Deploy the mattermost-instance helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

Deploying a Mattermost instance using a Helm chart on Azure Red Hat OpenShift involves several steps which include setting up the OpenShift cluster, configuring Kubernetes for Helm, and then deploying the application using Helm.

Below is a Pulumi TypeScript program that accomplishes this task by using the `azure-native.redhatopenshift.OpenShiftCluster` resource to create an Azure Managed OpenShift Service, and the `kubernetes.helm.v3.Chart` resource to deploy the Mattermost Helm chart into the OpenShift cluster.

First, we’ll create an Azure Managed OpenShift cluster. We need to specify the cluster properties such as the location, resource group, and various profiles like the master and worker profiles that define sizes and counts for the VMs.

Next, we’ll configure the Kubernetes provider to interact with the created OpenShift cluster. This requires a kubeconfig file which typically contains the necessary details to connect to the Kubernetes cluster.

Finally, we’ll deploy the Mattermost Helm chart using Pulumi's Kubernetes provider. Helm charts are packages that contain all of the necessary resources to run an application, tool, or service inside a Kubernetes cluster.

Here's the TypeScript program which makes use of Pulumi:

```typescript
import * as pulumi from '@pulumi/pulumi';
import * as azure from '@pulumi/azure-native';
import * as k8s from '@pulumi/kubernetes';
import * as openshift from '@pulumi/azure-native/redhatopenshift'; // OpenShift Azure provider
import * as azuread from "@pulumi/azuread";

const config = new pulumi.Config();
const password = config.requireSecret("adminPassword");
const sshPublicKey = config.require("sshPublicKey");

// Create a resource group
const resourceGroup = new azure.resources.ResourceGroup("rg");

// Create an AD service principal
const adApp = new azuread.Application("app");
const adSp = new azuread.ServicePrincipal("servicePrincipal", {applicationId: adApp.applicationId});

// Create the OpenShift cluster.
const cluster = new openshift.OpenShiftCluster("openshiftcluster", {
    resourceGroupName: resourceGroup.name,
    location: resourceGroup.location,
    openShiftVersion: "v4.3",
    tags: {
        Environment: "Pulumi Deployment",
    },
    clusterProfile: {
        domain: "example",
        resourceGroupId: resourceGroup.id,
    },
    servicePrincipalProfile: {
        clientId: adSp.applicationId,
        clientSecret: password,
    },
    masterPoolProfile: {
        name: "master",
        count: 3,
        vmSize: "Standard_D8s_v3",
    },
    workerProfiles: [{
        name: "worker",
        count: 3,
        vmSize: "Standard_D4s_v3",
    }],
    apiserverProfile: {
        visibility: "Public",
    },
    ingressProfiles: [{
        name: "default",
        visibility: "Public",
    }],
});

// Set up the K8s provider to use the kubeconfig from the created OpenShift cluster.
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: cluster.kubeconfig.apply(c => c.kubeconfig),
});

// Deploy the mattermost-instance Helm chart into the OpenShift cluster
const mattermostChart = new k8s.helm.v3.Chart("mattermost-instance", {
    chart: "mattermost",
    version: "5.31.0", // Specify the version of the Helm chart.
    namespace: "mattermost",
    fetchOpts: {
        repo: "https://helm.mattermost.com/",
    },
}, { provider: k8sProvider });

// Export the public IP to access Mattermost
export const mattermostUrl = pulumi.interpolate`http://${mattermostChart.getResourceProperty("v1/Service", "mattermost-instance", "status").apply(s => s.loadBalancer.ingress[0].ip)}`;
```

In the above program:

- We start by importing the necessary modules from Pulumi's Azure, Azure AD, and Kubernetes packages.
- We create an Azure Resource Group which will contain all our deployed resources.
- We set up an Azure AD Application and Service Principal. These are required for OpenShift to interact with other Azure services with the proper permissions.
- The `OpenShiftCluster` resource definition includes details like the OpenShift version, the location (inherited from the Resource Group), tags for metadata, cluster profile configuration including the resource group id, service principal credentials, as well as profiles describing the master and worker nodes in the cluster.
- The `k8s.Provider` is configured to connect to our newly created OpenShift cluster, using its kubeconfig output.
- The `Chart` resource is used to deploy the Mattermost instance using its Helm chart. We specify the chart name, version, and repository from where it should fetch the chart.
- The Mattermost service URL is exported as an output which can be accessed using Pulumi CLI by running `pulumi stack output mattermostUrl`. This URL can be used in the browser to navigate to the Mattermost instance.

Please ensure that you have the required Azure CLI setup and Pulumi account configured as this will allow you to deploy this Pulumi program directly. Also, you need to replace the placeholder values like the admin password and SSH public key with your actual secrets for successful provisioning.

To run this Pulumi program, save the code to a file with a `.ts` extension, run `npm install` to get the necessary packages, and then execute `pulumi up` to start the deployment process. Follow the prompts provided by Pulumi to complete the deployment.