azure-go-aks-helm: ported from TypeScript (pulumi#948)

* Port azure-ts-aks-helm example to Go * Fix README
ctmcisco · Mar 18, 2021 · 2a10da7 · 2a10da7
1 parent c8461ac
commit 2a10da7
Show file tree

Hide file tree

Showing 7 changed files with 738 additions and 0 deletions.
diff --git a/azure-go-aks-helm/Pulumi.yaml b/azure-go-aks-helm/Pulumi.yaml
@@ -0,0 +1,3 @@
+name: azure-ts-aks-helm
+runtime: go
+description: Azure Native Go Pulumi example featuring Helm chart deployment to AKS
diff --git a/azure-go-aks-helm/README.md b/azure-go-aks-helm/README.md
@@ -0,0 +1,109 @@
+[![Deploy](https://get.pulumi.com/new/button.svg)](https://app.pulumi.com/new)
+
+# Azure Kubernetes Service (AKS) Cluster and Helm Chart
+
+This example demonstrates creating an [Azure Kubernetes Service (AKS)](https://docs.microsoft.com/en-us/azure/aks/)
+cluster and deploying a Helm Chart from [Bitnami Helm chart repository](https://github.com/bitnami/charts)
+into this cluster, all in one Pulumi program.
+
+The example showcases the [native Azure provider for Pulumi](https://www.pulumi.com/docs/intro/cloud-providers/azure/).
+
+
+## Prerequisites
+
+- Install [Pulumi](https://www.pulumi.com/docs/get-started/install/).
+
+- Install [Go](https://golang.org)
+
+- We will be deploying to Azure, so you will need an Azure account. If
+ you do not have an account, [sign up for free here](https://azure.microsoft.com/en-us/free/).
+
+- Setup and authenticate the [native Azure provider for Pulumi](https://www.pulumi.com/docs/intro/cloud-providers/azure/setup/).
+
+
+## Running the Example
+
+In this example we will provision a Kubernetes cluster running a
+public Apache web server, verify we can access it, and clean up when
+done.
+
+1. Get the code:
+
+ ```bash
+ $ git clone [email protected]:pulumi/examples.git
+ $ cd examples/azure-go-aks-helm
+ ```
+
+2. Restore dependencies and build:
+
+ ```bash
+ $ go build
+ ```
+
+3. Create a new stack, which is an isolated deployment target for this example:
+
+ ```bash
+ $ pulumi stack init
+ ```
+
+4. Set the required configuration variables for this program:
+
+ ```bash
+ $ pulumi config set azure-native:location westus2
+ ```
+
+5. Deploy everything with the `pulumi up` command. This provisions
+ all the Azure resources necessary, including an Active Directory
+ service principal, AKS cluster, and then deploys the Apache Helm
+ Chart, all in a single gesture (takes 5-10 min):
+
+ ```bash
+ $ pulumi up
+ ```
+
+6. Now your cluster and Apache server are ready. Several output
+ variables will be printed, including your cluster name
+ (`clusterName`), Kubernetes config (`kubeconfig`) and server IP
+ address (`apacheServiceIP`).
+
+ Using these output variables, you may access your Apache server:
+
+ ```bash
+ $ curl $(pulumi stack output apacheServiceIP)
+ <html><body><h1>It works!</h1></body></html>
+ ```
+
+ And you may also configure your `kubectl` client using the
+ `kubeConfig` configuration:
+
+ ```bash
+ $ pulumi stack output kubeconfig --show-secrets > kubeconfig.yaml
+ $ KUBECONFIG=./kubeconfig.yaml kubectl get service
+
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+ apache-chart LoadBalancer 10.0.154.121 40.125.100.104 80:30472/TCP,443:30364/TCP 8m
+ kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 8m
+ ```
+
+7. At this point, you have a running cluster. Feel free to modify
+ your program, and run `pulumi up` to redeploy changes. The Pulumi
+ CLI automatically detects what has changed and makes the minimal
+ edits necessary to accomplish these changes. This could be
+ altering the existing chart, adding new Azure or Kubernetes
+ resources, or anything, really.
+
+ TIP: if you make changes to the example code outside of an IDE,
+ run the Go compiler after every change:
+
+ ```bash
+ $ go build
+ ```
+
+8. Once you are done, you can destroy all of the resources, and the
+ stack:
+
+ ```bash
+ $ pulumi destroy
+ $ pulumi stack rm
+ $ rm kubeconfig.yaml
+ ```
diff --git a/azure-go-aks-helm/cluster.go b/azure-go-aks-helm/cluster.go
@@ -0,0 +1,130 @@
+// Copyright 2016-2021, Pulumi Corporation. All rights reserved.
