Deploy the ibm-apic-gtw-instance helm chart on Azure Managed Openshift Service
TypeScriptTo deploy an IBM API Connect Gateway (ibm-apic-gtw-instance) Helm chart on an Azure Managed OpenShift Service, you'll want to accomplish the following tasks:
- Set up Azure Managed OpenShift Service, which in this context means creating an OpenShift cluster on Azure.
- Install the Helm chart for the IBM API Connect Gateway instance onto the OpenShift cluster.
Let's break down these steps.
Step 1: Create an Azure OpenShift Cluster
To create a managed OpenShift cluster, we will use Pulumi's
azure-native.redhatopenshift.OpenShiftCluster
resource (docs). This will provision an OpenShift cluster managed by Azure Red Hat OpenShift, without you having to manually configure and manage the details of OpenShift.Step 2: Deploy the Helm Chart
Next, we’ll use the
kubernetes.helm.v3.Chart
resource (docs) from the Pulumi Kubernetes provider to deploy the IBM API Connect Gateway instance Helm chart to the OpenShift cluster. The Helm Chart resource is a way to deploy complex Kubernetes applications without manually writing every Kubernetes manifest.Below is the TypeScript code in Pulumi that performs these steps. Be sure to replace placeholders like
<RESOURCE_GROUP_NAME>
,<CLUSTER_NAME>
, and<CHART_VERSION>
with actual values you intend to use.import * as pulumi from "@pulumi/pulumi"; import * as k8s from "@pulumi/kubernetes"; import * as azureNative from "@pulumi/azure-native"; // Step 1: Create an OpenShift cluster const resourceGroupName = "<RESOURCE_GROUP_NAME>"; const openshiftClusterName = "<CLUSTER_NAME>"; const openshiftCluster = new azureNative.redhatopenshift.OpenShiftCluster(openshiftClusterName, { resourceName: openshiftClusterName, resourceGroupName: resourceGroupName, location: "<LOCATION>", // e.g., 'westus' clusterProfile: { domain: "<CLUSTER_DOMAIN>", // Custom domain for the OpenShift cluster version: "<OPENSHIFT_VERSION>", // e.g., '4.3.0' resourceGroupId: pulumi.interpolate(`/subscriptions/${azureNative.config.subscriptionId}/resourceGroups/${resourceGroupName}`), }, masterProfile: { vmSize: "Standard_D4s_v3", }, workerProfiles: [{ name: "worker", count: 3, vmSize: "Standard_D2s_v3", }], networkProfile: { podCidr: "10.128.0.0/14", serviceCidr: "172.30.0.0/16", }, servicePrincipalProfile: { clientId: "<AZURE_CLIENT_ID>", clientSecret: "<AZURE_CLIENT_SECRET>", }, }); // Step 2: Deploy the IBM API Connect Gateway helm chart // We need to set up a Kubernetes provider that uses the kubeconfig from the newly created OpenShift cluster const kubeconfig = openshiftCluster.kubeconfig.apply(kubeconfig => Buffer.from(kubeconfig, "base64").toString()); const k8sProvider = new k8s.Provider("openshiftK8s", { kubeconfig: kubeconfig, }); const ibmApicGtwInstanceChart = new k8s.helm.v3.Chart("ibm-apic-gtw-instance", { chart: "ibm-apic-gtw-instance", version: "<CHART_VERSION>", // Specify the version of the chart you want to deploy fetchOpts:{ repo: "https://charts.ibm.com/", }, }, { provider: k8sProvider }); // Export the OpenShift cluster's API server URL and the kubeconfig to access the cluster export const openshiftApiServerUrl = openshiftCluster.apiserverUrl; export const clusterKubeconfig = pulumi.secret(kubeconfig);
Explanation
- The
openshiftCluster
resource is where you configure details of the OpenShift cluster such as the domain, the version, the size of VMs for master and worker nodes, CIDR blocks for pods and services, etc. - The
openshiftCluster.kubeconfig
applies a transformation to the kubeconfig output from the OpenShiftCluster resource to convert it from a base64 string into a regular string. - The
k8s.Provider
setup uses the kubeconfig from our OpenShift cluster which will allow Pulumi to communicate with our OpenShift cluster for further configurations and deployments. - The
ibmApicGtwInstanceChart
resource is the Helm chart representing the IBM API Connect Gateway instance application, we specify the name of the chart, the version, and the repository URL where the chart can be found.
Be sure to replace placeholders with actual values. Keep sensitive data like the service principal secret safe and consider using Pulumi's secret handling for these values. The code includes exports for the OpenShift API server URL and the kubeconfig to allow you to interact with your OpenShift cluster once it's up and running. The kubeconfig is marked as a secret because it contains sensitive credentials.