Deploy the istio-egress-gateway helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Istio Egress Gateway Helm chart on an Azure Kubernetes Service (AKS) cluster, you'll need to follow these steps:

1. **Create an AKS Cluster**: You'll need an AKS cluster as the foundational environment where your Istio Egress Gateway will be deployed.
2. **Install Helm on Your Local Machine**: Helm is a package manager for Kubernetes that simplifies the deployment of applications and services.
3. **Add the Istio Helm Chart Repository**: This repository contains the charts you'll use to install Istio components, including the Egress Gateway.
4. **Deploy the Istio Egress Gateway Using the Helm Chart**: You'll use Helm to deploy the Egress Gateway Helm chart to your AKS cluster.

Below is a Pulumi program written in TypeScript that automates the first step of this process by creating an AKS Cluster. The subsequent steps would typically be carried out manually or scripted using Helm directly, but for this example, we'll focus on the infrastructure that Pulumi manages.

Please note that deploying Istio Egress Gateway requires a functional AKS cluster. The provided Pulumi program will set up this cluster for you. Post-deployment of the AKS cluster, you'd have to set up `kubectl` and Helm locally and run helm commands to deploy Istio to the cluster.

Here's a Pulumi program that demonstrates how to create an AKS cluster:

```typescript
import * as azure from "@pulumi/azure-native";
import * as pulumi from "@pulumi/pulumi";

// Create an Azure Resource Group
const resourceGroup = new azure.resources.ResourceGroup("myResourceGroup");

// Create an AKS cluster
const cluster = new azure.containerservice.ManagedCluster("myAksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 1,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "myakscluster",
    enableRBAC: true,
    kubernetesVersion: "1.18.14",
    linuxProfile: {
        adminUsername: "testuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa ...", // replace `...` with your ssh public key
            }],
        },
    },
    nodeResourceGroup: "myaksnodegroup",
    resourceGroupName: resourceGroup.name,
});

// Export the AKS cluster's kubeconfig
export const kubeconfig = pulumi.all([cluster.name, resourceGroup.name]).apply(([name, resourceGroupName]) =>
    azure.containerservice.listManagedClusterUserCredentials({
        resourceName: name,
        resourceGroupName: resourceGroupName,
    })).apply(credentials => {
        const encoded = credentials.kubeconfigs[0].value;
        return Buffer.from(encoded, 'base64').toString('utf-8');
    });

// After deploying the AKS cluster with Pulumi by running `pulumi up`,
// you will need to install `kubectl` and Helm locally, and use Helm to deploy the Istio Egress Gateway.
```

This program creates an AKS cluster and exports the Kubeconfig needed to interact with the cluster through `kubectl`. The `kubeconfig` is sensitive information allowing access to your cluster and should be stored securely.

Once you have the AKS cluster set up, follow Helm's official documentation to install Helm and then proceed to add the Istio Helm chart repository and install the Istio Egress Gateway:

1. Download and install Helm from [Helm's releases page](https://helm.sh/docs/intro/install/).
2. Open a terminal and configure Helm to use the Istio repo:

```bash
helm repo add istio https://istio-release.storage.googleapis.com/charts
helm repo update
```

3. Now, use Helm to deploy the Istio Egress Gateway to your AKS cluster, providing the necessary Helm values:

```bash
helm install istio-egress istio/gateway -n istio-system --create-namespace
```

Remember that these steps should be done from your local machine with Helm installed and with the Kubeconfig file obtained from Pulumi.