Deploy the harbor-scanner-sysdig-secure helm chart on Azure Managed Openshift Service
TypeScriptTo deploy the
harbor-scanner-sysdig-secure
Helm chart on the Azure Managed OpenShift Service using Pulumi, we will take the following steps:- Set up the Azure Managed OpenShift Cluster.
- Install the Helm chart onto the OpenShift Cluster.
For this task, we will use two main resources from Pulumi's Azure-native provider:
OpenShiftManagedCluster
: This resource allows us to create and manage an Azure Red Hat OpenShift Cluster, which is a fully managed application platform, powered by Kubernetes, and hosted on Azure.Chart
: This is a resource from Pulumi's Kubernetes provider that represents a Helm chart, a collection of pre-configured Kubernetes resources.
Here's how to accomplish this deployment with Pulumi in TypeScript:
import * as azure from "@pulumi/azure-native"; import * as k8s from "@pulumi/kubernetes"; // Step 1: Deploy an Azure OpenShift Managed Cluster const openshiftManagedCluster = new azure.containerservice.OpenShiftManagedCluster("openshiftManagedCluster", { // Replace the values below with the appropriate configuration for your use case resourceGroupName: "resourceGroupName", resourceName: "openshiftCluster", location: "eastus", // Choose the Azure region that suits you openShiftVersion: "4.3", // Specify the OpenShift version you want to deploy masterPoolProfile: { name: "master", count: 3, vmSize: "Standard_D4s_v3" }, agentPoolProfiles: [{ name: "default", role: "compute", count: 3, vmSize: "Standard_D4s_v3" }], networkProfile: { vnetCidr: "10.0.0.0/8" } // Optionally, specify additional configuration like authentication profiles, tags, etc. }); // Step 2: Deploy the Helm chart onto the OpenShift Cluster const helmChart = new k8s.helm.v3.Chart("harbor-scanner-sysdig-secure-chart", { chart: "harbor-scanner-sysdig-secure", // Replace with the namespace where you want to install the Helm chart namespace: "default", fetchOpts: { repo: "https://charts.sysdig.com/", // This is an example. Replace with the actual Helm chart repo URL }, // Optionally, specify Helm chart values here }, { provider: openshiftManagedCluster }); // Ensure that the Helm Chart is using our OpenShift cluster as a provider // Export the cluster's kubeconfig export const kubeconfig = openshiftManagedCluster.kubeconfig;
Explanation of the Program
- We begin by importing the necessary Pulumi packages for Azure and Kubernetes.
- We declare an Azure OpenShift Managed Cluster with a simple configuration including the resource group name, cluster name, location, OpenShift version, master pool profile, and network profile.
- After the cluster is provisioned, we deploy the
harbor-scanner-sysdig-secure
Helm chart. We need to provide therepo
URL where the Helm chart is located; in this example, I've provided a placeholder URL that should be replaced with the actual one. Optionally, thevalues
property can be filled with configuration values for customizing the Helm chart deployment.
The
fetchOpts
section is used to specify where the Helm chart is fetched from, and we have commented it to be replaced with the actual URL of the Harbor Scanner Sysdig Secure chart.We use the
provider
option in the Helm chart resource to ensure that the chart is being deployed onto the provisioned OpenShift cluster.Lastly, we export the
kubeconfig
of the OpenShift Managed Cluster which you can use withkubectl
to interact with your Kubernetes cluster.Note that this program needs to be run within a Pulumi project, and you will need the Pulumi CLI and the respective Azure credentials configured locally to successfully execute it. The
OpenShiftManagedCluster
creation could take some time as it provisions the resources on Azure.