Deploy the rke2-cilium helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

In this Pulumi program, we're going to deploy the `rke2-cilium` Helm chart onto an Azure Kubernetes Service (AKS) cluster. We'll first create an AKS cluster, then we'll deploy the Helm chart onto this newly created cluster.

Here's what we're going to do:
1. **Provision an AKS Cluster**: We'll create an AKS cluster using Pulumi's `azure-native` package, which provides native Azure resources.
2. **Deploy Helm Chart**: After the cluster is provisioned, we'll deploy the Helm chart to the AKS cluster using Pulumi's `kubernetes` package that allows for management of Kubernetes resources, including Helm charts.

### Step 1: Provision an AKS Cluster
We'll need to create a new AKS cluster, including all dependent resources like the Kubernetes version, Node pool for our worker nodes, and any necessary configurations such as networking.

### Step 2: Deploy Helm Chart
Once the AKS cluster is up and running, we'll configure Pulumi to use the Kubernetes cluster by setting up the `KubeConfig`. After that, we'll use Pulumi's `helm` package to deploy the `rke2-cilium` chart.

Below is the full TypeScript program that accomplishes these steps. Before running this program, ensure you've [installed Pulumi and set up the Azure provider](https://www.pulumi.com/docs/get-started/azure/).

```typescript
import * as azure from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";

// Create a new resource group to contain our AKS cluster
const resourceGroup = new azure.resources.ResourceGroup("aksResourceGroup");

// Create the AKS cluster
const cluster = new azure.containerservice.ManagedCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
        vnetSubnetID: subnet.id,
    }],
    dnsPrefix: "aksk8s"
});

// Export the Kubernetes kubeconfig
export const kubeconfig = pulumi.
    all([cluster.name, resourceGroup.name]).
    apply(([clusterName, rgName]) =>
        azure.containerservice.listManagedClusterUserCredentials({
            resourceName: clusterName,
            resourceGroupName: rgName,
        })
    ).
    apply(creds => Buffer.from(creds.kubeconfigs[0].value, 'base64').toString());

// Create a Kubernetes provider instance that uses our kubeconfig
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig
});

// Deploy the rke2-cilium Helm chart onto our AKS cluster
const rke2CiliumChart = new k8s.helm.v3.Chart("rke2-cilium", {
    chart: "cilium",
    version: "1.9.1",
    fetchOpts: {
        // The repository that hosts the rke2-cilium Helm chart needs to be specified
        repo: "https://helm.cilium.io/",
    },
    namespace: "kube-system",
}, { provider: k8sProvider });

// Export the public Cluster IP of the Helm release
export const rke2CiliumPublicIP = rke2CiliumChart.getResource("v1/Service", "kube-system", "rke2-cilium").status.loadBalancer.ingress[0].ip;
```

In this program, a new Azure Kubernetes Service cluster is provisioned within an Azure resource group. We specify the settings of the AKS cluster such as the Kubernetes version, node size, and number of nodes.

We then configure Pulumi to use the kubeconfig of this cluster, which is needed to interact with the cluster. This configuration is applied to a new Pulumi Kubernetes provider, which allows us to deploy Kubernetes resources.

We proceed by deploying the 'rke2-cilium' Helm chart using Pulumi's Helm chart resource. This Helm chart is a pre-packaged set of Kubernetes resources for `cilium`, a Kubernetes CNI.

For the chart to be installed, we specify the version and the repository from which the chart can be fetched.

Finally, we're exporting the public IP of the `cilium` service to make it accessible for future use with the `export` statement.