Deploy the rh-sso helm chart on Kubernetes

Question

Pulumi · Accepted Answer

To deploy the RH-SSO (Red Hat Single Sign-On) Helm chart on a Kubernetes cluster using Pulumi, you would need to use the Pulumi Kubernetes provider. The kubernetes.helm.v3.Chart resource is what we'll utilize to achieve this. It allows us to specify a Helm chart for deployment just like you would with the helm CLI tool, but managed within Pulumi's infrastructure as code framework.

Here's how you can do it in Pulumi with TypeScript:

Before starting with the code, make sure you have Pulumi installed and configured for the desired Kubernetes cluster. You would also need to find the RH-SSO Helm chart location which could be on a Helm repository or a local directory.

Import Necessary Libraries: Begin by importing @pulumi/kubernetes module which contains the classes and functions you need to interact with Kubernetes resources including Helm charts.
Create a New Kubernetes Provider Instance: If you need to target a particular Kubernetes cluster (not the default one configured in your kubeconfig), you would instantiate a new provider pointing at that cluster.
Create an Instance of kubernetes.helm.v3.Chart Resource: This is where you define the Helm chart you want to deploy. You'll need to pass the name of the chart, the repository where it is located (unless it's a local chart), and any custom values to override defaults in the Helm chart.

Below is a step-by-step Pulumi TypeScript program that deploys RH-SSO using a Helm chart:

import * as k8s from "@pulumi/kubernetes";

// This is where you specify the chart details and any customizations.
// Replace `chartRepoUrl` with the actual repository URL.
// Replace `chartVersion` with the specific version you wish to deploy.
// Add various properties to `values` as necessary for your setup.
const chartRepoUrl = "https://<helm chart repo URL>";
const chartVersion = "<helm chart version>"; // For example, "7.4.0"
const ssoChart = new k8s.helm.v3.Chart("rh-sso", {
    chart: "rh-sso",
    version: chartVersion,
    fetchOpts: {
        repo: chartRepoUrl,
    },
    // Add the necessary configuration for RH-SSO
    values: {
        // These values should be set according to your needs.
        // For example:
        // keycloak: {
        //     username: "admin",
        //     password: "admin",
        //     ...
        // }
        // You can find which values are available by looking at the
        // chart's `values.yaml` file or in the chart's documentation.
    },
});

// Export the endpoint of the RH-SSO instance after it has been deployed so you can access it
export const ssoEndpoint = ssoChart.getResourceProperty("v1/Service", "rh-sso-keycloak", "status").apply(status => {
    return status.loadBalancer.ingress[0].hostname;
});

Make sure to replace the placeholders for chartRepoUrl and chartVersion with the actual values. The values field should be configured in accordance with your desired RH-SSO configuration. You might need to refer to the specific Helm chart's documentation for the relevant configuration options available to you.

The ssoEndpoint export at the end is to output the ingress endpoint of the RH-SSO service if your Helm chart defines a LoadBalancer service to expose it. If not, you might want to extract the appropriate status field or the entire service definition to understand what resources were created and how to access the RH-SSO service.

To apply this Pulumi program, you would normally run pulumi up in the directory containing this code, and Pulumi would handle the deployment. Ensure that you have the correct context set for your Kubernetes cluster where you are deploying RH-SSO.