+//
+// Functions to provision and interact with an AKS cluster.
+
+package main
+
+import (
+ "encoding/base64"
+
+ cs "github.com/pulumi/pulumi-azure-native/sdk/go/azure/containerservice"
+ "github.com/pulumi/pulumi-azure-native/sdk/go/azure/resources"
+ "github.com/pulumi/pulumi-azuread/sdk/v3/go/azuread"
+ "github.com/pulumi/pulumi-kubernetes/sdk/v2/go/kubernetes"
+ "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
+)
+
+type ClusterInfo struct {
+ ManagedCluster *cs.ManagedCluster
+ ResourceGroup *resources.ResourceGroup
+}
+
+func buildCluster(ctx *pulumi.Context, cfg Config) (*ClusterInfo, error) {
+ resourceGroup, err := resources.NewResourceGroup(ctx, "rg", nil)
+ if err != nil {
+ return nil, err
+ }
+
+ adApp, err := azuread.NewApplication(ctx, "app",
+ &azuread.ApplicationArgs{
+ Name: pulumi.String("app"),
+ })
+ if err != nil {
+ return nil, err
+ }
+
+ adSp, err := azuread.NewServicePrincipal(ctx, "service-principal",
+ &azuread.ServicePrincipalArgs{
+ ApplicationId: adApp.ApplicationId,
+ })
+ if err != nil {
+ return nil, err
+ }
+
+ adSpPassword, err := azuread.NewServicePrincipalPassword(ctx, "sp-password",
+ &azuread.ServicePrincipalPasswordArgs{
+ ServicePrincipalId: adSp.ID(),
+ Value: cfg.Password,
+ EndDate: pulumi.String("2099-01-01T00:00:00Z"),
+ })
+ if err != nil {
+ return nil, err
+ }
+
+ k8sCluster, err := cs.NewManagedCluster(ctx, "cluster",
+ &cs.ManagedClusterArgs{
+ ResourceGroupName: resourceGroup.Name,
+ AddonProfiles: cs.ManagedClusterAddonProfileMap{
+ "KubeDashboard": cs.ManagedClusterAddonProfileArgs{
+ Enabled: pulumi.Bool(true),
+ },
+ },
+ AgentPoolProfiles: cs.ManagedClusterAgentPoolProfileArray{
+ cs.ManagedClusterAgentPoolProfileArgs{
+ Count: pulumi.Int(cfg.NodeCount),
+ VmSize: pulumi.String(cfg.NodeSize),
+ MaxPods: pulumi.Int(110),
+ Mode: pulumi.String("System"),
+ Name: pulumi.String("agentpool"),
+ OsDiskSizeGB: pulumi.Int(30),
+ OsType: pulumi.String("Linux"),
+ Type: pulumi.String("VirtualMachineScaleSets"),
+ },
+ },
+ DnsPrefix: resourceGroup.Name,
+ EnableRBAC: pulumi.Bool(true),
+ KubernetesVersion: pulumi.String(cfg.K8sVersion),
+ LinuxProfile: cs.ContainerServiceLinuxProfileArgs{
+ AdminUsername: pulumi.String(cfg.AdminUserName),
+ Ssh: cs.ContainerServiceSshConfigurationArgs{
+ PublicKeys: cs.ContainerServiceSshPublicKeyArray{
+ cs.ContainerServiceSshPublicKeyArgs{
+ KeyData: cfg.SshPublicKey,
+ },
+ },
+ },
+ },
+ NodeResourceGroup: pulumi.String("node-resource-group"),
+ ServicePrincipalProfile: cs.ManagedClusterServicePrincipalProfileArgs{
+ ClientId: adApp.ApplicationId,
+ Secret: adSpPassword.Value,
+ },
+ })
+
+ return &ClusterInfo{
+ ManagedCluster: k8sCluster,
+ ResourceGroup: resourceGroup,
+ }, nil
+}
+
+func getKubeconfig(ctx *pulumi.Context, cluster *ClusterInfo) pulumi.StringOutput {
+ return pulumi.All(cluster.ManagedCluster.Name, cluster.ResourceGroup.Name).
