Deploy the keycloak-umbrella helm chart on Oracle Kubernetes Engine (OKE)

Question

Pulumi · Accepted Answer

Deploying a Helm chart to Oracle Kubernetes Engine (OKE) involves several steps:

Setting up OKE Cluster: Before deploying your Helm charts, you need an Oracle Kubernetes Engine cluster running. Pulumi provides a resource called oci.ContainerEngine.Cluster to establish a new OKE cluster.
Installing Helm and Tiller: Helm is a package manager for Kubernetes that simplifies application deployment. The server side of Helm is called Tiller, which needs to be running in your cluster. However, as of Helm v3, Tiller has been removed, so you no longer need to install it into your cluster.
Deploying the Helm Chart: To deploy Helm charts with Pulumi, you can use the kubernetes.helm.v3.Chart resource. This resource enables you to deploy a Helm chart into a Kubernetes cluster directly from your Pulumi program.

Below is a Pulumi TypeScript program that demonstrates how to create an OKE Cluster and then deploy the keycloak-umbrella Helm chart to it. Before running this program, make sure you have the necessary Oracle Cloud Infrastructure and Pulumi accounts set up, and your environment properly configured with the required credentials.

import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
import * as k8s from "@pulumi/kubernetes";

// Create an OCI provider to authenticate and interact with Oracle Cloud resources
const provider = new oci.Provider("oci", { region: "us-phoenix-1"});

// Create a VCN and a subnet for the OKE cluster
const vcn = new oci.core.Vcn("okeVcn", {
    compartmentId: provider.compartmentId,
    cidrBlock: "10.0.0.0/16",
}, { provider });

const subnet = new oci.core.Subnet("okeSubnet", {
    compartmentId: provider.compartmentId,
    vcnId: vcn.id,
    cidrBlock: "10.0.0.0/24",
    securityListIds: [],
}, { provider });

// Create the OKE cluster
const cluster = new oci.containerengine.Cluster("okeCluster", {
    compartmentId: provider.compartmentId,
    kubernetesVersion: "v1.20.8",
    name: "pulumi-oke-cluster",
    options: {
        serviceLbSubnetIds: [subnet.id],        
    },
}, { provider });

/*
Note: Generating the kubeconfig for an OKE cluster dynamically is a bit tricky since it typically requires
OCID-specific authentication that Pulumi's dynamic providers can have trouble with. For simplicity,
it is currently recommended to use the `oci cli` to generate the kubeconfig file, and then to use it
with Pulumi's kubernetes provider.
*/

// Fill in with the appropriate kubeconfig information for your OKE cluster
const kubeconfig = "<YOUR_KUBECONFIG_CONTENTS>";

// Create a Kubernetes provider instance using the kubeconfig obtained from the OKE cluster
const k8sProvider = new k8s.Provider("okeK8s", {
    kubeconfig,
});

// Deploy the `keycloak-umbrella` Helm chart into the OKE cluster using the kubernetes provider
const keycloakUmbrellaChart = new k8s.helm.v3.Chart("keycloak-umbrella", {
    chart: "keycloak-umbrella",
    version: "1.0.0", // Replace with the correct chart version
    fetchOpts:{
        repo: "https://charts.bitnami.com/bitnami", // Assuming Keycloak chart is in the Bitnami Helm repo, replace if necessary
    },
    values: {
        // Provide any specific configurations for Keycloak
    },
}, { provider: k8sProvider });

// Export the cluster name and Kubernetes provider kubeconfig
export const clusterName = cluster.name;
export const kubeconfigContent = pulumi.secret(kubeconfig);

Explanation of the above program:

It starts by setting up a new Virtual Cloud Network (VCN) and Subnet which are prerequisites for creating an OKE cluster, using OCI's Vcn and Subnet resources.
It then creates an OKE cluster using the oci.containerengine.Cluster resource. It also specifies the version of Kubernetes desired for the cluster.
For the kubeconfig field, manual steps are currently needed to configure it. Typically, you generate a kubeconfig file via the Oracle Cloud Infrastructure (OCI) CLI after the cluster is created, and pass it to the Pulumi Kubernetes provider so that the program can interact with your cluster.
Using the Kubernetes provider initialized with the obtained kubeconfig, we then define a Chart resource which deploys the specified Helm chart, keycloak-umbrella, into our OKE cluster.

Before running this, make sure you replace placeholder items (such as <YOUR_KUBECONFIG_CONTENTS>) with real values from your own environment.

After you've crafted this program, you can deploy it using the standard Pulumi CLI commands: pulumi up to create or update resources and pulumi destroy to tear them down when you're done with them.