Deploy the gitops-operator helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy the gitops-operator Helm chart on Azure Managed OpenShift Service using Pulumi, you'll need to follow these steps:

Set up a Managed OpenShift Cluster: Create an instance of Azure Red Hat OpenShift (ARO), Microsoft's turnkey application platform in the cloud, which is jointly engineered, operated, and supported by Microsoft and Red Hat.
Deploy gitops-operator using Helm: After setting up the ARO cluster, use the Pulumi Kubernetes provider to manage the Helm chart release inside the cluster.

Below is a Pulumi TypeScript program that outlines these steps. It utilizes the azure-native Pulumi provider to create ARO cluster and the kubernetes provider to deploy a Helm chart to this cluster:

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Deploy an Azure Red Hat OpenShift Cluster
const resourceGroup = new azure_native.resources.ResourceGroup("rg", {
    resourceGroupName: "pulumi-aro-rg",
    location: "eastus", // Choose an appropriate Azure region
});

const openshiftCluster = new azure_native.redhatopenshift.OpenShiftCluster("openshiftCluster", {
    resourceGroupName: resourceGroup.name,
    resourceName: "pulumi-aro-cluster",
    location: resourceGroup.location,
    clusterProfile: {
        pullSecret: "<pull_secret>", // Specify the OpenShift pull secret
        domain: "pulumi.mydomain",   // Choose a domain name
        version: "4.6.15", // Specify the OpenShift version
        // ...
    },
    // Additional properties such as network profiles, master and worker profiles can be added here.
    // Detailed configuration properties can be found in the Pulumi documentation:
    // https://www.pulumi.com/registry/packages/azure-native/api-docs/redhatopenshift/openshiftcluster/
});

// Step 2: Deploy the gitops-operator Helm chart to the OpenShift cluster.
const myKubeconfig = pulumi.secret("..."); // This should be securely obtained from the OpenShift deployment output or another secure source.

// Create a K8s Provider using the kubeconfig.
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: myKubeconfig,
});

// Deploy the gitops-operator Helm chart.
const gitopsOperatorChart = new k8s.helm.v3.Chart("gitops-operator", {
    chart: "gitops-operator",
    version: "1.2.0", // Replace with the actual chart version.
    fetchOpts: {
        repo: "https://redhat-developer.github.io/gitops-operator", // Use the repository where the gitops-operator Helm chart is located.
    },
}, { provider: k8sProvider });

export const kubeconfig = myKubeconfig; // Export the kubeconfig as a stack output (sensitive data is encrypted by Pulumi by default).

In this program, we:

Define an Azure resource group to host the OpenShift cluster.
Create an instance of Azure Red Hat OpenShift with the specifics you define (such as version and profile settings).
Configure the Kubernetes provider by passing the kubeconfig for the newly created OpenShift cluster.
Deploy the gitops-operator Helm Chart on the OpenShift cluster.

Replace placeholder values like <pull_secret> and the kubeconfig value with actual secret information. The OpenShift domain, version, and additional properties will be unique to your environment and requirements.

Note that you will need to securely retrieve and manage your kubeconfig, which provides administrative access to the OpenShift cluster. This may involve extracting it from the deployed cluster and storing it in a secure location, for example, Azure Key Vault or a Pulumi secret.

For more information on the resources used in the code above, you can visit the respective documentation pages for the Azure Red Hat OpenShift Cluster (OpenShiftCluster) and for chart deployments with the Kubernetes Helm provider (Chart).