Deploy the dex-controller helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy the `dex-controller` helm chart on an Azure Managed OpenShift service, we'll carry out a two-part process:

1. Set up an Azure Red Hat OpenShift (ARO) cluster using Pulumi Azure Native provider.
2. Deploy the `dex-controller` helm chart to the ARO cluster using the Pulumi Kubernetes provider.

Before starting, ensure that you have Pulumi CLI installed and configured with the necessary Azure credentials.

First, we will create an Azure Red Hat OpenShift (ARO) cluster. The resource `azure-native.redhatopenshift.OpenShiftCluster` from the Pulumi Azure Native provider is used to define a Managed OpenShift service on Azure. You need to provide a set of parameters, including the resource group name, cluster name, and location, as well as more specific OpenShift configurations like the profile for the master and worker nodes.

After the ARO cluster is ready, we'll proceed with deploying the `dex-controller` helm chart. The Pulumi Kubernetes provider enables us to deploy helm charts, and we'll use the `kubernetes.helm.v3.Chart` resource to accomplish this. We'll specify the chart details, repository, and any configuration values specific to the `dex-controller`.

Let's go through the code to set up the ARO cluster and deploy the `dex-controller` helm chart.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azureNative from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Define the configuration for your OpenShift cluster here
// Make sure to change the placeholder values with actual ones
const clusterName = "myaro-cluster";
const resourceGroupName = "myResourceGroup";
const clusterLocation = "eastus"; // Choose the right location here

// Create an Azure Resource Group
const resourceGroup = new azureNative.resources.ResourceGroup("resourceGroup", {
    resourceGroupName: resourceGroupName,
    location: clusterLocation,
});

// Create the Azure Red Hat OpenShift cluster
const openshiftCluster = new azureNative.redhatopenshift.OpenShiftCluster("openshiftCluster", {
    resourceGroupName: resourceGroupName,
    resourceName: clusterName,
    location: clusterLocation,
    // Configure the cluster parameters as per your requirements
    masterProfile: {
        vmSize: "Standard_D8s_v3",
        subnetId: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}"
    },
    workerProfiles: [
        {
            name: "workerprofile",
            vmSize: "Standard_D4s_v3",
            subnetId: "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}",
            count: 3,
        },
    ],
    networkProfile: {
        podCidr: "10.128.0.0/14",
        serviceCidr: "172.30.0.0/16",
    },
    // Additional configurations go here
});

// Deploy the dex-controller helm chart

// Define the chart, chart version, and helm repository
const dexChart = new k8s.helm.v3.Chart("dex-controller", {
    chart: "dex-controller",
    version: "v2.27.0", // Specify the correct chart version you want to deploy
    fetchOpts: {
        repo: "https://kubernetes-charts.mydomain.com/", // Specify the correct chart repository
    },
    namespace: "kube-system", // Modify if you want to install in a different namespace
    // Set necessary values for the dex-controller
    values: {
        // Configuration values relevant to dex-controller
    },
    // Reference the OpenShift cluster created
    provider: new k8s.Provider("kubeProvider", {
        kubeconfig: openshiftCluster.kubeconfig.rawKubeconfig, // kubeconfig is used to connect to the OpenShift cluster
    }),
}, { dependsOn: openshiftCluster });

// Export the cluster's kubeconfig
export const kubeconfig = openshiftCluster.kubeconfig;
```

In the code above, replace the placeholders (like `{subscriptionId}`, `{resourceGroupName}`, `{vnetName}`, and `{subnetName}`) with your specific Azure details. You may also need to modify the `vmSize` and the number of worker profiles (`count`) based on your requirements.

The `kubeconfig` output of the ARO cluster is used to configure the Kubernetes provider which ensures that Pulumi can connect to the newly created cluster when deploying the Helm chart.

### Note:

- You need to replace placeholders with the actual values appropriate for your environment.
- Review and set the `values` of the `dex-controller` chart according to your setup requirements.
- Remember to replace `"https://kubernetes-charts.mydomain.com/"` with the actual URL of the helm repository where `dex-controller` is hosted.
- Change the `namespace` and `version` under the `dexChart` definition as per your requirements.
- The creation of the OpenShift cluster can take significant time. The Helm chart will be deployed once the cluster is ready, due to the `dependsOn` clause.

After populating the script with your specific data and adjustments, run the script using the Pulumi CLI, which will provision the resources in Azure and deploy the `dex-controller` Helm chart to your cluster:

```sh
pulumi up
```

This command will show you a preview of the resources that Pulumi plans to create. After reviewing, you can proceed with the deployment by selecting `yes`.

Once the deployment succeeds, you will see the outputs defined in the code and be able to interact with your OpenShift cluster and the deployed `dex-controller` through `kubectl` using the provided kubeconfig.