Deploy the workadventure helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy the WorkAdventure helm chart on Azure Managed Openshift Service, we need to complete a few steps. First, we'll create an instance of Azure Red Hat OpenShift (ARO), followed by installing Helm and deploying the WorkAdventure chart. Here's how you can accomplish this using Pulumi with TypeScript:

1. **Set up an Azure Red Hat OpenShift cluster**: We'll use the `azure-native.redhatopenshift.OpenShiftCluster` resource which allows us to provision an ARO cluster.

2. **Deploy WorkAdventure using Helm**: Once we have our OpenShift cluster up and running, we'll proceed with deploying WorkAdventure using the Helm chart capabilities provided by Pulumi. We'll use the `kubernetes.helm.v3.Chart` resource from the `@pulumi/kubernetes` package to specify and deploy the Helm chart.

Here's a comprehensive Pulumi program in TypeScript to achieve these steps. Note that you need to have the Pulumi CLI installed and configured, and have credentials set up for Azure:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as kubernetes from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";
import * as random from "@pulumi/random";

// Replace these values with the actual details of your environment
const location = "eastus"; // Azure region
const resourceGroupName = "workAdventureRG"; // Azure resource group name
const openshiftClusterName = "workAdventureCluster"; // ARO Cluster name

// Create a resource group for the OpenShift cluster
const resourceGroup = new azure_native.resources.ResourceGroup(resourceGroupName, {
    location: location,
});

// Create an Azure Active Directory application for OpenShift
const adApp = new azuread.Application("openshift-app");

// Create a service principal for the application
const adSp = new azuread.ServicePrincipal("openshift-sp", {
    applicationId: adApp.applicationId,
});

// Generate a random password for the Service Principal
const password = new random.RandomPassword("password", {
    length: 20,
    special: true,
});

// Create the Service Principal password
const adSpPassword = new azuread.ServicePrincipalPassword("openshift-sp-password", {
    servicePrincipalId: adSp.id,
    value: password.result,
    endDate: "2099-01-01T00:00:00Z",
});

// Allocate a public IP address for the OpenShift API server
const publicIp = new azure_native.network.PublicIPAddress("apiServerIp", {
    resourceGroupName: resourceGroupName,
    location: location,
    publicIPAllocationMethod: azure_native.network.IPAllocationMethod.Dynamic,
});

// Define the OpenShift cluster properties
const openshiftCluster = new azure_native.redhatopenshift.OpenShiftCluster(openshiftClusterName, {
    resourceGroupName: resourceGroupName,
    location: location,
    tags: {},
    clusterProfile: {
        domain: "workadventure", // Custom domain name for the cluster
        resourceGroupId: resourceGroup.id,
        pullSecret: "{}", // Replace this with your Red Hat pull secret
    },
    servicePrincipalProfile: {
        clientId: adApp.applicationId,
        clientSecret: adSpPassword.value,
    },
    networkProfile: {
        vnetCidr: "10.0.0.0/8", // An address space used by the virtual network
    },
    masterProfile: {
        vmSize: "Standard_D8s_v3", // VM size for master nodes
    },
    workerProfiles: [{
        name: "worker",
        vmSize: "Standard_D4s_v3",
        diskSizeGB: 128,
        subnetId: publicIp.id,
        count: 3,
    }],
});

// Once the OpenShift cluster is running, set up the Helm chart for WorkAdventure.
const k8sProvider = new kubernetes.Provider("openshift-k8s", {
    kubeconfig: openshiftCluster.kubeconfig, // Use the kubeconfig output from the OpenShift cluster
});

const workAdventureChart = new kubernetes.helm.v3.Chart("workadventure", {
    chart: "workadventure",
    // ... omitting chart values and fetch options; these should be filled according to the WorkAdventure Helm chart requirements.
}, { provider: k8sProvider });

// Export the necessary outputs
export const clusterName = openshiftClusterName;
export const kubeconfig = openshiftCluster.kubeconfig;
export const workAdventureChartId = workAdventureChart.id;
```

In the above program:

- We're creating a new Azure resource group to host our ARO cluster.
- We're setting up an Azure Active Directory application and service principal required to authenticate the OpenShift cluster.
- We're allocating a public IP address for the API server of the OpenShift cluster.
- We're provisioning an OpenShift cluster with the necessary profiles.
- We're deploying the WorkAdventure helm chart on the newly provisioned Openshift cluster.

Please fill in the necessary `chart` values and `fetchOps` based on the specific needs of WorkAdventure helm chart requirements. You'll find these details in the Helm chart's documentation or the chart `values.yaml` file.

Keep in mind that provisioning infrastructure on the cloud will incur costs, and you should be cautious about ensuring that your Azure subscription has the necessary quotas and permissions beforehand.

Before running this program, you need to ensure your Pulumi stack is configured for the appropriate Azure region and have credentials for Azure and Red Hat OpenShift that allow you to create these resources.