Deploy the python-app helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy a Helm chart on an Azure Managed OpenShift cluster, you will need to follow these steps:

1. Set up an Azure Managed OpenShift cluster.
2. Install and configure the Helm CLI on your local machine or wherever you plan to run the deployment from.
3. Use the Helm provider in Pulumi to deploy your `python-app` chart onto the OpenShift cluster.

In this program, we will create an Azure Managed OpenShift cluster using Pulumi and then deploy a Helm chart to this cluster.

Before you run the Pulumi code, make sure you have the following prerequisites met:

- You have installed [Pulumi CLI](https://www.pulumi.com/docs/get-started/azure/begin/)
- You are logged into Pulumi CLI (`pulumi login`)
- You have installed [Helm CLI](https://helm.sh/docs/intro/install/)
- You have logged into Azure CLI and set the correct subscription (`az login` and `az account set`)

Below is the TypeScript Pulumi program that creates an Azure Managed OpenShift cluster and deploys the specified Helm chart to it. OpenShift clusters are quite complex, so certain configurations specific to your environment may need to be adjusted.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";

// Create an Azure Resource Group
const resourceGroup = new azure_native.resources.ResourceGroup("myResourceGroup");

// Create an Azure AD Application for the OpenShift cluster
const adApp = new azuread.Application("openshiftAdApp", {
    displayName: "OpenShift",
});

// Create a Service Principal for the Azure AD Application
const adSp = new azuread.ServicePrincipal("openshiftAdSp", {
    applicationId: adApp.applicationId,
});

// Assign a role to the Service Principal
const adSpPassword = new azuread.ServicePrincipalPassword("openshiftAdSpPassword", {
    servicePrincipalId: adSp.id,
    value: "REPLACE_WITH_YOUR_PASSWORD",
    endDate: "2099-01-01T00:00:00Z",
});

const openShiftCluster = new azure_native.containerservice.OpenShiftManagedCluster("myOpenShiftCluster", {
    resourceGroupName: resourceGroup.name,
    // Additional required configurations go here
    // Location, network profiles, etc.
});

// Deploy "python-app" Helm chart
const helmRelease = new k8s.helm.v3.Chart("python-app", {
    chart: "python",
    version: "1.0.0", // Replace with your chart's version
    // Set to the namespace where you would like to install 'python-app.'
    namespace: "default", 
    fetchOpts: {
        repo: "http://example.com/helm-charts", // Replace with your chart's repository.
    },
}, { provider: new k8s.Provider("k8s-provider", {
    kubeconfig: openShiftCluster.kubeconfig,
})});

// Export the OpenShift cluster's name and resource group name
export const openShiftClusterName = openShiftCluster.name;
export const openShiftClusterResourceGroupName = resourceGroup.name;
```

Here are the steps that the above program takes:

1. A new Azure resource group is created to hold our OpenShift cluster and any associated resources.
2. A new Azure AD application and service principal are created in order to define the identity of the Openshift cluster within Azure. Typically, you will have to assign a role to the service principal that allows creation of the resources.
3. A password is assigned to the service principal; you would replace the placeholder with a secure password.
4. The Managed OpenShift cluster is declared with a specific name `myOpenShiftCluster` within the created resource group. This step requires additional configuration based on the requirements such as the location, networking profiles, access control, etc.
5. A Helm chart is deployed to the OpenShift cluster. The `Chart` class from `@pulumi/kubernetes` is used for this purpose and it points to the OpenShift cluster’s Kubeconfig to interact with it.
6. Lastly, it exports the names of our OpenShift cluster and resource group, so we can easily access them later, for instance when we want to retrieve the cluster’s Kubeconfig for `kubectl` commands.

After you have verified the code above suits your scenario, you would run `pulumi up` to execute the code and create the resources and deploy the Helm chart.

Please ensure that you have appropriate Azure permissions to create these resources and that the Pulumi program has been adjusted to reflect the correct Helm chart details.