Deploy the ingress-controller helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

Deploying an ingress controller on Azure Kubernetes Service (AKS) using a Helm chart involves the following high-level steps:

1. **Provision an AKS Cluster**: First, you'll need an AKS cluster where the ingress controller will be deployed. Pulumi can create and manage AKS clusters using the `ProvisionedCluster` resource from the `azure-native` provider.

2. **Install the Helm Chart**: After the cluster is up and running, you'll install the ingress controller's Helm chart. This Helm chart is a pre-packaged set of Kubernetes resources that Pulumi can deploy using the `Chart` resource from the `kubernetes` provider.

Below is a TypeScript program that demonstrates these steps using Pulumi. Remember to have your Azure credentials and Pulumi CLI configured before running this program.

### Detailed Program Explanation and Code

The first part of the program creates an AKS cluster. I'm using the `ProvisionedCluster` resource from the `azure-native` provider because it's the native Azure resource provided by Pulumi, allowing for direct interaction with Azure's APIs.

Once the AKS cluster is provisioned, I use the `Chart` resource from the `kubernetes` provider to install the Helm chart for the ingress controller. Helm charts are a convenient way to package and deploy Kubernetes applications.

Here's the full Pulumi program in TypeScript:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Provision an AKS Cluster
const resourceGroup = new azure_native.resources.ResourceGroup("aksResourceGroup", {
    // Location is where your resources will be created. This can be changed as required.
    location: "EastUS", 
});

const aksCluster = new azure_native.containerservice.ManagedCluster("aksCluster", {
    resourceGroupName: resourceGroup.name,
    // Change the location to match your resource group or a preferred region
    location: resourceGroup.location,
    // Specify the properties for the AKS cluster as required, such as node size, count, etc.
    agentPoolProfiles: [{
        count: 1,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osType: "Linux",
        vmSize: "Standard_DS1_v2",
    }],
    dnsPrefix: pulumi.getStack(), // Generates a DNS prefix using the stack name
    kubernetesVersion: "1.18.14", // Specify the desired Kubernetes version
});

// Export the kubeconfig (it contains credentials, handle with care!)
export const kubeconfig = pulumi.
    all([resourceGroup.name, aksCluster.name]).
    apply(([rgName, clusterName]) => {
        return azure_native.containerservice.listManagedClusterUserCredentials({
            resourceGroupName: rgName,
            resourceName: clusterName,
        }).then(credentials => {
            const encoded = credentials.kubeconfigs[0].value;
            if (encoded == null) {
                throw new Error("Kubeconfig was not generated");
            }
            return Buffer.from(encoded, 'base64').toString();
        });
    });

// Step 2: Install the ingress-controller Helm Chart on the AKS cluster
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

const ingressControllerChart = new k8s.helm.v3.Chart("nginx-ingress", {
    chart: "nginx-ingress",
    // Replace with the appropriate Helm repo URL or name
    fetchOpts: {
        repo: "https://helm.nginx.com/stable",
    },
    version: "1.41.2", // Use the version number for the ingress-controller you wish to deploy
    namespace: "default", // Define the Kubernetes namespace where the Helm chart should be installed
}, { provider: k8sProvider });

// Outputs
export const clusterName = aksCluster.name;
export const ingressControllerStatus = ingressControllerChart.status;
```

Let's break down the code:

- **Resource Group**: A resource group is created as a logical container in which the AKS cluster will reside.
- **Managed Cluster**: Defines properties for the AKS cluster, such as size and count of VMs, Kubernetes version, etc.
- **Kubeconfig**: Once the AKS cluster is created, we retrieve the kubeconfig, which is needed to communicate with the cluster.
- **Kubernetes Provider**: Pulumi's way of encapsulating the kubeconfig retrieval and abstracting the K8s API access.
- **Helm Chart**: We use the `Chart` class to install the nginx ingress controller with the specified version and repository.

Once the program is written, you will deploy it using these Pulumi CLI commands:

```bash
pulumi up       # Preview and deploy changes
pulumi stack    # Manage stacks
pulumi destroy  # Destroy all resources
```

Do handle the outputs with care, especially `kubeconfig` as it contains sensitive credentials required to access your AKS cluster. Save it securely and avoid exposing it in logs or to unauthorized users.