Deploy the provider-gcp helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

Deploying a GCP Helm chart on Azure Kubernetes Service (AKS) involves several steps. First, you will need to create an AKS cluster on Azure. Then you can configure Pulumi to deploy applications on this cluster using Helm charts.

Let's go through these steps and the Pulumi resources we will be using:

1. **Create an AKS cluster**: We will use `azure-native.containerservice.ManagedCluster` to create an AKS cluster in Azure. This resource manages instances of Kubernetes on Azure, handling the Kubernetes control plane on your behalf.

2. **Configure Pulumi to use the AKS cluster's kubeconfig**: Once the AKS cluster is created by Pulumi, we will need to extract the Kubeconfig information to configure Pulumi to deploy workloads on the created cluster.

3. **Deploy a Helm Chart**: We will make use of the `kubernetes.helm.v3.Chart` resource to deploy a Helm chart. In this case, you've specified a 'provider-gcp' chart, although typically GCP specific charts would be deployed on GCP. Here, we'll assume the chart is designed to work on any Kubernetes cluster, like AKS.

Now, let's proceed with the Pulumi TypeScript program:

```typescript
import * as azure from "@pulumi/azure-native";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Create the AKS cluster.
const resourceName = "myAKSCluster";
const resourceGroup = new azure.resources.ResourceGroup(resourceName);

const aksCluster = new azure.containerservice.ManagedCluster(resourceName, {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: `${pulumi.getStack()}-kube`,
    enableRBAC: true,
    kubernetesVersion: "1.19.7",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa AAAAB3Nz...",
            }],
        },
    },
    nodeResourceGroup: `MC_${pulumi.getStack()}_${resourceName}_${resourceGroup.location}`,
    servicePrincipalProfile: {
        clientId: "your-service-principal-client-id",
        secret: "your-service-principal-client-secret",
    },
});

// Step 2: Get credentials from the AKS cluster to use with Pulumi's k8s provider.
const creds = pulumi.all([resourceGroup.name, aksCluster.name]).apply(([rgName, clusterName]) => 
    azure.containerservice.listManagedClusterUserCredentials({
        resourceGroupName: rgName,
        resourceName: clusterName,
    }));

const kubeconfig = creds.kubeconfigs[0].value.apply(enc => Buffer.from(enc, 'base64').toString());

// Step 3: Deploy a Helm Chart to the AKS cluster.
const gcpProviderChart = new k8s.helm.v3.Chart("provider-gcp", {
    chart: "provider-gcp", // This should be the name of the Helm chart you want to deploy
    // In this example, we assume that the Helm chart `provider-gcp` is available to pull from a Helm repo.
    // If it's not and you have the chart locally, you can set the `path` property to the directory where the chart is located.
    // Other configurable values might be needed based on the chart's requirements.
    values: {
        // Specify deployment values for your chart here.
    },
}, { provider: new k8s.Provider("k8s-provider", {kubeconfig}) });

// Export the kubeConfig and cluster name
export const kubeConfigOutput = kubeconfig;
export const clusterName = aksCluster.name;
```

Here is an explanation of what's happening in the code above:

- First, we create an AKS cluster by defining the `ManagedCluster` resource with the desired node count, size, and Kubernetes version.
- Next, we retrieve the AKS cluster credentials using `listManagedClusterUserCredentials`.
- We convert the kubeconfig data, which is base64 encoded, into a string format suitable for the Kubernetes provider.
- After setting up the Kubernetes provider with AKS kubeconfig, we create an instance of `Chart` to deploy the chart to the AKS cluster.
- Finally, we export the kubeconfig and cluster name as stack outputs which can be used for subsequent operations or for connecting to the Kubernetes cluster with kubectl.

Please adjust the `servicePrincipalProfile`, values in the Helm chart, and the `chart` property to reflect the actual chart you want to deploy. If the Helm chart is in a private repository, you will need to include repository credentials or use a Chart repository resource to manage it.

Keep in mind this is a basic blueprint and the actual deployment might require more configurations based on real needs. For example, the network configuration, RBAC settings, and the Helm chart values will differ depending on your application's requirements.