Deploy the cronjob-backup-keycloak helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy a `cronjob-backup-keycloak` Helm chart on an Azure Managed OpenShift Service using Pulumi, you would follow these steps:

1. Set up an Azure Managed OpenShift Service using `azure-native.redhatopenshift.OpenShiftCluster`.
2. Deploy your Helm chart to this OpenShift Cluster.

We will be using two main resources from the Pulumi Azure Native package for this:

- `azure-native.redhatopenshift.OpenShiftCluster`: To configure and provision an Azure Red Hat OpenShift Cluster.
- `kubernetes.helm.v3.Chart`: To deploy the `cronjob-backup-keycloak` Helm chart onto our Managed OpenShift cluster.

Here is a detailed Pulumi program in TypeScript that demonstrates the steps needed:

```typescript
import * as azure_native from '@pulumi/azure-native';
import * as k8s from '@pulumi/kubernetes';
import * as pulumi from '@pulumi/pulumi';

// Create an Azure Resource Group
const resourceGroup = new azure_native.resources.ResourceGroup("resourceGroup", {
    resourceGroupName: "openshiftResourceGroup",
    location: "East US", // Replace with your desired location
});

// Provision an Azure Red Hat OpenShift cluster
const openshiftCluster = new azure_native.redhatopenshift.OpenShiftCluster("openshiftCluster", {
    resourceGroupName: resourceGroup.name,
    resourceName: "openshiftCluster",
    location: resourceGroup.location,
    clusterProfile: {
        domain: "example", // Replace with your domain
        pullSecret: "", // Your pull secret here
        resourceGroupId: resourceGroup.id,
        version: "4.6", // Specify your desired OpenShift version
    },
    masterProfile: {
        vmSize: "Standard_D16s_v3", // Adjust the VM size as needed
    },
    networkProfile: {
        podCidr: "10.128.0.0/14",
        serviceCidr: "172.30.0.0/16",
    },
    workerProfiles: [{
        name: "worker",
        vmSize: "Standard_D4s_v3",
        diskSizeGB: 128,
        count: 3, // Number of worker nodes
    }],
    servicePrincipalProfile: {
        clientId: "", // Your service principal client ID
        clientSecret: "", // Your service principal client secret
    },
});

// Configure the provider to point to the provisioned OpenShift cluster
const openshiftProvider = new k8s.Provider("openshift", {
    kubeconfig: openshiftCluster.kubeconfig, // Leverage kubeconfig output from the OpenShift cluster
});

// Deploy the cronjob-backup-keycloak Helm chart
const keycloakBackupChart = new k8s.helm.v3.Chart("keycloakBackup", {
    chart: "cronjob-backup-keycloak",
    // You need to specify the repository that contains the chart.
    // Supposed the chart is in the "helm-charts" repository under "backup" path.
    fetchOpts: {
        repo: "http://helm-charts/backup",
    },
    // You might need to provide values to customize the chart.
    values: {
        // Example configuration, replace with actual values
        schedule: "0 2 * * *",
        image: {
            repository: "backup/keycloak-backup",
            tag: "latest",
        },
        persistence: {
            volumeClaimTemplate: {
                spec: {
                    storageClassName: "standard",
                    accessModes: ["ReadWriteOnce"],
                    resources: {
                        requests: {
                            storage: "10Gi",
                        },
                    },
                },
            },
        },
    },
}, { provider: openshiftProvider }); // Notice we are using the openshift provider

// Export the OpenShift cluster credentials and Keycloak backup chart info
export const clusterCredentials = openshiftCluster.kubeconfig;
export const keycloakBackupChartName = keycloakBackupChart.resourceNames;

```

Here's what's happening in the Pulumi program above:

1. **Creating an Azure Resource Group**: This provides a namespace for all resources relating to this project, keeping it organized.

2. **Provisioning an Azure Red Hat OpenShift Cluster**: The `OpenShiftCluster` resource from the `azure-native.redhatopenshift` package creates a managed OpenShift cluster. You must fill in the details like your domain, service principal ID/secret, and pull secret from Red Hat.

3. **Configuring the Kubernetes Provider for OpenShift**: We then create a `k8s.Provider` instance that uses the newly created OpenShift cluster’s `kubeconfig`. This allows Pulumi to perform actions on the OpenShift cluster.

4. **Deploying the Helm Chart**: Using the `k8s.helm.v3.Chart` resource, the `cronjob-backup-keycloak` Helm chart is deployed to the OpenShift cluster. Note that you will need to specify the repository where the Helm chart is located and provide any necessary Helm values for configuration.

5. **Exporting Outputs**: Finally, we export the OpenShift cluster’s credentials and the name of the Helm chart release to allow you to easily access these details outside of the Pulumi program.

Before you run this Pulumi program, ensure you have an Azure Service Principal created and you have initialized your Pulumi stack with the appropriate configurations for Azure. You would also need the Red Hat pull secret that is required when creating OpenShift clusters in Azure.

To run this Pulumi program:

1. Save the code in a `index.ts` file.
2. Install the required Pulumi packages via npm:

```sh
npm install @pulumi/pulumi @pulumi/azure-native @pulumi/kubernetes
```

3. Run the Pulumi program to provision your resources:

```sh
pulumi up
```

Follow Pulumi's prompts to finish the deployment. After the successful deployment, the program will output the kubeconfig needed to access the OpenShift cluster and the name of the backup chart, confirming that it has been deployed.