Deploy the workload-api-server helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy a Helm chart on an Azure Managed OpenShift cluster using Pulumi, we need to perform two high-level steps:

Provision the Azure Managed OpenShift Service.
Once the OpenShift cluster is available, deploy the Helm chart to this cluster.

For this, we will mainly use two Pulumi resources:

azure-native.containerservice.OpenShiftManagedCluster: This resource is used to create and manage an OpenShift cluster on Azure. We will define the necessary configurations like the location, the number of nodes, etc.
kubernetes.helm.sh/v3.Chart: After setting up the OpenShift cluster, we will use this resource to deploy a Helm chart on Kubernetes.

We will use Pulumi with TypeScript to define our infrastructure as code. TypeScript is a superset of JavaScript that adds static types, making it a convenient choice for constructing reliable cloud infrastructure.

Below is a detailed program that achieves this. Make sure to replace <helm-chart-name> and <helm-repo-url> with the actual name and repository URL of the workload-api-server helm chart you want to deploy. If the chart requires additional values, include them in the values property of the Chart resource.

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Provision the Azure Managed OpenShift Service
const resourceGroupName = new azure_native.resources.ResourceGroup("openshiftResourceGroup", {
    resourceGroupName: "myResourceGroup",
    location: "eastus", // Use the supported Azure region for your OpenShift cluster.
});

const openshiftCluster = new azure_native.containerservice.OpenShiftManagedCluster("openshiftCluster", {
    resourceGroupName: resourceGroupName.name,
    resourceName: "myOpenShiftCluster",
    // Specify the OpenShift specific settings here like authentication, network profiles, and versions
    // For the sake of this example, we configure a simple cluster with dummy values.
    location: resourceGroupName.location,
    // Define the OpenShift version (make sure it's supported in Azure Managed OpenShift Service)
    openShiftVersion: "4.3", // This is just an example version, replace with the correct version you need.
    // Define the properties for the agent pools (nodes)
    // Here we define one agent pool profile with a single node for simplicity.
    agentPoolProfiles: [{
        name: "agentpool",
        count: 1,
        vmSize: "Standard_DS3_v2",
        osType: "Linux",
        role: "compute",
    }],
    // Define the master pool profile (master nodes)
    masterPoolProfile: {
        name: "masterpool",
        count: 1,
        vmSize: "Standard_DS3_v2",
    },
    // Define the network profile, if customization is needed
    networkProfile: {
        vnetCidr: "10.0.0.0/8",
    },
});

// Step 2: Deploy the Helm chart to the OpenShift cluster
// Note that we're waiting for the cluster to be available using `.ready`
const openshiftClusterCredentials = pulumi.all([resourceGroupName.name, openshiftCluster.resourceName]).apply(([rgName, clusterName]) =>
    azure_native.containerservice.listOpenShiftManagedClusterAdminCredentials({
        resourceGroupName: rgName,
        resourceName: clusterName,
    })
);

// Define the Kubernetes provider to connect to the OpenShift cluster
const k8sProvider = new k8s.Provider("openshiftK8s", {
    kubeconfig: openshiftClusterCredentials.kubeconfigs[0].value.apply((kubeconfig) => Buffer.from(kubeconfig, "base64").toString()),
});

// Finally, use the Kubernetes provider to deploy your helm chart
const helmChart = new k8s.helm.v3.Chart("workloadApiServerChart", {
    chart: "<helm-chart-name>",
    version: "1.0.0", // specify the version of the chart you want to deploy
    fetchOpts: {
        repo: "<helm-repo-url>",
    },
    // If your chart requires additional configuration, pass them in values.
    values: {
        // Provide additional configuration here
    },
}, { provider: k8sProvider });

// Export the kubeconfig so that you can interact with the cluster using kubectl or any Kubernetes client
export const kubeConfig = openshiftClusterCredentials.kubeconfigs[0].value.apply((kubeconfig) => Buffer.from(kubeconfig, "base64").toString());

In this program:

We start by importing the required Pulumi packages.
We then create a new Azure resource group, which is a logical container where all the resources related to our OpenShift cluster will reside.
After that, we provision an OpenShift managed cluster using the azure-native.containerservice.OpenShiftManagedCluster resource with minimal configuration for demonstration purposes. In a real-world scenario, you would provide more detailed configuration for the network profiles, authentication, and node pools.
Once our OpenShift cluster is provisioned, we obtain its management credentials.
We then define a Kubernetes provider to allow Pulumi to interact with our OpenShift cluster.
Using the k8s.helm.v3.Chart resource and the provider we created, we can now deploy our helm chart to the OpenShift cluster. We must specify the name of the helm chart, the version, and the repository where it is located. Any additional configurations can be provided through the values parameter.

Remember, before running this Pulumi program, you must have the Pulumi CLI installed and be logged in, and you must have an Azure account configured with the required permissions to create these resources.