1. Deploy the knative-istio-authz helm chart on Azure Managed Openshift Service


    To deploy the knative-istio-authz Helm chart on Azure Managed Openshift Service using Pulumi, you will need to follow these steps:

    1. Set up an Azure Managed OpenShift Cluster: First, you need to create an OpenShift cluster in Azure using the azure-native.containerservice.OpenShiftManagedCluster resource. This cluster will be the foundational infrastructure on which your applications will run.

    2. Install Knative and Istio: Knative depends on Istio as the ingress gateway. Ensure that Istio is installed and properly configured before deploying Knative. Knative can be installed using Helm charts, which brings us to the next step.

    3. Deploy the Helm Chart: You will use Pulumi's native Helm Chart support to deploy the knative-istio-authz chart. The resource kubernetes.helm.v3.Chart allows Pulumi to deploy a Helm chart from a repository.

    Here is a Pulumi program written in TypeScript that illustrates these steps:

    import * as pulumi from "@pulumi/pulumi"; import * as azureNative from "@pulumi/azure-native"; import * as k8s from "@pulumi/kubernetes"; // Step 1: Set up an Azure Managed OpenShift Cluster const resourceGroupName = "myResourceGroup"; const resourceGroup = new azureNative.resources.ResourceGroup(resourceGroupName, { resourceGroupName: resourceGroupName, }); const openShiftCluster = new azureNative.containerservice.OpenShiftManagedCluster("myOpenShiftCluster", { resourceName: "myOpenShiftCluster", resourceGroupName: resourceGroup.name, location: "East US", // Choose an appropriate Azure region openShiftVersion: "v4.3", // Specify the desired OpenShift version networkProfile: { vnetCidr: "", }, masterPoolProfile: { count: 3, vmSize: "Standard_D4s_v3", }, agentPoolProfiles: [{ name: "agentpool", count: 3, vmSize: "Standard_D4s_v3", role: "Compute", }], }); // Assuming you have already set up the k8s provider to point to the OpenShift cluster const k8sProvider = new k8s.Provider("k8sProvider", { // Make sure to use the appropriate kubeconfig kubeconfig: openShiftCluster.config.clusterAdminKubeconfig.apply(c => c.kubeconfig), }); // Step 2: Deploy Istio - This would typically be included as a separate Helm chart deployment // Step 3: Deploy the `knative-istio-authz` Helm chart const knativeIstioAuthzChart = new k8s.helm.v3.Chart("knative-istio-authz", { chart: "knative-istio-authz", version: "0.1.0", // Specify the version of the chart you want to deploy fetchOpts: { // This should be the repository where the knative-istio-authz chart is located repo: "https://knative-releases.github.io/serving/", }, }, { provider: k8sProvider }); // Export the cluster's kubeconfig and the public IP for accessing applications export const kubeconfig = openShiftCluster.config.clusterAdminKubeconfig.apply(c => c.kubeconfig); // Use this to interact with the cluster to get additional resources and status // For example, output the service URL of Istio Ingress Gateway export const istioIngressIp = knativeIstioAuthzChart.getResourceProperty("v1/Service", "istio-ingressgateway", "status") .apply(status => status.loadBalancer.ingress[0].ip);

    Here's what each part of the code is doing:

    • Resource Group Creation: The resourceGroup object creates an Azure Resource Group that will contain the other Azure resources being provisioned.

    • OpenShift Cluster Creation: The openShiftCluster object stands up an OpenShift cluster in Azure. The location, version, and sizing details of the master and agent nodes are specified as parameters. This process might take a while.

    • Kubernetes Provider Setup: The k8sProvider object configures the Pulumi Kubernetes provider with the kubeconfig from the created OpenShift cluster. This allows Pulumi to communicate with your cluster.

    • Helm Chart Deployment: The knativeIstioAuthzChart object represents the Helm chart that you want to deploy. By setting the fetchOpts to point to the chart's repository, Pulumi knows where to fetch the chart from and which version to deploy.

    • Exports: The kubeconfig output makes it easy to use kubectl with your new OpenShift cluster, and istioIngressIp could be used to get the IP for accessing the Istio Ingress Gateway, although you would need to ensure Istio is installed prior to using this export.

    Please replace placeholder values with actual values that pertain to your use case, such as the location, openShiftVersion, chart version and repo. Additionally, you would perform Istio setup before installing Knative, which might involve installing another Helm chart or following istio's installation instructions.

    Make sure you have the Pulumi CLI installed and have the appropriate cloud provider CLI configured for authentication purposes—Azure CLI in this case. Run pulumi up to create the resources defined in the program above.