Deploy the aws-efa-k8s-device-plugin helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To accomplish the deployment of the AWS EFA (Elastic Fabric Adapter) Kubernetes device plugin on Azure Managed OpenShift Service using Pulumi, we will follow these steps:

Set up an Azure Managed OpenShift cluster using azure-native.containerservice.OpenShiftManagedCluster.
Deploy the equivalent of the AWS EFA device plugin Helm chart on the OpenShift cluster.

However, it's important to note the EFA is an AWS-specific technology primarily used with AWS EC2 instances to provide low-latency, high-bandwidth interconnect between instances for HPC (High Performance Computing) applications. Deploying an "AWS EFA device plugin" on Azure would not be applicable as Azure does not support AWS's EFA technology.

For the sake of this exercise, we will assume there is a similar plugin that works within Azure's ecosystem, and we'll focus on the Pulumi code to set up an Azure Managed OpenShift cluster. After the cluster is set up, we would typically use a tool like Helm to deploy Kubernetes applications, but since Azure and AWS environments are different, there isn't a direct equivalent Helm chart for deploying AWS's EFA on Azure.

Therefore, we'll deploy a generic Helm chart to the OpenShift cluster as a placeholder for the actual plugin deployment. This might be a Helm chart for a networking plugin that works within Azure's ecosystem.

Here's how we can write the Pulumi program in TypeScript:

import * as pulumi from "@pulumi/pulumi";
import * as azureNative from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Create an Azure Resource Group
const resourceGroup = new azureNative.resources.ResourceGroup("myResourceGroup", {
    resourceGroupName: "resourceGroup1",
    location: "East US", // Specify the location for your resource group
});

// Create an Azure Managed OpenShift Cluster
const openshiftCluster = new azureNative.containerservice.OpenShiftManagedCluster("myOpenShiftCluster", {
    resourceName: "myOpenShiftCluster",
    resourceGroupName: resourceGroup.name,
    // Define the location, should be the same as resource group location
    location: resourceGroup.location,
    openShiftVersion: "4.3", // Specify the version of OpenShift
    networkProfile: {
        vnetCidr: "10.0.0.0/8",
    },
    masterPoolProfile: {
        count: 3,
        vmSize: "Standard_D4s_v3",
    },
    agentPoolProfiles: [{
        name: "agentpool",
        // Define the role, count, osType and size for the agent pool
        role: "compute",
        count: 3,
        vmSize: "Standard_D4s_v3",
    }],
    // Fill in the authProfile details based on your requirements
    authProfile: {
        identityProviders: [{
            name: "Azure AD",
            provider: {
                // Client ID, Secret and Tenant ID for Azure Active Directory
                clientId: "<YOUR_CLIENT_ID>",
                clientSecret: "<YOUR_CLIENT_SECRET>",
                tenantId: "<YOUR_TENANT_ID>",
            },
        }],
    },
}, {dependsOn: [resourceGroup]});

// Configure Kubernetes provider to connect to the created OpenShift cluster
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: openshiftCluster.config.adminKubeconfig.apply(c => c.rawAdminKubeconfig),
});

// As a placeholder, let's deploy nginx using Helm on our OpenShift cluster.
// You should replace this with an actual Helm chart of the networking plugin you wish to deploy.
const nginxChart = new k8s.helm.v3.Chart("nginx", {
    chart: "nginx",
    version: "1.41.3",
    fetchOpts: {repo: "https://charts.bitnami.com/bitnami"},
}, {provider: k8sProvider});

// Export the OpenShift cluster's kubeconfig and the public IP to access nginx
export const kubeconfig = openshiftCluster.config.adminKubeconfig.apply(c => c.rawAdminKubeconfig);
export const nginxPublicIP = nginxChart.getResourceProperty("v1/Service", "nginx-nginx", "status")
    .apply(status => status.loadBalancer.ingress[0].ip);

Explanation:

We start by importing the required modules from Pulumi.
We create a resource group in Azure using ResourceGroup from the @pulumi/azure-native/resources module.
We define an Azure Managed OpenShift Cluster using OpenShiftManagedCluster from the @pulumi/azure-native/containerservice module.
We specify the properties for the OpenShift cluster, which include location, OpenShift version, network profile, master pool profile, agent pool profiles, and authentication profile.
Using the adminKubeconfig attribute from the created OpenShift cluster, we configure a Kubernetes provider for Pulumi.
As an example of application deployment using Helm, we deploy the nginx Helm chart using the Kubernetes provider that we configured with the kubeconfig from the OpenShift cluster.
We export the kubeconfig and the public IP address for the deployed nginx service as outputs of the Pulumi stack.

Please ensure you replace the client ID, client secret, and tenant ID placeholders with your Azure Active Directory details for authentication.

The service running in the OpenShift cluster, in this case, nginx, would be where you'd deploy the networking plugin compatible with Azure. This is represented by the nginxChart instantiation. In reality, you would use the respective Helm chart for the networking device plugin suitable for Azure Managed OpenShift.

Remember, the exact configurations for network profiles, VM sizes, and versions would depend on your specific requirements and might need adjustments based on the Azure Managed OpenShift Service's availability and your organization's policies.