Deploy the cloudsql-proxy helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

Sure, deploying a Helm chart to an Azure Kubernetes Service (AKS) cluster using Pulumi involves several steps. First, you would need to have an AKS cluster up and running. Then, we can proceed to deploy Helm charts using Pulumi's Kubernetes provider.

Below are the steps that we would typically follow:

1. **Set up an AKS Cluster**: Define an AKS cluster resource using Pulumi. For a simple scenario, you need to specify details like the resource group, the location, and the properties of the AKS cluster such as the node count and size.
2. **Configure Kubernetes Provider for Azure**: Once the AKS cluster is created, we configure the Kubernetes provider to point to the newly-created AKS cluster. This usually involves fetching the kubeconfig from the AKS resource and using it to configure the Kubernetes provider.
3. **Deploy the Helm Chart**: With the Kubernetes provider configured, we can now define a Helm Release resource that references the Cloud SQL Proxy chart. You'll need to define values for the Helm chart if the default ones are not suitable.

For demonstration purposes, let's assume you have already set up the AKS cluster, and we are focusing on deploying the `cloudsql-proxy` Helm chart. Here is a TypeScript program that performs the deployment:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Your pre-existing AKS cluster name and resource group
const clusterName = "your-aks-cluster-name";
const resourceGroupName = "your-aks-resource-group";

// Obtain the kubeconfig from the AKS cluster
const aksCluster = azure.containerservice.KubernetesCluster.get("aksCluster", {
    name: clusterName,
    resourceGroupName: resourceGroupName
});

// Create a provider that uses the AKS kubeconfig
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: aksCluster.kubeConfigRaw,
});

// Define the Helm Release for the cloudsql-proxy Helm chart
const cloudsqlProxyRelease = new k8s.helm.v3.Release("cloudsql-proxy", {
    chart: "cloudsql-proxy",
    // Replace the following repository URL with the actual Helm chart repository
    repositoryOpts: {
        repo: "https://charts.your-helm-repo.com",
    },
    // Specify any custom values required for the Cloud SQL Proxy Helm chart
    values: {
        // Example values, replace these with the actual values needed for your environment
        "credentialSecretName": "your-gcp-credentials-secret",
        "instanceConnectionName": "your-gcp-sql-instance-connection-name",
        "sqlPort": "5432",
    },
}, { provider: k8sProvider });

// Export the status of the Helm chart deployment
export const status = cloudsqlProxyRelease.status;
```

In this program, we first use the `@pulumi/kubernetes` package to interact with Kubernetes clusters. We assume that the AKS cluster already exists and therefore, we reference it by its name and resource group. We then create a Kubernetes provider configured with the AKS cluster's kubeconfig. This provider is used for all subsequent resources deployed to the AKS cluster.

We define a `Release` resource using the Helm v3 API, which installs the `cloudsql-proxy` Helm chart from the specified Helm chart repository. You would need to replace the `repositoryOpts`, `chart`, and `values` fields with the details relevant to your needs. The values are placeholders and should be replaced with the actual values required by the Cloud SQL Proxy Helm chart. You also need to ensure that the `credentialSecretName` exists in your Kubernetes cluster and contains the correct credentials for Google Cloud SQL access.

Once the Helm chart is deployed, the status of the deployment is exported using Pulumi's `export` feature, which can be viewed using the Pulumi CLI to assist with troubleshooting.

Please replace placeholder values with actual information related to your environment before running the program. Ensure you have installed the necessary Pulumi packages with `npm install` or `yarn add` for `@pulumi/pulumi` and `@pulumi/kubernetes`.

To run the program, you will execute the Pulumi CLI commands `pulumi up` to preview and perform the deployment. If you are satisfied with the preview shown, you can proceed to confirm the deployment.

Please note that the deployment of resources into Azure and Kubernetes requires the appropriate permissions and configured access to the cloud resources. Make sure your Pulumi CLI and the environment where you run the code are configured with access to your Azure account and have the necessary permissions.