Deploy the contour-operator helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

The task at hand is to deploy a Helm chart, specifically the contour-operator Helm chart, on a managed OpenShift service provided by Azure. Pulumi offers a declarative way to create and manage cloud infrastructure using code. In the scenario presented, the process will be broken down into two main steps:

Creating an Azure Red Hat OpenShift Cluster using Pulumi's azure-native.redhatopenshift.OpenShiftCluster resource.

This resource is responsible for provisioning an OpenShift cluster on Azure, allowing you to specify configurations like the location, resource name, network profile, and many other parameters related to the OpenShift cluster you intend to create.

For documentation on this resource, you can visit the OpenShiftManagedCluster documentation.
Deploying the contour-operator Helm chart onto the managed OpenShift cluster using Pulumi's kubernetes.helm.v3.Chart resource.

The Chart resource allows you to apply a Helm chart within a Kubernetes cluster. Helm is a tool that streamlines the installation and management of Kubernetes applications, and this Pulumi resource provides a way to declaratively deploy Helm charts.

To know more about deploying Helm charts using Pulumi, you can look at the Helm Chart resource documentation.

Here's a TypeScript program that demonstrates how to achieve this deployment using Pulumi:

import * as pulumi from '@pulumi/pulumi';
import * as azureNative from '@pulumi/azure-native';
import * as k8s from '@pulumi/kubernetes';

// Create an Azure Resource Group
const resourceGroup = new azureNative.resources.ResourceGroup("resourceGroup", {
    location: "eastus", // Change to the preferred Azure region
});

// Create Azure Red Hat OpenShift (ARO) managed cluster
// Note: Additional configurations such as network profiles, authentication,
// service principals, and more can be specified based on requirements.
const managedCluster = new azureNative.redhatopenshift.OpenShiftCluster("openshiftCluster", {
    resourceGroupName: resourceGroup.name,
    location: resourceGroup.location,
    clusterProfile: {
        domain: "contour-example", // Customize the domain name
        pullSecret: "<pullSecret>", // Your pull secret
        version: "<version>", // Specify the OpenShift version
    },
    masterProfile: {
        vmSize: "Standard_D8s_v3", // Customize the VM size
    },
    networkProfile: {
        podCidr: "172.30.0.0/16",
        serviceCidr: "172.21.0.0/20",
    },
    workerProfiles: [{
        name: "worker", // Worker node pool name
        vmSize: "Standard_D4s_v3", // Customize the VM size for worker nodes
        count: 3, // Number of worker nodes
    }],
});

// Create a Kubernetes provider instance using the generated kubeconfig from the Openshift cluster.
const k8sProvider = new k8s.Provider("openshiftK8s", {
    kubeconfig: managedCluster.kubeconfig.apply(JSON.stringify),
});

// Deploy the contour-operator Helm chart into the OpenShift cluster
const contourOperatorChart = new k8s.helm.v3.Chart("contourOperator", {
    chart: "contour-operator",
    version: "<chart-version>", // Specify the chart version
    fetchOpts:{
        repo: "https://projectcontour.io/contour-operator/", // Helm repository for Contour-Operator
    },
}, { provider: k8sProvider });

// Export the cluster's kubeconfig and API URL for easy access
export const kubeconfig = managedCluster.kubeconfig.apply(JSON.stringify);
export const apiUrl = managedCluster.apiserverUrl;

In the code above:

We first create a new Azure Resource Group that will contain our OpenShift cluster.
We then provision an OpenShift cluster inside that resource group with the necessary configurations related to the domain, version, networking, etc.
Next, we generate a kubeconfig from our OpenShift cluster which we use to instantiate a Kubernetes provider in Pulumi. This provider is necessary to interact with our Kubernetes cluster and deploy Helm charts.
After setting up our provider, we deploy the contour-operator Helm chart inside our OpenShift cluster.

Remember to replace placeholder values like <pullSecret>, <version>, and <chart-version> with real values corresponding to your deployment needs. The pull secret and specific OpenShift version can be obtained from Red Hat OpenShift or Azure, depending on how your infrastructure and access permissions are set up.

Once the Pulumi program is written, you will need to run the pulumi up command to preview and deploy the resources. Pulumi will show a preview of the actions it will take and, upon confirmation, proceed to apply those actions to the target Azure cloud environment.

Keep in mind that Azure Red Hat OpenShift has specific requirements, so make sure you read and adhere to Azure’s guidelines when creating ARO clusters.