Deploy the vhss helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

Deploying a Helm chart on Azure Kubernetes Service (AKS) involves a few key steps. Here's a high-level overview before we dive into the Pulumi TypeScript program:

Provision an AKS Cluster: You need a Kubernetes cluster running on Azure where your applications will be deployed. AKS simplifies the process by managing the Kubernetes master nodes for you, leaving you to configure and manage the agent nodes.
Install the Helm Chart: Helm is a package manager for Kubernetes that allows you to define, install, and upgrade complex Kubernetes applications. Helm charts are packages of pre-configured Kubernetes resources.
Deploy the Helm Chart: After installing Helm, you can deploy charts, which are packages of pre-configured Kubernetes resources.

Below is a Pulumi TypeScript program that sets up an AKS cluster and deploys a Helm chart to it.

First, ensure you have Pulumi installed and configured with Azure credentials. You will also need to install Node.js and the Pulumi CLI if you have not done so yet.

Here’s the program that accomplishes the deployment:

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import * as random from "@pulumi/random";

// Create a random suffix for resources naming to ensure uniqueness
const randomSuffix = new random.RandomString("randomSuffix", {
    length: 10,
    special: false,
    upper: false,
}).result;

// Create an Azure Resource Group
const resourceGroup = new azure.core.ResourceGroup(`rg-${randomSuffix}`);

// Create an Azure AD service principal for the AKS cluster
const adApp = new azuread.Application(`app-${randomSuffix}`);
const adSp = new azuread.ServicePrincipal(`sp-${randomSuffix}`, {applicationId: adApp.applicationId});
const adSpPassword = new azuread.ServicePrincipalPassword(`pwd-${randomSuffix}`, {
    servicePrincipalId: adSp.id,
    endDate: "2099-01-01T00:00:00Z", // Far in the future
});

// Create AKS cluster
const aksCluster = new azure.containerservice.KubernetesCluster(`aksCluster-${randomSuffix}`, {
    resourceGroupName: resourceGroup.name,
    defaultNodePool: {
        name: "default",
        nodeCount: 2,
        vmSize: "Standard_B2s",
    },
    dnsPrefix: `aksCluster-${randomSuffix}`,
    linuxProfile: {
        adminUsername: "adminuser",
        sshKey: {
            keyData: "<SSH_PUBLIC_KEY>", // Replace with your SSH public key
        },
    },
    servicePrincipal: {
        clientId: adApp.applicationId,
        clientSecret: adSpPassword.value,
    },
});

// Expose a K8s provider instance using the kubeconfig from the created AKS cluster
const k8sProvider = new k8s.Provider(`k8sprovider-${randomSuffix}`, {
    kubeconfig: aksCluster.kubeConfigRaw,
});

// Deploy the Helm chart to the AKS cluster using the Helm provider
const helmChart = new k8s.helm.v3.Chart("vhss-helm-chart", {
    chart: "vhss", // Replace with the correct Helm chart name if 'vhss' is not accurate
    // Additional configuration may be required here depending on the Helm chart.
    // In some cases, you might need to add:
    // values: {
    //     someKey: someValue,
    // }
}, {provider: k8sProvider});

// Export the cluster's kubeconfig and other useful information
export const kubeconfig = aksCluster.kubeConfigRaw;
export const aksClusterName = aksCluster.name;
export const resourceGroupName = resourceGroup.name;

Replace <SSH_PUBLIC_KEY> with your actual SSH public key to allow secure SSH access to the Kubernetes nodes. If you need to customize your Helm chart deployment (like setting custom values), you will need to modify the values field in the helmChart declaration.

To apply this Pulumi program, save it to a file called index.ts, and then execute the following commands in your terminal:

pulumi up

This command will prompt you with a preview of the resources Pulumi will create. If this looks correct, select yes to proceed with the deployment.

Once the deployment is complete, you can use the exported kubeconfig to interact with your AKS cluster using kubectl:

pulumi stack output kubeconfig --show-secrets > kubeconfig.yaml
export KUBECONFIG=kubeconfig.yaml
kubectl get nodes

This program uses the following resources from Pulumi's Azure provider:

Resource Group: Organizes related resources.
Azure Active Directory Application: Needed to create service principal for AKS authentication.
Azure Active Directory Service Principal: Defines an identity for applications to interact with Azure services.
Azure Active Directory Service Principal Password: Securely stores the password (credential).
AKS Cluster: The managed Kubernetes cluster where we will deploy the Helm chart.
Kubernetes Provider: Represents a Kubernetes cluster where Pulumi can deploy resources.
Helm Chart: Defines the Helm chart we want to deploy.

For more details on how these resources are used: