Deploy the tyk-oss helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy the Tyk open-source (OSS) Helm chart on Azure Managed OpenShift Service, we need to perform the following steps:

Set up an Azure Red Hat OpenShift (ARO) cluster: An ARO cluster is a managed OpenShift service that combines the innovation of enterprise Kubernetes with the world's leading enterprise cloud provider, Azure.
Install the Tyk open-source API Gateway using Helm: Helm charts are packages that can be deployed on Kubernetes and OpenShift. The Tyk OSS Helm chart allows you to deploy and manage Tyk as part of your service mesh.

Here's how to accomplish this with Pulumi in TypeScript:

We will use the azure-native provider to deploy an Azure Red Hat OpenShift (OpenShiftCluster).
Subsequently, we will set up the Kubernetes and Helm SDKs to deploy the Tyk OSS Helm chart on the ARO cluster once it's ready.

Let's begin by setting up the Pulumi program:

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as k8s from "@pulumi/kubernetes";
import * as azure_native from "@pulumi/azure-native";
import { Input } from "@pulumi/pulumi";

// Initialize configurations for the Pulumi project
const config = new pulumi.Config();

// Retrieve AzureRed Hat OpenShift configuration from Pulumi config
const openShiftVersion = config.require("openShiftVersion");
const resourceGroupName = config.require("resourceGroupName");
const openShiftClusterName = config.require("openShiftClusterName");
const location = config.require("location");

// Create an Azure Resource Group
const resourceGroup = new azure.core.ResourceGroup("resource-group", {
    name: resourceGroupName,
    location: location,
});

// Create an Azure Red Hat OpenShift cluster
const openShiftCluster = new azure_native.redhatopenshift.OpenShiftCluster("openshift-cluster", {
    // Define the cluster location, resource group and the version
    resourceGroupName: resourceGroup.name,
    resourceName: openShiftClusterName,
    location: location,
    openShiftVersion: openShiftVersion,

    // Define properties for the master and worker node profiles
    // Note, these should be customized based on the actual requirements
    masterProfile: {
        name: "master",
        vmSize: "Standard_D8s_v3",
        subnetId: "<master-subnet-id>", // provide the ARM ID of the subnet resource
    },
    workerProfiles: [{
        name: "worker",
        count: 3,
        vmSize: "Standard_D4s_v3",
        subnetId: "<worker-subnet-id>", // provide the ARM ID of the subnet resource
    }],

    // Define network profile details (CIDR notations should be customized)
    networkProfile: {
        podCidr: "10.42.0.0/14",
        serviceCidr: "10.41.0.0/18",
    },

    // Additional cluster configurations can be added here
});

// Obtain kubeconfig after cluster is ready
const kubeconfig = pulumi.all([resourceGroup.name, openShiftCluster.name]).apply(([rgName, clusterName]) => {
    return azure_native.redhatopenshift.listOpenShiftClusterAdminCredentials({
        resourceGroupName: rgName,
        resourceName: clusterName,
    }).kubeconfig;
});

// Create a Kubernetes provider instance using the kubeconfig from the OpenShift cluster
const k8sProvider = new k8s.Provider("openshift-k8s", {
    kubeconfig: kubeconfig,
});

// Deploy the Tyk OSS Helm chart on the OpenShift cluster
const tykHelmChart = new k8s.helm.v3.Chart("tyk-oss", {
    chart: "tyk-oss",
    version: "<chart-version>", // specify the chart version if necessary
    fetchOpts: {
        repo: "https://helm.tyk.io/public/helm/charts/",
    },
}, { provider: k8sProvider });

// Export the kubeconfig and API server URL as stack outputs
export const kubeconfigOutput = kubeconfig;
export const openShiftApiUrl = openShiftCluster.apiserverProfile.apply(profile => profile.url);

Here is a step-by-step explanation of what the Pulumi code above does:

We begin by importing the necessary Pulumi modules for interacting with Azure, Kubernetes, and the Helm package manager.
The config object comes into play to handle the OpenShift cluster configuration that's been stored as Pulumi configuration settings.
A resource group to hold the OpenShift cluster resources is created within Azure.
We define and provision an Azure Red Hat OpenShift cluster with the specific version, node sizes, subnet details, and networking settings.
After the OpenShift cluster is created, we retrieve its kubeconfig, which will allow us to communicate with the cluster using Kubernetes tools.
Next, we set up Pulumi's Kubernetes provider using the kubeconfig that we just obtained. This provider will help us interact with the OpenShift cluster.
We then deploy the Tyk OSS Helm chart onto our OpenShift cluster using the Kubernetes provider.
Lastly, we export the kubeconfig and cluster API server URL as stack outputs for easy access.

Make sure to replace the placeholder values such as <master-subnet-id> and <worker-subnet-id> with actual subnet IDs where your control plane and worker nodes will be placed. Also, specify the actual chart version if it is not the latest to avoid incompatibilities.

Please remember to configure your Pulumi project with the appropriate settings using pulumi config set <key> <value> for keys such as openShiftVersion, resourceGroupName, openShiftClusterName, and location.