chart for Knative into the AKS cluster.

We will use Pulumi with TypeScript to define and create the infrastructure. Pulumi allows us to express this process as a set of declarative infrastructure as code (IaC) statements. We will primarily use the `azure-native` and `kubernetes` Pulumi providers. The `azure-native` provider allows us to interact with Azure resources, whereas the `kubernetes` provider will handle the Helm chart deployment on AKS.

Below is a Pulumi program that accomplishes these tasks. The program is heavily commented to describe the purpose of each part:

```typescript
import * as azure from "@pulumi/azure";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import * as pulumi from "@pulumi/pulumi";

// Step 1: Create an Azure AD application for AKS
const name = "myapp";
const adApp = new azuread.Application("adApp", {
    name: name,
});

// Create a Service Principal for the Application so AKS can act on behalf of the Application
const adSp = new azuread.ServicePrincipal("adSp", {
    applicationId: adApp.applicationId,
});

// Generate a random password for the Service Principal
const adSpPassword = new azuread.ServicePrincipalPassword("adSpPassword", {
    servicePrincipalId: adSp.id,
    endDate: "2099-01-01T00:00:00Z",
});

// Step 2: Create a resource group for AKS resources
const resourceGroup = new azure.core.ResourceGroup("rg", {
    location: "East US",
});

// Step 3: Create the AKS cluster using the azure-native provider
const cluster = new azure.containerservice.KubernetesCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    location: resourceGroup.location,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGb: 30,
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: `${name}-k8s`,
    linuxProfile: {
        adminUsername: "testuser",
        ssh: {
            keys: [{
                keyData: "ssh-rsa PUBLICKEY",
            }],
        },
    },
    servicePrincipal: {
        clientId: adApp.applicationId,
        secret: adSpPassword.value,
    },
    kubernetesVersion: "1.18.14",
    roleBasedAccessControl: {
        enabled: true,
    },
}, {
    dependsOn: [adApp, adSp, adSpPassword],
});

// Step 4: Deploy the knative-installer Helm chart into the AKS cluster using the kubernetes provider
const knativeChart = new k8s.helm.v3.Chart("knative-installer", {
    chart: "knative",
    version: "0.1.0", // Use the correct version of the chart here
    namespace: "knative-serving",
    fetchOpts: {
        repo: "https://helm-repo-url/", // The URL to the Helm repository for Knative
    },
    // Set the values for the Helm release.
    values: {
        // Customize your Knative installation here if needed
    },
}, {
    provider: cluster.provider, // Pass the provider for the AKS cluster created earlier
});

// Export the kubeconfig file for accessing the AKS cluster
export const kubeconfig = cluster.kubeConfigRaw;
```

In this Pulumi program, we first create an Azure AD application and corresponding Service Principal. These are required for AKS to interact with Azure's APIs on our behalf. We then create a resource group to contain our AKS resources.

Next, we define a managed AKS cluster using the information from the Azure AD application and Service Principal for authentication. We specify details such as the VM size, number of nodes, and Kubernetes version.

Finally, we deploy the Knative Helm chart to the AKS cluster we created. In the `k8s.helm.v3.Chart` resource, we specify the name of the Helm chart, the version, and the Helm repository URL where the chart can be found. We also provide an optional `values` object to customize our Knative installation if required.

The `kubeconfig` is exported at the end of the program, which you can use to access your AKS cluster with tools like `kubectl`.

Remember to replace `"ssh-rsa PUBLICKEY"` with your actual SSH public key and to use the correct versions and repository URLs for the Knative Helm chart and customize the Helm chart values as needed for your setup.

To apply this program, save it in a file with a `.ts` extension, and run the following commands:

- `pulumi stack init my-stack` (to create a new stack)
- `pulumi up` (to create the resources)

Make sure that you have the necessary permissions and have logged in to Azure via the Azure CLI using `az login`.