Deploy the keycloak-controller helm chart on Opensshift

Question

Pulumi · Accepted Answer

Deploying a Helm chart to an OpenShift cluster using Pulumi is essentially the same as deploying to a standard Kubernetes cluster. OpenShift is a Kubernetes distribution, so we'll still be leveraging Pulumi's Kubernetes provider and the Helm chart resource, particularly in the TypeScript language for this example. The key difference is ensuring that your Pulumi script is authenticated with OpenShift's specific configuration.

First, you need to have `kubectl` configured for your OpenShift cluster. Pulumi uses the configuration from `kubectl`, so if you can interact with your cluster using `kubectl`, you're good to go.

Next, here's a detailed breakdown of the steps the Pulumi program will carry out:

1. **Setting Up the Environment**: We'll import the necessary Pulumi packages for accessing Kubernetes resources and initializing our project.
2. **Referencing the Helm Chart**: We'll specify the Helm chart we want to install (`keycloak-controller` in this case), potentially including the Helm repository where it is stored, along with the version of the chart.
3. **Deploying the Helm Chart**: We'll create a new Helm Chart resource in Pulumi. This will effectively tell Pulumi to deploy the chart to the connected OpenShift cluster.
4. **Executing the Program**: To apply the changes specified by the Pulumi program, you'll need to execute `pulumi up`. This will prompt Pulumi to reach out to the cluster and perform the necessary actions.

Now let's go ahead and create a Pulumi program:

```typescript
import * as k8s from "@pulumi/kubernetes";

// The following code assumes you have a kubeconfig file
// correctly configured to communicate with your OpenShift cluster.

// The `k8s.Provider` resource uses the current context from the local kubeconfig.
const provider = new k8s.Provider("openshift-provider", {});

// Deploy the `keycloak-controller` Helm chart.
const keycloakControllerChart = new k8s.helm.v3.Chart("keycloak-controller", {
    // You might need to add `repo` attribute if the Helm chart is not in the stable repository.
    chart: "keycloak-controller",
    // Specify the version of the chart to be installed.
    version: "YOUR_CHART_VERSION", // Replace with the desired chart version.
    // Include any custom values for the Helm chart.
    values: {
        // Add any Keycloak controller specific values here.
    },
    // Important: OpenShift namespaces are equivalent to Kubernetes namespaces.
    // Ensure the namespace exists in your OpenShift cluster or create one as part of this program.
    namespace: "YOUR_NAMESPACE", // Replace with the actual namespace.
}, { provider: provider });

// Export the base URL for the Keycloak instance
// (assuming it is created as part of the `keycloak-controller` Helm chart).
export const keycloakBaseUrl = keycloakControllerChart.getResourceProperty(
    "v1/Service", "keycloak-controller", "status"
).apply(status => status.loadBalancer.ingress[0].hostname);
```

In the above TypeScript program:

- Replace `YOUR_CHART_VERSION` with the actual version of the `keycloak-controller` Helm chart you wish to deploy.
- Replace `YOUR_NAMESPACE` with the namespace where you want the Keycloak controller to be deployed. Create it beforehand or include an additional Pulumi resource to create the namespace.
- An instance of a `Provider` is created which refers to our OpenShift environment. It uses our kubeconfig file that's preconfigured with access to our OpenShift cluster.
- A `Chart` resource is declared, representing our `keycloak-controller` Helm chart with all the necessary details including chart version and the namespace.
- Depending on the Helm chart, you may need to export relevant information, such as the Keycloak base URL. This assumes that the Helm chart creates a `Service` of type LoadBalancer which provides an external endpoint.

To execute this Pulumi program, you would:

1. Ensure Pulumi is installed and setup on your machine.
2. Create a new Pulumi project or use an existing one.
3. Place this code in your project's `index.ts` file.
4. Run `pulumi up` from the command line within your project directory. Pulumi will show you a preview of the resources that will be created and prompt for confirmation before proceeding.
5. Confirm the deployment to apply the changes to your OpenShift cluster.

Make sure that you have the correct roles and permissions set up in your OpenShift cluster to allow for deployment of resources through Pulumi.