Deploy the kanister-mongodb-replicaset helm chart on Azure Managed Openshift Service

Question

Pulumi · Accepted Answer

To deploy the `kanister-mongodb-replicaset` Helm chart on an Azure Managed Openshift Service using Pulumi, we need to perform a few distinct steps:

1. Set up a new Azure Red Hat OpenShift (ARO) cluster using Pulumi's `azure-native.redhatopenshift.OpenShiftCluster` resource. This will be our Kubernetes environment where we can run Helm charts.
2. Once we have the ARO cluster running, we will use Pulumi's `kubernetes.helm.v3.Chart` resource from the `@pulumi/kubernetes` package to deploy the `kanister-mongodb-replicaset` Helm chart onto our Kubernetes cluster.

To start, we will need to install the following package dependencies:
- `@pulumi/azure-native` for Azure Native resources.
- `@pulumi/kubernetes` for Kubernetes resources and Helm chart deployment.

Below is a detailed TypeScript program that outlines how to accomplish this.

### Pulumi Program

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
import * as k8s from "@pulumi/kubernetes";
import * as azuread from "@pulumi/azuread";

// You may need to change this value if you already have a registered domain.
const domainName = "example.com";

// Step 1: Create a new ARO (Azure Red Hat OpenShift) cluster
// The resources needed include the OpenShiftCluster, the network for the cluster, and required Azure Active Directory entities
const resourceGroupName = "myAROResourceGroup";
const resourceName = "myAROCluster";

// Create a new resource group for the ARO cluster
const resourceGroup = new azure_native.resources.ResourceGroup(resourceGroupName);

// Set up a virtual network for the ARO cluster
const vnet = new azure_native.network.VirtualNetwork(resourceName, {
    resourceGroupName: resourceGroup.name,
    addressSpace: {
        addressPrefixes: ["10.0.0.0/22"],
    },
    location: resourceGroup.location,
});

const workerSubnet = new azure_native.network.Subnet("workerSubnet", {
    virtualNetworkName: vnet.name,
    resourceGroupName: resourceGroup.name,
    addressPrefix: "10.0.2.0/24",
    // NAT gateway settings can be added here for egress configuration
});

// Network profile for the cluster
const networkProfile = {
    vnetCidr: "10.0.0.0/22",
};

// Create Azure AD Application for the cluster
const aroApp = new azuread.Application("aroApp", {
    displayName: "aroApp",
});

// Create a Service Principal for the Azure AD Application
const aroSP = new azuread.ServicePrincipal("aroServicePrincipal", {
    applicationId: aroApp.applicationId,
});

// Create a Secret for the Service Principal
const aroSPSecret = new azuread.ServicePrincipalPassword("aroServicePrincipalSecret", {
    servicePrincipalId: aroSP.id,
    endDate: "2099-01-01T00:00:00Z",
});

// Create the ARO Cluster
const cluster = new azure_native.redhatopenshift.OpenShiftCluster("aroCluster", {
    resourceGroupName: resourceGroup.name,
    resourceName: resourceName,
    location: resourceGroup.location,
    masterProfile: {
        vmSize: "Standard_D8s_v3",
        subnetId: workerSubnet.id,
    },
    workerProfiles: [
        {
            name: "worker", // Default worker profile
            vmSize: "Standard_D4s_v3",
            diskSizeGB: 128,
            subnetId: workerSubnet.id,
            count: 3,
        },
    ],
    networkProfile: networkProfile,
    servicePrincipalProfile: {
        clientId: aroSP.applicationId,
        clientSecret: aroSPSecret.value,
    },
    // Pull secret obtained from Red Hat OpenShift Cluster Manager
    // Follow the Red Hat documentation to obtain it: 
    // https://cloud.redhat.com/openshift/install/azure/aro-provisioned
    pullSecret: "YOUR_PULL_SECRET",
});

// Step 2: Deploy the kanister-mongodb-replicaset Helm chart on the ARO cluster
// First, we set up a Kubernetes provider pointing to the ARO cluster's Kubeconfig
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: cluster.kubeconfig,