Deploy the rbacmanager helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the rbacmanager helm chart on Azure Kubernetes Service (AKS), you'll need to follow these steps:

Create an AKS Cluster: You need to have a running AKS cluster. If you don't have one, you'll need to create a new AKS cluster using Pulumi's Azure Native provider.
Install the Helm Chart: After you have your AKS cluster, you can use Pulumi's Kubernetes provider to deploy Helm charts. You'll specify the rbacmanager chart and configure it according to your needs.

Here's a Pulumi program written in TypeScript that does exactly this:

Detailed Explanation

Firstly, the program sets up an AKS cluster using Azure Native resources. It defines the necessary properties like the resource group, AKS cluster configurations, and Kubernetes version.

Once the AKS cluster is provisioned, we'll install the rbac-manager Helm chart onto the cluster using Pulumi's Kubernetes provider. The rbac-manager Helm chart is used to manage RBAC resources dynamically via custom resources. The chart will be fetched from its Helm repository and installed in the cluster with any of the required configurations.

In the below program, replace <YOUR RBAC MANAGER HELM CHART VERSION> with the version of the rbacmanager chart you wish to install.

Let's dive into the code:

import * as azure from "@pulumi/azure-native";
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Create an Azure Resource Group
const resourceGroup = new azure.resources.ResourceGroup("myResourceGroup");

// Step 2: Create an AKS cluster
const cluster = new azure.containerservice.ManagedCluster("myAksCluster", {
    resourceGroupName: resourceGroup.name,
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "myakscluster",
    enableRBAC: true,
    kubernetesVersion: "1.18.14",
    linuxProfile: {
        adminUsername: "adminuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsz3++sijOj4u8...",
            }],
        },
    },
    nodeResourceGroup: "nodeResourceGroup",
    identity: {
        type: "SystemAssigned",
    },
});

// Step 3: Export the Kubeconfig
const creds = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) =>
    azure.containerservice.listManagedClusterUserCredentials({
        resourceGroupName: rgName,
        resourceName: clusterName,
    }),
);

const kubeconfig = creds.kubeconfigs[0].value.apply(c => Buffer.from(c, 'base64').toString());

// Step 4: Create Pulumi Kubernetes Provider using AKS kubeconfig
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Step 5: Install Helm Chart for rbac-manager
const rbacManagerChart = new k8s.helm.v3.Chart("rbac-manager", {
    chart: "rbac-manager",
    version: "<YOUR RBAC MANAGER HELM CHART VERSION>",
    fetchOpts:{
        repo: "https://charts.fairwinds.com/stable",
    },
}, {
    provider: k8sProvider,
});

// Step 6: Export the kubeconfig and rbac-manager chart name to easily access them if needed
export const kubeconfigOutput = kubeconfig;
export const rbacManagerChartName = rbacManagerChart.metadata.apply(m => m.name);

What's happening in the code?

A resource group is created to hold the AKS cluster.
An AKS cluster is created with system-assigned identity and RBAC enabled.
Then the program creates a Kubernetes provider with the kubeconfig of the AKS cluster, which allows Pulumi to communicate with the cluster.
Using this provider, the Helm chart rbac-manager is deployed to the AKS cluster with the defined version.
Finally, the program exports the kubeconfig and the installed rbac-manager chart's release name as stack outputs for easy access.

Pulumi keeps track of your resources and Helm chart, and is idempotent. This means you can run the program multiple times without unintended side-effects. It will make sure that the AKS cluster and the rbac-manager Helm chart are created and maintained as defined in the code.

To deploy this Pulumi program, save the code to a file called index.ts, install the required dependencies with npm install or yarn add for the Pulumi Azure Native, Kubernetes, and Pulumi SDK packages, and then run it using pulumi up.

Remember to replace <YOUR RBAC MANAGER HELM CHART VERSION> with the actual version of the Helm chart you wish to deploy. It's crucial for the chart installation to work correctly.