Deploy the ebpf-agent helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy the eBPF agent Helm chart on an Azure Managed OpenShift Service, we will perform the following steps:

Set up an Azure Red Hat OpenShift (ARO) managed cluster using the azure-native.redhatopenshift.OpenShiftCluster resource. This resource provisions an OpenShift cluster managed by Azure.
Use the kubernetes.helm.v3.Chart resource from Pulumi's Kubernetes provider to deploy the eBPF agent Helm chart onto the OpenShift cluster.

Here's how you can achieve this with Pulumi and TypeScript:

Setting up the ARO cluster: We'll first define an OpenShift cluster on Azure using Pulumi's Azure Native provider.
Deploying the Helm chart: Once the cluster is provisioned, we'll use Pulumi's Kubernetes provider to deploy the eBPF agent using Helm. This assumes that the Helm chart is available in a publicly accessible Helm repository.

Now let's look at the Pulumi TypeScript program to implement the above steps:

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";
import * as openshift from "@pulumi/azure-native/redhatopenshift";

// Step 1: Creating the Azure Red Hat OpenShift Cluster
const resourceGroup = new azure_native.resources.ResourceGroup("rg", {
    resourceGroupName: "openShiftResourceGroup",
    location: "eastus", // Choose the appropriate Azure region
});

const openShiftCluster = new openshift.OpenShiftCluster("openshiftCluster", {
    resourceGroupName: resourceGroup.name,
    resourceName: "myAroCluster",
    location: resourceGroup.location,
    clusterProfile: {
        pullSecret: "<YOUR PULL SECRET>", // Replace with your pull secret obtained from Red Hat OpenShift
        domain: "aroapp.io",
        resourceGroupId: resourceGroup.id,
    },
    masterProfile: {
        vmSize: "Standard_D8s_v3", // Example VM size, update accordingly
    },
    networkProfile: {
        podCidr: "10.0.0.0/16",
        serviceCidr: "10.1.0.0/16",
    },
    workerProfiles: [{
        name: "worker",
        vmSize: "Standard_D4s_v3",
        count: 3,
    }],
}, { dependsOn: resourceGroup });

// Step 2: Deploying the eBPF Agent Helm Chart on ARO
const provider = new k8s.Provider("k8sProvider", {
    kubeconfig: openShiftCluster.kubeconfig, // dynamically fetch the kubeconfig from the created ARO cluster
});

const ebpfAgentChart = new k8s.helm.v3.Chart("ebpf-agent", {
    chart: "ebpf-agent",
    version: "1.0.0", // Replace with your desired chart version
    fetchOpts: {
        repo: "http://helm-repository.example.com/", // Replace with the actual Helm repository URL
    },
    // Optionally, specify the namespace and the values to override in the chart
}, { provider: provider });

// Export the OpenShift cluster's kubeconfig
export const kubeconfig = openShiftCluster.kubeconfig;

Explanation

azure_native.resources.ResourceGroup: Creates a new resource group for our ARO Cluster. A resource group is a container for resources deployed on Azure.
openshift.OpenShiftCluster: This is the main resource that provisions an OpenShift cluster. The configuration includes parameters for the pull secret, domain, VM size, network CIDRs, and the number and types of worker nodes.
- Pull Secret: This is a JSON formatted string that authenticates you to download OpenShift Container Platform images, including the required images for cluster operations.
- VM Size: The size of the Virtual Machines on which master and worker nodes will run. This should be chosen based on the expected workload.
- Domain: The fully qualified domain name that you want to use with your OpenShift cluster.
- Network Profile: The network profile consists of the CIDRs for the pods and services within the cluster.
k8s.Provider: This sets up the Kubernetes provider with the kubeconfig from the newly created OpenShift cluster. This is because Pulumi needs to connect to the Kubernetes cluster to apply the Helm chart.
k8s.helm.v3.Chart: This resource deploys a Helm chart to the Kubernetes cluster. The chart parameter is the name of the chart, and the version specifies the version of the chart you want to deploy. The repo is the Helm repository hosting your chart.
Finally, we export the kubeconfig which can be used to interact with the OpenShift cluster directly using oc or kubectl CLI commands.

Please replace placeholder values such as <YOUR PULL SECRET> and repository URLs with your actual data. If your Helm chart requires additional configuration, include those in the values parameter in the Helm chart resource.