Deploy the openshift-jenkins helm chart on Azure Kubernetes Service (AKS)

Question

Pulumi · Accepted Answer

To deploy the OpenShift Jenkins Helm chart on Azure Kubernetes Service (AKS), we first need to provision an AKS cluster. After the cluster is deployed, we can configure Pulumi to use the newly created cluster's context to deploy the Helm chart. We'll use the Pulumi Azure Native and Kubernetes providers to accomplish the following steps:

1. Create an AKS cluster with the necessary configuration.
2. Install the Helm chart by applying it to the AKS cluster.

Here's a step-by-step walkthrough of the code that performs these actions:

1. **Create an AKS Cluster**:
   - We'll define an AKS cluster using the `ManagedCluster` resource from the `azure-native.containerservice` package. Any AKS cluster will do, but for the purposes of this deployment, it's important to ensure that the Kubernetes version is compatible with the OpenShift Jenkins Helm chart.
   - The cluster will need a service principal (or a managed identity) which we'll also configure. This is a security identity that Kubernetes uses to manage cloud resources like load balancers and managed disks in Azure. Pulumi can create a new one, or you can provide an existing one.
   - We need to define the node pool that specifies the size and number of virtual machines that act as Kubernetes Workers.

2. **Install OpenShift Jenkins Helm Chart**:
   - With the cluster up and running, we will install the Openshift Jenkins Helm chart. The `Chart` resource from the `kubernetes.helm.v3` module of the Pulumi Kubernetes provider lets you install Helm charts in a manner similar to using the `helm` CLI tool.
   - The values provided to the Helm chart would typically mirror what you would include in your Helm values files or `--set` parameters.

Note: Ensure you have `@pulumi/azure-native` and `@pulumi/kubernetes` installed in your project by running `npm install @pulumi/azure-native @pulumi/kubernetes`.

Here is the TypeScript program that sets up the AKS cluster and deploys the OpenShift Jenkins Helm chart:

```typescript
import * as azure from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";

// Step 1: Provision an AKS cluster
const resourceGroupName = new azure.resources.ResourceGroup("rg");

const cluster = new azure.containerservice.ManagedCluster("aksCluster", {
    resourceGroupName: resourceGroupName.name,
    agentPoolProfiles: [{
        count: 3,
        maxPods: 110,
        mode: "System",
        name: "agentpool",
        osDiskSizeGB: 30,
        osType: "Linux",
        vmSize: "Standard_DS2_v2",
    }],
    dnsPrefix: `${pulumi.getStack()}kube`,
    linuxProfile: {
        adminUsername: "testuser",
        ssh: {
            publicKeys: [{
                keyData: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3dK..." // replace with your SSH public key
            }]
        }
    },
    enableRBAC: true,
    kubernetesVersion: "1.18.14",
    nodeResourceGroup: `${pulumi.getStack()}-aks`,
    servicePrincipalProfile: {
        clientId: "your-service-principal-client-id",   // replace with your service principal's client ID
        secret: "your-service-principal-client-secret", // replace with your service principal's secret
    },
});

// Export the kubeconfig
export const kubeconfig = cluster.kubeConfigRaw;

// Step 2: Deploy the OpenShift Jenkins Helm chart to the AKS cluster
const openshiftJenkinsChart = new k8s.helm.v3.Chart("openshift-jenkins", {
    chart: "jenkins",
    version: "1.0.0", // replace with the actual chart version compatible with OpenShift Jenkins
    fetchOpts: {
        repo: "https://charts.openshift.io/", // replace with the actual Helm repository URL
    },
    namespace: "jenkins",
}, { provider: new k8s.Provider("k8s-provider", {kubeconfig: cluster.kubeConfigRaw}) });

// Export the Jenkins URL by querying the Kubernetes service created by the Helm chart
export const jenkinsUrl = openshiftJenkinsChart.getResourceProperty("v1/Service", "jenkins", "status").apply(status => `http://${status.loadBalancer.ingress[0].ip}`);
```

Inside this program:

- Replace `"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3dK..."` with your own SSH public key.
- Replace `your-service-principal-client-id` and `your-service-principal-client-secret` with your Azure service principal's client ID and secret, respectively.
  
After the AKS cluster is successfully provisioned, the Pulumi program will configure a Kubernetes provider using the output kubeconfig from the AKS cluster creation. Then it uses this provider to deploy the OpenShift Jenkins chart from its Helm repository.

Finally, we export the Jenkins URL, which you can use to access your Jenkins instance once it's deployed. Make sure to configure your DNS or /etc/hosts file to resolve the provided IP.

Please note that you might need to customize the above program depending on your own setup and requirements. For instance, you may need to specify other Helm chart values, edit the number of nodes, node VM size, Kubernetes version, or other AKS settings.