Deploy the cyberark-sidecar-injector helm chart on Azure Kubernetes Service (AKS)
TypeScriptTo deploy the CyberArk Sidecar Injector Helm chart on Azure Kubernetes Service (AKS), we will follow these steps:
- Create an AKS cluster.
- Configure the Kubernetes provider to interact with the AKS cluster.
- Use Helm to install the CyberArk Sidecar Injector chart on the AKS cluster.
We'll use Pulumi's
azure-native
provider to provision the AKS cluster and then configure thekubernetes
provider to interact with it. After that, we'll use thehelm
provider to deploy the Helm chart.Below is a Pulumi program written in TypeScript that accomplishes these tasks:
import * as pulumi from "@pulumi/pulumi"; import * as azure from "@pulumi/azure-native"; import * as kubernetes from "@pulumi/kubernetes"; import * as azuread from "@pulumi/azuread"; const name = pulumi.getStack(); // Step 1: Create an Azure Resource Group const resourceGroup = new azure.resources.ResourceGroup(`rg-${name}`); // Step 2: Create an AKS cluster const managedCluster = new azure.containerservice.ManagedCluster(`aks-${name}`, { resourceGroupName: resourceGroup.name, agentPoolProfiles: [{ count: 3, maxPods: 110, mode: "System", name: "agentpool", osType: "Linux", vmSize: "Standard_DS2_v2", }], dnsPrefix: `${name}-k8s`, enableRBAC: true, kubernetesVersion: "1.18.14", linuxProfile: { adminUsername: "testadmin", ssh: { publicKeys: [{ keyData: "ssh-rsa ...", // replace `...` with your SSH public key }], }, }, servicePrincipalProfile: { clientId: "YOUR_SERVICE_PRINCIPAL_CLIENT_ID", secret: "YOUR_SERVICE_PRINCIPAL_SECRET", }, }); // Step 3: Configure kubernetes provider to interact with the AKS cluster const creds = pulumi.all([resourceGroup.name, managedCluster.name]).apply(([resourceGroupName, clusterName]) => azure.containerservice.listManagedClusterUserCredentials({ resourceGroupName, resourceName: clusterName, })); const kubeconfig = creds.kubeconfigs[0].value.apply(enc => Buffer.from(enc, 'base64').toString()); const k8sProvider = new kubernetes.Provider(`k8sprovider-${name}`, { kubeconfig: kubeconfig, }); // Step 4: Install the CyberArk Sidecar Injector Helm chart into the AKS cluster const sidecarInjectorRelease = new kubernetes.helm.v3.Release(`cyberark-sidecar-${name}`, { chart: "cyberark-sidecar-injector", version: "1.5.2", // specify the version of the chart to deploy repositoryOpts: { repo: "https://cyberark.github.io/helm-charts", // Replace with the correct repo if necessary }, namespace: "cyberark", }, { provider: k8sProvider }); // Step 5: Export the kubeconfig export const kubeConfig = kubeconfig;
Make sure you replace the placeholder for the
clientId
andsecret
with the appropriate credentials for your Azure Service Principal. Also, insert your SSH public key where indicated.Here's what each part of the script does:
-
Resource Group: A resource group is created as a container that holds related resources for an Azure solution.
-
Managed AKS Cluster: Provisions an AKS cluster with a specified number of nodes, Kubernetes version, and VM size.
-
Kubernetes Provider Configuration: Retrieves the credentials for the created AKS cluster and configures the Kubernetes provider with these credentials.
-
Helm Chart Installation: Installs the specified version of the CyberArk Sidecar Injector Helm chart from the provided chart repository into the AKS cluster. The namespace indicates where the Helm chart will be installed.
-
Kubeconfig Export: Finally, we export the kubeconfig that you can use to interact with your Kubernetes cluster using
kubectl
or other Kubernetes management tools.
Remember to replace the
YOUR_SERVICE_PRINCIPAL_CLIENT_ID
andYOUR_SERVICE_PRINCIPAL_SECRET
placeholders with actual values from your Azure Service Principal.To run this Pulumi program, you would follow these steps:
- Install Pulumi and the required CLI tools for Azure (e.g., Azure CLI).
- Install Node.js and configure your environment.
- Save this program in a file, for instance
main.ts
. - Run
npm install
to install the dependencies. - Run
pulumi stack init
to create a new Pulumi stack, e.g.,dev
. - Run
pulumi up
to execute the Pulumi program and deploy the AKS cluster and Helm chart.
After the program has been successfully run, you will see the
kubeconfig
output which you can use to interact with your Kubernetes cluster.For more information on the
azure-native
resources for AKS, you can refer to the ManagedCluster documentation, and for thehelm
Charts, the Helm Release documentation.