Deploy the svc-postgres helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy a Helm chart for PostgreSQL on an Azure Kubernetes Service (AKS) cluster using Pulumi, you will primarily need the following:

1. An AKS cluster where you will deploy the Helm chart.
2. The Helm chart package, which includes the files necessary to deploy PostgreSQL in your Kubernetes cluster.

First, you'll create the AKS cluster using the `azure-native` resources. Next, you will deploy the Helm chart to the AKS cluster using the `kubernetes` package, which allows you to work with Helm charts. In this program, we will assume that you have already set up the necessary Helm repository that contains the `svc-postgres` chart.

Below is a detailed Pulumi program written in TypeScript that accomplishes this:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as azuread from "@pulumi/azuread";
import * as kubernetes from "@pulumi/kubernetes";
import * as random from "@pulumi/random";

// A random password for the PostgreSQL Helm chart
const password = new random.RandomPassword("password", {
    length: 12,
});

// Create an Azure Resource Group
const resourceGroup = new azure_native.resources.ResourceGroup("myResourceGroup");

// Create an Azure AD application for AKS
const app = new azuread.Application("aks");

// Create a Service Principal for the application
const servicePrincipal = new azuread.ServicePrincipal("aksSp", { applicationId: app.applicationId });

// Create the Service Principal Password
const spPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: servicePrincipal.id,
    value: password.result,
    endDate: "2099-01-01T00:00:00Z",
});

// Create the AKS cluster
const cluster = new azure_native.containerservice.ManagedCluster("myAKSCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 1,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "myakscluster",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa ...",
            }],
        },
    },
    servicePrincipalProfile: {
        clientId: app.applicationId,
        secret: spPassword.value,
    },
    kubernetesVersion: "1.18.14",
});

// Export the kubeconfig
export const kubeconfig = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) => {
    return azure_native.containerservice.listManagedClusterUserCredentials({
        resourceGroupName: rgName,
        resourceName: clusterName,
    });
}).apply(creds => {
    const encoded = creds.kubeconfigs[0].value;
    return Buffer.from(encoded, 'base64').toString();
});

// Create a Kubernetes Provider pointing to the AKS cluster
const k8sProvider = new kubernetes.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Deploy the svc-postgres Helm chart
const postgresChart = new kubernetes.helm.v3.Chart("postgres", {
    chart: "svc-postgres",
    version: "1.0.0",
    fetchOpts: {
        repo: "http://charts.my-company.com/",
    },
    values: {
        postgresqlUsername: "postgres",
        postgresqlPassword: password.result,
        persistence: {
            size: "8Gi",
        },
    },
}, { provider: k8sProvider });

// Export the PostgreSQL Service endpoint
export const postgresqlEndpoint = postgresChart.getResourceProperty("v1/Service", "postgres-postgresql", "status").apply(status => status.loadBalancer.ingress[0].ip);
```

### Explanation

- **Password Generation**: The program begins by generating a random password for the database. This is required because PostgreSQL Helm charts usually require defining a password for the PostgreSQL admin account upon deployment.

- **Azure Resource Group**: It creates a new Azure resource group to contain all the resources, including the AKS cluster.

- **Azure AD Application and Service Principal**: For AKS to manage resources in Azure on your behalf, it needs an identity. This is set up by creating an Azure Active Directory (AD) application and a corresponding service principal.

- **AKS Cluster Creation**: It creates a new AKS cluster in the created resource group with a single node in the agent pool, using a Linux-based virtual machine.

- **Export kubeconfig**: The kubeconfig needed to interact with the cluster is retrieved and exported (you would need to mask the sensitive components in a production environment).

- **Kubernetes Provider**: A Pulumi Kubernetes provider instance is created, which allows Pulumi to interact with the Kubernetes cluster.

- **Deployment of Postgres Helm Chart**: Here, Pulumi deploys the `svc-postgres` Helm chart (you should have this chart available in the referred Helm repo). It sets values for `postgresqlUsername` and `postgresqlPassword` based on Helm chart custom values for PostgreSQL.

- **Export PostgreSQL Service Endpoint**: Once the Postgres service is up and running, it exports the database service endpoint, which can be used to connect to the PostgreSQL instance.

Carefully replace the SSH public key data and repository URL with the appropriate values for your configuration. This program sets up everything for deployment, but you need to configure Azure credentials for Pulumi, which is already assumed to be in place.