Deploy the cabpk helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy the CABPK Helm chart on Azure Managed OpenShift service using Pulumi, you would need to create an instance of Azure Red Hat OpenShift (ARO) and then use the Helm chart package to deploy CABPK onto it.

First, you will need to provision an Azure Red Hat OpenShift cluster. ARO clusters are jointly engineered, operated, and supported by Microsoft and Red Hat to provide an integrated support experience. You can use the azure-native.redhatopenshift.OpenShiftCluster resource to create and manage an OpenShift cluster in Azure.

After provisioning the ARO cluster, you'll utilize the Pulumi Kubernetes package to deploy the CABPK Helm chart. Pulumi Kubernetes allows you to deploy Helm charts with the kubernetes.helm.sh/v3.Chart resource.

Here's how you could structure your Pulumi TypeScript program to accomplish this:

Provision an Azure Red Hat OpenShift Cluster.
Deploy the CABPK Helm chart onto the cluster.

Below is a program written in TypeScript that demonstrates these steps. Please note that you will need to replace placeholders (like <YOUR-RESOURCE-GROUP-NAME>, <YOUR-CLUSTER-NAME>, etc.) with actual values specific to your Azure environment.

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";

// Create a resource group if it doesn't exist
const resourceGroup = new azure_native.resources.ResourceGroup("<YOUR-RESOURCE-GROUP-NAME>");

// Provision an Azure Red Hat OpenShift cluster in the resource group created above
const openshiftCluster = new azure_native.redhatopenshift.OpenShiftCluster("<YOUR-CLUSTER-NAME>", {
    // Required properties
    resourceGroupName: resourceGroup.name,
    resourceName: "<YOUR-CLUSTER-RESOURCE-NAME>",
    location: "<Azure-Region>",
    clusterProfile: {
        domain: "<YOUR-DOMAIN>",
        pullSecret: "<YOUR-PULL-SECRET>",
        resourceGroupId: `<RESOURCE-GROUP-ID>`, // ID of the resource group where the cluster resources are deployed.
        version: "<OPENSHIFT-VERSION>", // Specify the version of OpenShift
    },
    masterProfile: {
        vmSize: "Standard_D16s_v3",
        subnetId: `<SUBNET-ID>`, // Subnet ID where the master nodes will be
    },
    workerProfiles: [{
        name: "worker",
        count: 3,
        vmSize: "Standard_D16s_v3",
        subnetId: `<SUBNET-ID>`, // Subnet ID where the worker nodes will be
    }],
    apiserverProfile: {
        visibility: "Public",
    },
    ingressProfiles: [{
        name: "default",
        visibility: "Public",
    }],
    servicePrincipalProfile: {
        clientId: "<YOUR-CLIENT-ID>",
        clientSecret: "<YOUR-CLIENT-SECRET>",
    },
});

// Export the cluster's kubeconfig
export const kubeconfig = openshiftCluster.kubeconfig;

// Using kubeconfig, create a new Kubernetes Provider instance that points to the OpenShift cluster
const k8sProvider = new k8s.Provider("openshiftK8s", {
    kubeconfig: openshiftCluster.kubeconfig,
});

// Deploy the CABPK Helm chart using the Kubernetes provider
const cabpkChart = new k8s.helm.v3.Chart("cabpk-helm-chart", {
    chart: "<CABPK-CHART-NAME>", // The name of the Helm chart for CABPK
    version: "<CABPK-CHART-VERSION>", // The version of the Helm chart
    fetchOpts: {
        repo: "<HELM-REPO-URL>", // The URL for the Helm chart repository
    },
}, { provider: k8sProvider });

// Export URL of the deployed application if available
export const appUrl = cabpkChart.getResourceProperty("v1/Service", "<YOUR-APP-NAME>", "status").apply(status => status.loadBalancer.ingress[0].ip);

This program defines the following:

ResourceGroup: A container that holds related resources for an Azure solution. Here we assume the resource group is already created or you may replace the placeholder value with your actual resource group.
OpenShiftCluster: The managed OpenShift cluster on Azure. The configuration specifies the cluster name, the number of nodes, the size of the VMs for the nodes, visibility, and credentials for the Azure service principal.
- kubeconfig: The generated Kubeconfig for the cluster so that you can connect to it with kubectl.
Provider: A Kubernetes provider that specifies which kubeconfig to use when performing Kubernetes deployments.
Chart: A Helm chart resource that deploys your application using the specified Helm chart. You specify the chart's name, version, and repository.

Remember to replace the placeholder values with the actual values that are appropriate for your situation, especially <YOUR-PULL-SECRET> which is required to pull container images for OpenShift. The pull secret can be obtained from the Red Hat OpenShift Cluster Manager.

Also, adjust the appUrl export to target whatever Kubernetes service your Helm chart creates, as this could vary based on the chart you are using.

Before running this, you'd need to ensure Pulumi is set up and configured for Azure on your machine and that you have access to the necessary service principal credentials and Azure subscription. Use pulumi up command to deploy the resources. If you need further interactive assistance, please refer to the Pulumi Azure Native documentation and the Pulumi Kubernetes documentation.