Deploy the mtls helm chart on Azure Kubernetes Service (AKS)
TypeScriptTo deploy a mTLS (Mutual TLS) Helm chart on Azure Kubernetes Service (AKS), you will follow these high-level steps:
- Create an AKS cluster using Pulumi.
- Install the Helm chart that supports mTLS on the provisioned AKS cluster.
To begin with, you will need a Helm chart that is configured to support mTLS. This can either be a custom Helm chart you have created or one that is available in a public or private Helm repository. For this explanation, we will assume that you already have access to such a chart and that its related configuration files (if any) are prepared.
In this Pulumi program, the
kubernetes.helm.sh/v3.Chart
resource from the Pulumi Kubernetes provider will be used to deploy the Helm chart to the AKS cluster. This resource handles Helm chart deployments on a Kubernetes cluster.Here is how you can write this Pulumi program using TypeScript.
import * as pulumi from "@pulumi/pulumi"; import * as kubernetes from "@pulumi/kubernetes"; import * as azure from "@pulumi/azure"; // Define the AKS cluster using the Pulumi Azure provider const aksCluster = new azure.containerservice.KubernetesCluster("aksCluster", { // Replace these with actual values or configuration references as needed resourceGroupName: "myResourceGroup", location: "West US", agentPoolProfiles: [{ name: "type1", count: 2, vmSize: "Standard_DS2_v2", }], dnsPrefix: "myakscluster", linuxProfile: { adminUsername: "adminuser", sshKey: { keyData: "ssh-rsa AAAA....", // replace with an actual SSH public key }, }, servicePrincipal: { clientId: "clientId", clientSecret: "clientSecret", // In a real-world scenario, use the Pulumi configuration system to handle secrets }, }); // Create a Kubernetes provider instance using the kubeconfig from the AKS cluster const k8sProvider = new kubernetes.Provider("k8sProvider", { kubeconfig: aksCluster.kubeConfigRaw, }); // Deploy the mTLS Helm chart using the Pulumi Kubernetes provider const mtlsChart = new kubernetes.helm.sh.v3.Chart("mtlsChart", { // Assuming you have a Helm chart named 'mutual-tls-chart' accessible in a repository chart: "mutual-tls-chart", // Specify which repository the chart can be found in, if not local // repo: "https://example.com/helm-repo/", // You could also use a specific version // version: "1.0.0", // Provide values for mTLS configuration values: { // These values would depend on your specific Helm chart and mTLS requirements // For instance, certificate paths, enabled flags, etc. mtls: { enabled: true, // More configuration can go here }, }, }, { provider: k8sProvider }); // Export the kubeconfig and service publicly-accessible endpoint, if necessary export const kubeConfig = aksCluster.kubeConfigRaw; export const mtlsServiceEndpoint = mtlsChart.getResourceProperty("v1/Service", "mtls-service", "status").apply(status => status.loadBalancer.ingress[0].ip);
This program performs several actions:
- It starts by importing the necessary Pulumi libraries to orchestrate the resources.
- It then defines an AKS cluster with a specific location, size, and SSH access configuration.
- Using the output from the AKS cluster, it creates a Kubernetes provider that can communicate with the cluster.
- With the Kubernetes provider, it deploys the mTLS Helm chart to your AKS cluster and optionally configures specific parameters related to mTLS within the
values
argument. - Finally, it exports the kubeconfig needed to interact with the AKS cluster and the IP address of the mTLS service, if applicable.
Please make sure to replace placeholder values (e.g., SSH public key, service principal credentials, Helm chart details) with actual values relevant to your deployment. For sensitive information like the service principal's client secret, you should use the Pulumi Config system to store such secrets, ensuring they are encrypted appropriately.
To use this Pulumi program, you would:
- Save the code in a file named
index.ts
. - Run
pulumi up
command in the same directory where your Pulumi program file is located. Pulumi CLI will execute the code, and you can watch as it provisions the resources.
Remember to install the necessary NPM modules before running the Pulumi program:
npm install @pulumi/pulumi @pulumi/kubernetes @pulumi/azure
This script might need adjustments based on the Helm chart you're deploying, such as providing specific
values
for your mTLS configuration. Be sure to consult the documentation of your Helm chart for the correct values and structure required.