Deploy the ibm-apic-gtw-instance helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

Deploying a Helm chart on Azure Kubernetes Service (AKS) involves several steps. To achieve this, we would follow this outline:

1. **Set up an AKS cluster**: This is the foundational environment where your applications will run. It involves configuring the necessary AKS properties and deploying it using Pulumi's Azure-native SDK.

2. **Install the Helm chart**: Once we have an AKS cluster up and running, we can deploy applications into this Kubernetes cluster using Helm charts.

3. **Retrieve the Kubernetes configuration**: To interact with your Kubernetes cluster, you'll need the appropriate kubeconfig that allows `kubectl` and Helm commands to authenticate with the cluster.

For the IBM API Connect Gateway (APIC GW) instance Helm chart, you would typically find it in a Helm repository, and you would use the chart name (like `ibm-apic-gtw-instance`) along with the repository URL to deploy it.

Let's start with setting up an AKS cluster using Pulumi. The following program demonstrates how to do just that using TypeScript.

```typescript
import * as pulumi from '@pulumi/pulumi';
import * as azure_native from '@pulumi/azure-native';

// Create a resource group for the AKS cluster.
const resourceGroup = new azure_native.resources.ResourceGroup("myResourceGroup");

// Create an AKS cluster.
const managedCluster = new azure_native.containerservice.ManagedCluster("myAKSCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2, // Set the desired count of nodes
        vmSize: "Standard_DS2_v2",
        name: "agentpool" // Name of the agent pool
    }],
    dnsPrefix: pulumi.interpolate(`${resourceGroup.name}-kube`),
    kubernetesVersion: "1.18.14", // Specify your desired Kubernetes version
    identity: {
        type: "SystemAssigned"
    },
});

// Export the kubeconfig for the AKS cluster.
export const kubeConfig = pulumi.all([resourceGroup.name, managedCluster.name]).apply(([resourceGroupName, clusterName]) => 
    azure_native.containerservice.listManagedClusterUserCredentials({
        resourceGroupName: resourceGroupName,
        resourceName: clusterName,
    }).apply(creds => Buffer.from(creds.kubeconfigs[0].value, 'base64').toString())
);

// Ensures that Pulumi has the kubeconfig before trying to deploy any Kubernetes resources
const pulumiK8sConfig = new pulumi.ConfigFile("kubeconfig", {
    file: kubeConfig,
});

// Now let's deploy the Helm chart into the AKS cluster.
import * as k8s from '@pulumi/kubernetes';

// Use the resulting kubeconfig to connect to the AKS cluster.
const provider = new k8s.Provider("provider", {
    kubeconfig: kubeConfig,
});

// Deploy the ibm-apic-gtw-instance Helm Chart into the AKS cluster.
const chart = new k8s.helm.v3.Chart("ibm-apic-gtw-instance", {
    chart: "ibm-apic-gtw-instance",
    version: "1.2.3", // specify the chart version if required
    // You may need to specify the repository or any other custom values required for your Helm chart.
    // For IBM charts, the repository details would typically be provided by IBM.
}, { provider });

// Export the public endpoint of the Helm chart if it is a service that is exposed.
// This would depend on the specifics of the Helm chart service definition.
export const helmChartEndpoint = chart.getResourceProperty("v1/Service", "ibm-apic-gtw-instance", "status")
    .apply(status => status.loadBalancer.ingress[0].ip || status.loadBalancer.ingress[0].hostname);
```

This code does the following:

- It initializes a new resource group in Azure to host all our resources.
- It creates an AKS cluster with a system-assigned managed identity. The `dnsPrefix` option ensures that DNS names for services in the Kubernetes cluster are unique.
- It exports the kubeconfig needed to manage the Kubernetes cluster once it has been provisioned.
- It sets up a Pulumi Kubernetes provider to manage Kubernetes resources with that kubeconfig.
- It deploys the `ibm-apic-gtw-instance` Helm chart. Note that you'll need to know the Helm chart details such as the repository URL and any custom values it requires, which isn't specified in your original query.
- It (conditionally) exports the endpoint of the Helm-deployed service. This is based on the presumption that your Helm chart includes a Kubernetes Service that exposes your IBM API Connect Gateway. You'll need to adjust this based on the actual resources created by your Helm chart.

For more information and further understanding, make sure to check the Pulumi documentation from the official website:
- [Azure Kubernetes Service (AKS)](https://www.pulumi.com/docs/reference/pkg/azure-native/containerservice/managedcluster/)
- [Helm Charts on Kubernetes](https://www.pulumi.com/docs/reference/pkg/kubernetes/helm/v3/chart/)

Finally, to deploy your application, navigate to the directory where this file is saved and execute `pulumi up`, which will provision the resources in Azure.

Remember to replace chart-specific values (like `version`) with the information relevant to the IBM APIC GW instance Helm chart as needed. The actual endpoint export part of the program assumes that your Helm chart contains a Service definition with a load balancer and depends on the Helm chart's specific structure.

Keep in mind that the Azure resources may incur costs, and managing them effectively is critical to controlling cloud expenses.