Deploy the opensips helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the OpenSIPS helm chart on Azure Kubernetes Service (AKS), you'll need to perform the following steps:

1. **Set up AKS Cluster**: You need an Azure Kubernetes Service (AKS) cluster where you can deploy the OpenSIPS helm chart.

2. **Install and Configure Helm**: Helm is a package manager for Kubernetes that simplifies deployment. Ensure you have Helm installed and configured to interact with your AKS cluster.

3. **Deploy the OpenSIPS Helm Chart**: With Helm set up, you can now deploy the OpenSIPS helm chart to your AKS cluster.

Let's create a Pulumi program that automates this process. We assume you've already [installed Pulumi](https://www.pulumi.com/docs/get-started/install/) and set up the Azure provider credentials on your machine. The program will be in TypeScript, which requires [Node.js](https://nodejs.org/).

We'll use two Pulumi resources for this task:

- `azure-native.containerservice.ManagedCluster`: This resource is used to create an AKS cluster.
- `kubernetes.helm.v3.Chart`: Once we have a Kubernetes cluster, we'll use this resource to deploy a helm chart onto that cluster.

Below is a detailed Pulumi program in TypeScript that accomplishes the deployment of the OpenSIPS helm chart onto AKS:

```typescript
import * as pulumi from '@pulumi/pulumi';
import * as azure_native from '@pulumi/azure-native';
import * as k8s from '@pulumi/kubernetes';
import * as azuread from '@pulumi/azuread';
import * as random from "@pulumi/random";

// Create a new password for the AKS cluster service principal.
const password = new random.RandomPassword("password", {
    length: 20,
    special: true,
}).result;

// Create a new AD service principal for the AKS cluster.
const adApp = new azuread.Application("aks", {
    displayName: "aks",
});
const adSp = new azuread.ServicePrincipal("aksSp", {
    applicationId: adApp.applicationId,
});
const adSpPassword = new azuread.ServicePrincipalPassword("aksSpPassword", {
    servicePrincipalId: adSp.id,
    value: password,
    endDate: "2099-01-01T00:00:00Z",
});

// Create the Azure Kubernetes Service (AKS) cluster
const cluster = new azure_native.containerservice.ManagedCluster("myAksCluster", {
    resourceGroupName: resourceGroup.name,
    // The service principal is needed to dynamically create and manage other Azure resources such as an Azure Load Balancer
    servicePrincipalProfile: {
        clientId: adApp.applicationId,
        secret: adSpPassword.value,
    },
    agentPoolProfiles: [{
        count: 2,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: "aks-sample",
    enableRBAC: true,
    kubernetesVersion: "1.18.14",
});

// Export the cluster's kubeconfig.
export const kubeconfig = pulumi.all([cluster.name, resourceGroup.name]).apply(([name, rgName]) => {
    return azure_native.containerservice.listManagedClusterUserCredentials({
        resourceGroupName: rgName,
        resourceName: name,
    }).then(creds => {
        const encoded = creds.kubeconfigs[0].value;
        return Buffer.from(encoded, 'base64').toString();
    });
});

// Create a provider to use the new kubeconfig for deploying helm charts to the cluster.
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Finally, deploy the OpenSIPS helm chart using pulumi-kubernetes library
const opensipsChart = new k8s.helm.v3.Chart("opensips", {
    chart: "opensips",
    version: "1.0.0", // replace with the desired chart version
    fetchOpts: {
        repo: "https://helm.opensips.org/", // replace with the OpenSIPS helm chart repository URL
    },
}, { provider: k8sProvider });

// Export the public IP to access OpenSIPS
export const openSipsIp = opensipsChart.getResourceProperty("v1/Service", "opensips-opensips", "status")
    .apply(status => status.loadBalancer.ingress[0].ip);
```

Here is the breakdown of what each part of the program does:

- **Random Password Generation**: We begin by creating a new random password for our AKS cluster's service principal.

- **Azure AD Application and Service Principal**: A service principal is required for AKS so it can interact with other Azure resources on your behalf. We create one here and assign it a password.

- **AKS Cluster Creation**: We declare an AKS cluster resource with two nodes. The `servicePrincipalProfile` provides the credentials we just created, which the AKS cluster will use.

- **Kubeconfig Export**: After creating the cluster, we export the kubeconfig which will allow us to interact with the cluster using `kubectl` and Helm.

- **Provider Creation**: A Pulumi Kubernetes provider is declared using the exported kubeconfig. This configures Pulumi with the correct API access to the new AKS cluster.

- **Helm Chart Deployment**: With the Kubernetes provider in place, we define a helm chart resource to deploy OpenSIPS. We specify the chart version and repository.

- **Public IP Export**: Lastly, we export the public IP assigned to the OpenSIPS service so that it is easily accessible.

To use this program:

1. Save it to a file named `index.ts`.
2. Run `pulumi up` to create the resources. This will provision an AKS cluster and deploy OpenSIPS onto it via Helm.

The Pulumi CLI will display progress and any errors that may occur, and upon successful completion, you'll have a running instance of Open