Deploy the pritunl-vpn helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy the Pritunl VPN Helm chart on Azure Managed OpenShift Service, you'll follow several steps using Pulumi's azure-native and kubernetes packages.

First, you'll need to provision an Azure Red Hat OpenShift (ARO) cluster using azure-native.redhatopenshift.OpenShiftCluster. After the OpenShift cluster is provisioned, you'll configure Pulumi to use the Kubernetes provider to interact with the cluster. Finally, you'll deploy the Pritunl VPN Helm chart using the kubernetes.helm.sh/v3.Chart resource from the Pulumi Kubernetes provider.

Here's an overview of the steps involved:

Set up an OpenShift cluster on Azure using Pulumi.
Obtain the Kubernetes configuration for the OpenShift cluster.
use the kubernetes.helm.sh/v3.Chart to deploy the Pritunl VPN Helm chart.

Let's create a Pulumi program in TypeScript to perform these tasks:

import * as pulumi from "@pulumi/pulumi";
import * as azureNative from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Provision an Azure Red Hat OpenShift (ARO) cluster
// Replace the placeholders with actual values for resourceGroupName, clusterName, and domain.
const openShiftCluster = new azureNative.redhatopenshift.OpenShiftCluster("myOpenShiftCluster", {
    resourceGroupName: "<resource-group-name>",
    resourceName: "<cluster-name>",
    location: "<location>", // e.g., "eastus"
    clusterProfile: {
        domain: "<domain-name>", // e.g., "example"
        version: "<openshift-version>", // e.g., "4.6.8"
        resourceGroupId: "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>",
    },
    masterProfile: {
        vmSize: "Standard_D8s_v3",
    },
    networkProfile: {
        podCidr: "10.128.0.0/14",
        serviceCidr: "172.30.0.0/16",
    },
    workerProfiles: [{
        name: "worker", // Change the name if needed
        vmSize: "Standard_D4s_v3",
        diskSizeGB: 128,
        count: 3,
    }],
});

// Step 2: Obtain the Kubernetes configuration for the OpenShift cluster.
// Assuming you have configured your Azure credentials and have necessary permissions.
const creds = pulumi.all([openShiftCluster.name, openShiftCluster.resourceGroupName]).apply(([name, rg]) =>
    azureNative.redhatopenshift.listOpenShiftClusterAdminKubeconfig({
        resourceName: name,
        resourceGroupName: rg,
    }),
);

const kubeConfig = creds.kubeconfig;

// Step 3: Deploy the Pritunl VPN Helm chart using the obtained kubeconfig.
const pritunlChart = new k8s.helm.v3.Chart("pritunl-vpn", {
    chart: "pritunl",
    version: "<chart-version>", // Specify the chart version, if required
    // Note: Helm repository containing Pritunl VPN chart should be added or specified.
    // You may need to add a `fetchOpts` property with the repository details.
    namespace: "default", // You can specify a different namespace if needed
    values: { // Specify any custom values needed for the Pritunl VPN Helm chart
        // e.g., "user": "admin", "password": "admin",
    },
}, { provider: new k8s.Provider("k8s-provider", { kubeconfig }) });

// Export the public IP to access Pritunl VPN
export const pritunlEndpoint = pritunlChart.getResourceProperty("v1/Service", "pritunl-vpn-pritunl", "status")
    .apply(status => status.loadBalancer.ingress[0].ip);

In this program:

We create a new ARO cluster by instantiating azureNative.redhatopenshift.OpenShiftCluster. You'll need to replace placeholders with actual values regarding the resource group name, cluster name, and domain, among other configurations. Refer to the OpenShiftCluster documentation for details on the available properties.
We retrieve the admin kubeconfig for the ARO cluster using the listOpenShiftClusterAdminKubeconfig method. It's important to note that proper Azure credentials and permissions are required for this step. Also, error handling should be implemented for production-grade code.
We create a new Helm chart resource pritunl-vpn which will deploy the Pritunl VPN chart to your ARO cluster. You should specify the version of the chart and potentially provide a fetchOpts configuration if your Helm repository isn't already known to Pulumi.
Finally, we export the load balancer's IP address that should get assigned to the Pritunl VPN, which allows you to access it.

Make sure to replace placeholders with the actual values. These include the location of deployment, OpenShift version, cluster and domain names, the Azure subscription ID, and the value overrides for the Helm chart. Additionally, ensure that you have the Pritunl VPN Helm chart details correct, such as the name of the chart and the version if it's specific.