+ ApplyString(func(names []interface{}) (string, error) {
+ k8sClusterName := names[0].(string)
+ resourceGroupName := names[1].(string)
+ out, err := cs.ListManagedClusterUserCredentials(ctx,
+ &cs.ListManagedClusterUserCredentialsArgs{
+ ResourceGroupName: resourceGroupName,
+ ResourceName: k8sClusterName,
+ },
+ )
+ if err != nil {
+ return "", err
+ }
+ decoded, err := base64.StdEncoding.DecodeString(out.Kubeconfigs[0].Value)
+ if err != nil {
+ return "", err
+ }
+ return string(decoded), nil
+ })
+}
+
+func buildProvider(
+ ctx *pulumi.Context,
+ cluster *ClusterInfo,
+ kubeConfig pulumi.StringOutput) (*kubernetes.Provider, error) {
+
+ return kubernetes.NewProvider(ctx, "k8s-provider", &kubernetes.ProviderArgs{
+ Kubeconfig: kubeConfig,
+ })
+}
diff --git a/azure-go-aks-helm/config.go b/azure-go-aks-helm/config.go
@@ -0,0 +1,86 @@
+// Copyright 2016-2021, Pulumi Corporation. All rights reserved.
+//
+// Configures the example. If password and public key for connecting
+// to the cluster are not set with `pulumi config`, we generate a
+// random password and key pair.
+
+package main
+
+import (
+ "github.com/pulumi/pulumi-random/sdk/v3/go/random"
+ "github.com/pulumi/pulumi-tls/sdk/v2/go/tls"
+ "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
+ "github.com/pulumi/pulumi/sdk/v2/go/pulumi/config"
+)
+
+type Config struct {
+ K8sVersion string
+ Password pulumi.StringInput
+ GeneratedKeyPair *tls.PrivateKey
+ AdminUserName string
+ SshPublicKey pulumi.StringInput
+ NodeCount int
+ NodeSize string
+}
+
+func configure(ctx *pulumi.Context) (Config, error) {
+ out := Config{}
+
+ cfg := config.New(ctx, "")
+
+ out.K8sVersion = cfg.Get("k8sVersion")
+ if out.K8sVersion == "" {
+ out.K8sVersion = "1.18.14"
+ }
+
+ generatedKeyPair, err := tls.NewPrivateKey(ctx, "ssh-key",
+ &tls.PrivateKeyArgs{
+ Algorithm: pulumi.String("RSA"),
+ RsaBits: pulumi.Int(4096),
+ })
+ if err != nil {
+ return Config{}, err
+ }
+ out.GeneratedKeyPair = generatedKeyPair
+
+ pw := cfg.Get("password")
+ if pw == "" {
+ randPW, err := random.NewRandomPassword(ctx, "pw",
+ &random.RandomPasswordArgs{
+ Length: pulumi.Int(20),
+ Special: pulumi.Bool(true),
+ })
+
+ if err != nil {
+ return Config{}, err
+ }
+
+ out.Password = randPW.Result
+ } else {
+ out.Password = pulumi.String(pw)
+ }
+
+ out.AdminUserName = cfg.Get("adminUserName")
+ if out.AdminUserName == "" {
+ out.AdminUserName = "testuser"
+ }
+
+ sshPubKey := cfg.Get("sshPublicKey")
+ if sshPubKey == "" {
+ out.SshPublicKey = generatedKeyPair.PublicKeyOpenssh
+ } else {
+ out.SshPublicKey = pulumi.String(sshPubKey)
+ }
+
+ out.NodeCount = cfg.GetInt("nodeCount")
+ if out.NodeCount == 0 {
+ out.NodeCount = 2
+ }
+
+ out.NodeSize = cfg.Get("nodeSize")
+ if out.NodeSize == "" {
+ out.NodeSize = "Standard_D2_v2"
+ }
+
+ return out, nil
+}
diff --git a/azure-go-aks-helm/go.mod b/azure-go-aks-helm/go.mod
@@ -0,0 +1,12 @@
+module go-ex
+
+go 1.15
+
+require (
+ github.com/pulumi/pulumi-azure-native/sdk v0.7.1
+ github.com/pulumi/pulumi-azuread/sdk/v3 v3.5.0
+ github.com/pulumi/pulumi-kubernetes/sdk/v2 v2.8.2
+ github.com/pulumi/pulumi-random/sdk/v3 v3.1.0 // indirect
+ github.com/pulumi/pulumi-tls/sdk/v2 v2.5.0 // indirect
+ github.com/pulumi/pulumi/sdk/v2 v2.21.2
+)