Deploy the grafana-storage helm chart on Opensshift
TypeScriptDeploying a Helm chart on OpenShift is quite similar to doing so on a standard Kubernetes cluster, with some OpenShift-specific considerations for security and permissions. The
grafana-storage
Helm chart would be a chart that sets up Grafana, presumably with some persistent storage configured.To deploy a Helm chart to OpenShift using Pulumi, you first need to set up your Pulumi project to use the Kubernetes provider, which enables you to interact with your Kubernetes and OpenShift clusters. If you don't have a Pulumi project yet, create one with
pulumi new kubernetes-typescript
.In the below Pulumi program, we will define the deployment using the
Chart
resource from the@pulumi/kubernetes/helm/v3
package. This package allows us to deploy Helm charts within our Pulumi programs.Make sure you have the correct context set up in your
~/.kube/config
for OpenShift, as Pulumi relies on it to connect to your cluster.Here's how you could write a Pulumi program to deploy the
grafana-storage
Helm chart to OpenShift:import * as k8s from "@pulumi/kubernetes"; // Deploy the grafana-storage Helm chart on an Openshift cluster. // Make sure your Helm repository is added and updated, and that // you are authenticated with your Openshift cluster. const grafana = new k8s.helm.v3.Chart("grafana-storage", { // Replace with the actual repository that contains the grafana-storage Helm chart, if it's not in the default repo. repo: "stable", chart: "grafana-storage", // Specify the version of the chart you wish to deploy. version: "1.0.0", // Values allows you to provide a custom values file for your Helm chart to override default settings. values: { // These values would be specific to the grafana-storage Helm chart you are using. // For example, to set a custom admin password and configure persistence: adminPassword: "YourAdminPassword", persistence: { enabled: true, storageClassName: "standard", // This should be a storageclass available in your Openshift cluster. size: "10Gi", // Adjust the size as needed. }, // OpenShift specific configurations could go here. }, // Namespace where you want to deploy your Grafana instance. Ensure this namespace is created in your OpenShift cluster. namespace: "grafana", // OpenShift often requires specifying a SecurityContextConstraints object // for each pod. Depending on your cluster's configuration, you might need // to add custom security context settings for Grafana's pods. // This, however, can depend greatly on your specific OpenShift security policies. transformations: [ (obj: any) => { if (obj.kind === "Deployment" && obj.metadata.name.startsWith("grafana-storage")) { // Adjust the security context, if needed. obj.spec.template.spec.securityContext = { runAsUser: 1001 }; } }, ], }); // Export the base URL for the Grafana dashboard export const grafanaUrl = grafana.getResourceProperty("v1/Service", "grafana-storage", "status") .apply(status => `http://${status.loadBalancer.ingress[0].hostname}`);
To explain, the above program defines a Helm chart resource using Pulumi's Kubernetes package. It specifies the chart name, repository (if it's not in the standard Helm repo), and version to be used. In the
values
object, we're assuming the Helm chart has options to set an admin password and configure persistent storage. We used a placeholderYourAdminPassword
as the admin password, which should be replaced with a real password.In the
transformations
option, we have a conditional statement that checks if the Kubernetes object being deployed is part of our Grafana Deployment. If it is, we set therunAsUser
value in the pod's security context — this is a simplistic example, OpenShift's security constraints can be more complex, and this may need to be tailored to your cluster's requirements.Lastly, we export
grafanaUrl
, which retrieves the hostname from the LoadBalancer service of your deployed Grafana instance so that you can access the Grafana dashboard. Please note that this assumes the Grafana service is of type LoadBalancer and your OpenShift cluster supports LoadBalancer service — this may not always be the case, so you might need to fetch the correct endpoint based on your service type and cluster configuration.Keep in mind to replace placeholder values such as
YourAdminPassword
, thestorageClassName
, and any specific Helm chart configuration values with those that are appropriate for your actual use case and OpenShift environment.To run this program:
- Save it as
index.ts
in the root of your Pulumi project. - Run
pulumi up
to preview and deploy the changes.
Remember to have the OpenShift CLI
oc
installed and configured with the cluster where you wish to deploy Grafana.- Save it as