Deploy the cert-manager-setup helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy the cert-manager-setup Helm chart on an Azure Managed OpenShift Service, you'll need to follow a series of steps. First, you must set up an Azure Red Hat OpenShift Cluster using Pulumi. Once you have a cluster running, you can proceed to install the cert-manager Helm chart on it.

The program below is written in TypeScript and uses the azure-native provider to create an Azure Red Hat OpenShift Cluster and the kubernetes provider to deploy the cert-manager Helm chart on it.

Below is a detailed explanation of the Pulumi program:

Create an OpenShift Managed Cluster: We start by defining a resource for the cluster using azure-native.redhatopenshift.OpenShiftCluster.
Install Cert-Manager Helm Chart: After the cluster is available, we configure kubernetes provider to interact with the cluster. Then, using kubernetes.helm.v3.Chart, we deploy the cert-manager Helm Chart.

Make sure you have Pulumi installed, set up your Azure credentials, and have an existing resource group where the cluster will be deployed.

Here is the detailed Pulumi program for performing this deployment:

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import * as tls from "@pulumi/tls";

const config = new pulumi.Config();

// Create an Azure Resource Group if you don't have one already
const resourceGroup = new azure.resources.ResourceGroup("myResourceGroup");

// Deploy an Azure Red Hat OpenShift Cluster. You must adjust these configurations.
const openshiftCluster = new azure.redhatopenshift.OpenShiftCluster("myOpenShiftCluster", {
    resourceGroupName: resourceGroup.name,
    resourceName: "myOpenShiftCluster",
    location: resourceGroup.location,
    clusterProfile: {
        pullSecret: config.require("pullSecret"),
        domain: "example",
        version: "4.3.0",
    },
    masterProfile: {
        vmSize: "Standard_DS3_v2",
        subnetId: "/subscriptions/<subscriptionId>/resourceGroups/<rgName>/providers/Microsoft.Network/virtualNetworks/<vnetName>/subnets/<subnetName>", // replace with the actual subnet ID
    },
    workerProfiles: [
        {
            name: "worker", // You can define various worker profiles as per your requirement
            vmSize: "Standard_D2s_v3",
            diskSizeGB: 128,
            count: 3,
            subnetId: "/subscriptions/<subscriptionId>/resourceGroups/<rgName>/providers/Microsoft.Network/virtualNetworks/<vnetName>/subnets/<subnetName>", // replace with the actual subnet ID
        },
    ],
    apiserverProfile: {
        visibility: "Public",
    },
    ingressProfiles: [
        {
            name: "default",
            visibility: "Public",
        },
    ],
    networkProfile: {
        podCidr: "10.128.0.0/14",
        serviceCidr: "172.30.0.0/16",
    },
});

// Kubeconfig to access your OpenShift cluster once it's created
const kubeconfig = pulumi.
  all([openshiftCluster.name, resourceGroup.name])
  .apply(([clusterName, rgName]) => {
    return azure.redhatopenshift.listOpenShiftClusterAdminKubeconfig({
        resourceName: clusterName,
        resourceGroupName: rgName,
    });
});

// Create a Kubernetes provider instance using the kubeconfig
const k8sProvider = new k8s.Provider("openshiftK8s", {
    kubeconfig: kubeconfig.apply(kc => kc.kubeconfig),
});

// Deploy the cert-manager Helm chart using the Kubernetes provider to the cluster
const certManagerChart = new k8s.helm.v3.Chart("certManager", {
    chart: "cert-manager",
    version: "v1.0.0",
    namespace: "cert-manager",
    fetchOpts: {
        repo: "https://charts.jetstack.io", // The repository for cert-manager Helm chart
    },
    // Customize cert-manager Helm chart values as needed here
}, { provider: k8sProvider });

// Export the kubeconfig
export const kubeconfigOutput = kubeconfig.apply(kc => kc.kubeconfig);

This program will create a new Azure Red Hat OpenShift Cluster and deploy the cert-manager Helm chart onto it. Be sure to replace any placeholder values like <subscriptionId>, <rgName>, <vnetName>, and <subnetName> with actual values from your Azure environment.

The kubeconfig section retrieves the access configuration for your OpenShift cluster which then allows the Pulumi Kubernetes provider to deploy resources to your cluster.

certManagerChart represents the deployment of the cert-manager to the OpenShift cluster. It specifies the chart name, repository, and other necessary details.

Remember to replace config.require("pullSecret") with your actual pull secret for OpenShift. You can provide other Helm chart values within the fetch options if needed.

The kubeconfigOutput is an exported Pulumi stack output that will contain the kubeconfig data required to access the running OpenShift Cluster. Use this to interact with your cluster using kubectl or any other Kubernetes tools after the deployment is complete.