1. Deploy the harbor-scanner-sysdig-secure helm chart on Azure Managed Openshift Service


    To deploy the harbor-scanner-sysdig-secure Helm chart on the Azure Managed OpenShift Service using Pulumi, we will take the following steps:

    1. Set up the Azure Managed OpenShift Cluster.
    2. Install the Helm chart onto the OpenShift Cluster.

    For this task, we will use two main resources from Pulumi's Azure-native provider:

    • OpenShiftManagedCluster: This resource allows us to create and manage an Azure Red Hat OpenShift Cluster, which is a fully managed application platform, powered by Kubernetes, and hosted on Azure.
    • Chart: This is a resource from Pulumi's Kubernetes provider that represents a Helm chart, a collection of pre-configured Kubernetes resources.

    Here's how to accomplish this deployment with Pulumi in TypeScript:

    import * as azure from "@pulumi/azure-native"; import * as k8s from "@pulumi/kubernetes"; // Step 1: Deploy an Azure OpenShift Managed Cluster const openshiftManagedCluster = new azure.containerservice.OpenShiftManagedCluster("openshiftManagedCluster", { // Replace the values below with the appropriate configuration for your use case resourceGroupName: "resourceGroupName", resourceName: "openshiftCluster", location: "eastus", // Choose the Azure region that suits you openShiftVersion: "4.3", // Specify the OpenShift version you want to deploy masterPoolProfile: { name: "master", count: 3, vmSize: "Standard_D4s_v3" }, agentPoolProfiles: [{ name: "default", role: "compute", count: 3, vmSize: "Standard_D4s_v3" }], networkProfile: { vnetCidr: "" } // Optionally, specify additional configuration like authentication profiles, tags, etc. }); // Step 2: Deploy the Helm chart onto the OpenShift Cluster const helmChart = new k8s.helm.v3.Chart("harbor-scanner-sysdig-secure-chart", { chart: "harbor-scanner-sysdig-secure", // Replace with the namespace where you want to install the Helm chart namespace: "default", fetchOpts: { repo: "https://charts.sysdig.com/", // This is an example. Replace with the actual Helm chart repo URL }, // Optionally, specify Helm chart values here }, { provider: openshiftManagedCluster }); // Ensure that the Helm Chart is using our OpenShift cluster as a provider // Export the cluster's kubeconfig export const kubeconfig = openshiftManagedCluster.kubeconfig;

    Explanation of the Program

    • We begin by importing the necessary Pulumi packages for Azure and Kubernetes.
    • We declare an Azure OpenShift Managed Cluster with a simple configuration including the resource group name, cluster name, location, OpenShift version, master pool profile, and network profile.
    • After the cluster is provisioned, we deploy the harbor-scanner-sysdig-secure Helm chart. We need to provide the repo URL where the Helm chart is located; in this example, I've provided a placeholder URL that should be replaced with the actual one. Optionally, the values property can be filled with configuration values for customizing the Helm chart deployment.

    The fetchOpts section is used to specify where the Helm chart is fetched from, and we have commented it to be replaced with the actual URL of the Harbor Scanner Sysdig Secure chart.

    We use the provider option in the Helm chart resource to ensure that the chart is being deployed onto the provisioned OpenShift cluster.

    Lastly, we export the kubeconfig of the OpenShift Managed Cluster which you can use with kubectl to interact with your Kubernetes cluster.

    Note that this program needs to be run within a Pulumi project, and you will need the Pulumi CLI and the respective Azure credentials configured locally to successfully execute it. The OpenShiftManagedCluster creation could take some time as it provisions the resources on Azure.