Deploy the harbor-scanner-sysdig-secure helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy the `harbor-scanner-sysdig-secure` Helm chart on the Azure Managed OpenShift Service using Pulumi, we will take the following steps:

1. Set up the Azure Managed OpenShift Cluster.
2. Install the Helm chart onto the OpenShift Cluster.

For this task, we will use two main resources from Pulumi's Azure-native provider:

- `OpenShiftManagedCluster`: This resource allows us to create and manage an Azure Red Hat OpenShift Cluster, which is a fully managed application platform, powered by Kubernetes, and hosted on Azure.
- `Chart`: This is a resource from Pulumi's Kubernetes provider that represents a Helm chart, a collection of pre-configured Kubernetes resources.

Here's how to accomplish this deployment with Pulumi in TypeScript:

```typescript
import * as azure from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Deploy an Azure OpenShift Managed Cluster
const openshiftManagedCluster = new azure.containerservice.OpenShiftManagedCluster("openshiftManagedCluster", {
    // Replace the values below with the appropriate configuration for your use case
    resourceGroupName: "resourceGroupName",
    resourceName: "openshiftCluster",
    location: "eastus", // Choose the Azure region that suits you
    openShiftVersion: "4.3", // Specify the OpenShift version you want to deploy
    masterPoolProfile: {
        name: "master",
        count: 3,
        vmSize: "Standard_D4s_v3"
    },
    agentPoolProfiles: [{
        name: "default",
        role: "compute",
        count: 3,
        vmSize: "Standard_D4s_v3"
    }],
    networkProfile: {
        vnetCidr: "10.0.0.0/8"
    }
    // Optionally, specify additional configuration like authentication profiles, tags, etc.
});

// Step 2: Deploy the Helm chart onto the OpenShift Cluster
const helmChart = new k8s.helm.v3.Chart("harbor-scanner-sysdig-secure-chart", {
    chart: "harbor-scanner-sysdig-secure",
    // Replace with the namespace where you want to install the Helm chart
    namespace: "default",
    fetchOpts: {
        repo: "https://charts.sysdig.com/", // This is an example. Replace with the actual Helm chart repo URL
    },
    // Optionally, specify Helm chart values here
}, { provider: openshiftManagedCluster }); // Ensure that the Helm Chart is using our OpenShift cluster as a provider

// Export the cluster's kubeconfig
export const kubeconfig = openshiftManagedCluster.kubeconfig;
```

### Explanation of the Program

- We begin by importing the necessary Pulumi packages for Azure and Kubernetes.
- We declare an Azure OpenShift Managed Cluster with a simple configuration including the resource group name, cluster name, location, OpenShift version, master pool profile, and network profile.
- After the cluster is provisioned, we deploy the `harbor-scanner-sysdig-secure` Helm chart. We need to provide the `repo` URL where the Helm chart is located; in this example, I've provided a placeholder URL that should be replaced with the actual one. Optionally, the `values` property can be filled with configuration values for customizing the Helm chart deployment.

The `fetchOpts` section is used to specify where the Helm chart is fetched from, and we have commented it to be replaced with the actual URL of the Harbor Scanner Sysdig Secure chart.

We use the `provider` option in the Helm chart resource to ensure that the chart is being deployed onto the provisioned OpenShift cluster.

Lastly, we export the `kubeconfig` of the OpenShift Managed Cluster which you can use with `kubectl` to interact with your Kubernetes cluster.

Note that this program needs to be run within a Pulumi project, and you will need the Pulumi CLI and the respective Azure credentials configured locally to successfully execute it. The `OpenShiftManagedCluster` creation could take some time as it provisions the resources on Azure.