Deploy the istio-ingress-gateway helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the Istio Ingress Gateway Helm Chart on Azure Kubernetes Service (AKS) with Pulumi, you'll perform the following high-level steps:

1. Provision an AKS cluster
2. Install Helm and Tiller on your local machine (if not already installed)
3. Create a Pulumi program to deploy the Istio Ingress Gateway using the Helm Chart

The following Pulumi program is written in TypeScript and will guide you through deploying the Istio Ingress Gateway on AKS. Before we dive into the code, here's an explanation of the key resources in use:

- `azure-native.resources.ResourceGroup`: This resource is used to create an Azure Resource Group, which is a container that holds related resources for an Azure solution.
- `azure-native.containerservice.ManagedCluster`: This resource is an AKS cluster where your Kubernetes workloads will run.
- `kubernetes.helm.v3.Chart`: This is a Pulumi resource that allows us to deploy Helm charts to a Kubernetes cluster. In this case, it'll be used to deploy the Istio Ingress Gateway.

Here's the Pulumi program to perform this task:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Create an Azure Resource Group
const resourceGroup = new azure_native.resources.ResourceGroup("my-resource-group");

// Create an AKS cluster
const cluster = new azure_native.containerservice.ManagedCluster("my-aks-cluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 1,
        vmSize: "Standard_DS2_v2",
        name: "agentpool",
        mode: "System",
    }],
    dnsPrefix: "aks-istio-ingress",
});

// Export the kubeconfig
export const kubeconfig = cluster.kubeConfig.apply(kubeConfig => Buffer.from(kubeConfig, 'base64').toString());

// Create a Kubernetes provider instance that uses our AKS cluster credential
const provider = new k8s.Provider("provider", {
    kubeconfig: kubeconfig,
});

// Use the existing AKS cluster kubeconfig
const aksKubeconfig = pulumi.output(cluster.kubeConfig);

// Deploy Istio Ingress Gateway using Helm Chart
const istioIngress = new k8s.helm.v3.Chart("istio-ingress", {
    chart: "istio-ingress",
    version: "1.10.0", // specify the version of Istio that you want to deploy
    fetchOpts: {
        repo: "https://istio-release.storage.googleapis.com/charts",
    },
}, { provider: provider });

// Export the Kubernetes provider kubeconfig to interact with the cluster
export const kubeconfig = aksKubeconfig;
```

To run this program:

1. Set up Pulumi with Azure by following the [Pulumi Azure Setup Guide](https://www.pulumi.com/docs/get-started/azure/).
2. [Install Helm](https://helm.sh/docs/intro/install/) and [Tiller](https://docs.helm.sh/helm/#helm-init) on your local machine if they're not already installed. Helm is the package manager for Kubernetes, and Tiller is the Helm server side component which Helm uses to apply the Helm Chart to Kubernetes.
3. Save the above code to a file (e.g., `index.ts`) in a new Pulumi project directory.
4. Navigate to your project directory in your command line interface and run `pulumi up`. This command will create the Azure resources and deploy the Helm Chart as defined.

Please replace `version: "1.10.0"` with the version of Istio that you want to deploy as this example may use an out-of-date version. The outer `kubeconfig` export is what allows you to interact with your AKS cluster using `kubectl` or other Kubernetes tools, whereas the `istioIngress` Helm Chart resource deploys Istio's Ingress Gateway onto your AKS cluster.

Note that you need to ensure the Kubernetes configuration context points to your AKS cluster when you run Helm-related commands on your machine. Pulumi will do the deployment for you, but for any manual operations, you may need to adjust the context with `kubectl`.