Deploy the orchestrate helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy the Orchestrate Helm chart on Azure Managed Openshift Service using Pulumi, you'll need to take the following high-level steps. First, you will set up the necessary prerequisites for Azure and the Azure Managed OpenShift Service. Then, you will configure your Pulumi environment for Azure. Afterward, you will create an instance of Azure Managed OpenShift Service. Finally, you'll write the code to deploy the Orchestrate Helm chart to your OpenShift cluster.

Here's a breakdown of the steps:

1. **Azure Managed OpenShift Service (ARO) Setup**: We'll start by provisioning an Azure Red Hat OpenShift (ARO) cluster using `azure-native.redhatopenshift.OpenShiftCluster`. This cluster will serve as the target for deploying our Helm chart.

2. **Helm Chart Deployment**: Once we have an OpenShift cluster, we will then use the `kubernetes.helm.sh/v3.Chart` to deploy the Orchestrate Helm chart onto the ARO cluster.

Now, let's move on to writing the Pulumi program. We will write this program in TypeScript.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as kubernetes from "@pulumi/kubernetes";
import * as azure_native from "@pulumi/azure-native";

// Step 1: Provision Azure Red Hat OpenShift (ARO) Cluster.
// Note: Before deploying this code, you should have Azure credentials configured.
const aroCluster = new azure_native.redhatopenshift.OpenShiftCluster("aroCluster", {
    // Replace these with appropriate values
    resourceName: "myOpenShiftCluster",
    resourceGroupName: "myResourceGroup",
    location: "eastus", // Azure region
    clusterProfile: {
        domain: "mydomain",
        version: "4.7", // Version of OpenShift
        resourceGroupId: `/subscriptions/[Subscription ID]/resourceGroups/[Resource Group Name]`,
    },
    masterProfile: {
        vmSize: "Standard_D8s_v3",
        subnetId: "/subscriptions/[Subscription ID]/resourceGroups/[Network Resource Group]/providers/Microsoft.Network/virtualNetworks/[VNet]/subnets/[Master Subnet Name]",
    },
    workerProfiles: [{
        name: "worker", // The name of the worker profile
        count: 3, // Number of nodes in the worker profile
        vmSize: "Standard_D4s_v3",
        subnetId: "/subscriptions/[Subscription ID]/resourceGroups/[Network Resource Group]/providers/Microsoft.Network/virtualNetworks/[VNet]/subnets/[Worker Subnet Name]",
    }],
    servicePrincipalProfile: {
        clientId: "myServicePrincipalClientId",
        clientSecret: "myServicePrincipalClientSecret",
    },
});

// Step 2: Configure the Pulumi Kubernetes provider to deploy into the newly provisioned ARO cluster.
const k8sProvider = new kubernetes.Provider("k8sProvider", {
    kubeconfig: aroCluster.kubeconfig, // we will use the kubeconfig property of the OpenShiftCluster object
});

// Step 3: Deploy the Orchestrate Helm chart into the ARO cluster.
const helmChart = new kubernetes.helm.sh.v3.Chart("orchestrateChart", {
    repo: "myHelmRepo", // Helm repository where the Orchestrate chart is located
    chart: "orchestrate", // Name of the chart in the repository
    version: "1.0.0", // Version of the chart
    namespace: "default", // Kubernetes namespace in which to deploy the chart
}, { provider: k8sProvider });

// Export the OpenShift cluster's kubeconfig.
export const kubeconfig = aroCluster.kubeconfig;
```

### Important Notes

- Replace placeholder values with actual values specific to your Azure and OpenShift cluster configuration.
- In the `helmChart` resource, `repo` refers to the Helm repository hosting the Orchestrate chart; you would need to replace `myHelmRepo` and other placeholders with real values.
- Ensure that your Pulumi stack is correctly configured for the Azure environment, meaning you've setup the Azure credentials to enable Pulumi to authenticate with Azure. You can do this by signing in with the Azure CLI using `az login` and setting up the appropriate configuration.
- Consult the Azure documentation for the required permissions and service principal setup needed to enable Pulumi to create and manage resources on your behalf.
- Exporting `kubeconfig` allows you to interact with the Kubernetes cluster using `kubectl`. This is useful for debugging purposes or for manually applying Kubernetes manifests.

After deploying these resources, the Orchestrate Helm chart will be running in your Azure Managed OpenShift cluster.