Deploy the unpubd helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

Deploying a Helm chart to Google Kubernetes Engine (GKE) using Pulumi is a multi-step process. First, you need to create a GKE cluster, and then you need to use the Helm resource to deploy the chart to that cluster.

Below is a step-by-step guide and a complete Pulumi program written in TypeScript that will perform the following actions:

1. Create a GKE cluster using the `gcp.container.Cluster` resource.
2. Deploy a Helm chart to the GKE cluster using the `kubernetes.helm.v3.Chart` resource.

Before you begin, make sure you have the following prerequisites set up:
- Pulumi CLI installed and the project initialized.
- `gcloud` CLI installed and authenticated to a Google Cloud Platform (GCP) account.
- Necessary permissions to create resources in the GCP project.
- Helm CLI installed, if you need to customize the Helm chart or for other Helm operations.

Here is the complete Pulumi program:

```typescript
import * as pulumi from '@pulumi/pulumi';
import * as gcp from '@pulumi/gcp';
import * as k8s from '@pulumi/kubernetes';

// Create a GKE cluster
const cluster = new gcp.container.Cluster('gke-cluster', {
    initialNodeCount: 2,
    minMasterVersion: 'latest',
    nodeConfig: {
        machineType: 'n1-standard-1',
        oauthScopes: [
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring"
        ],
    },
});

// Export the Cluster name
export const clusterName = cluster.name;

// Export the Kubeconfig to access the created Cluster
export const kubeconfig = pulumi.
    all([cluster.name, cluster.endpoint, cluster.masterAuth]).
    apply(([name, endpoint, masterAuth]) => {
        const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
        return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
    });

// Create a Kubernetes provider that uses the created cluster's kubeconfig
const k8sProvider = new k8s.Provider('gke-k8s', {
    kubeconfig: kubeconfig,
});

// Deploy the Helm chart to the cluster
const unpubdChart = new k8s.helm.v3.Chart('unpubd', {
    chart: 'unpubd', // Replace with the correct chart name
    version: '1.0.0', // Specify the desired chart version
    fetchOpts:{
        repo: 'http://your-helm-chart-repo/', // Specify your Helm chart repository URL
    },
}, { provider: k8sProvider });

// Export the Helm chart resources
export const helmResources = unpubdChart.resources;
```

### What the program does

1. A GKE cluster resource is instantiated with the name 'gke-cluster'. It specifies the initial node count and the machine type for those nodes. Here we specify OAuth scopes which grant permissions to the node instances to interact with Google Cloud APIs.

2. The output of the GKE cluster's name, its endpoint, and the master's authentication information is composed to generate a kubeconfig, which is exported. This kubeconfig allows us to interact with our GKE cluster using `kubectl` or Kubernetes client libraries.

3. A Kubernetes Provider is created, pointing to the newly created GKE cluster. We pass the kubeconfig from the cluster to the Kubernetes provider so it knows where and how to communicate with the cluster.

4. The `unpubd` Helm chart is deployed using the `k8s.helm.v3.Chart` resource. The chart name, version, and repository URL are specified in this resource. Since Helm charts can have dependencies and complex structures, using the `Chart` resource from Pulumi's Kubernetes provider simplifies the deployment process down to just referencing a chart by name and version. Please do note that you need to replace `'unpubd'` and `http://your-helm-chart-repo/` with the actual chart name and Helm chart repository URL, respectively.

5. The resources generated by the Helm chart are then exported. This output could be used to obtain detailed information about resources created by Helm in the cluster.

This program doesn't include any namespace configuration, so it will install the Helm chart in the default namespace of the given GKE cluster. If you desire a different namespace, you can set the `namespace` property in the `ChartArgs`.

### Running the program

To run this program, save it as `index.ts` in a new Pulumi project directory. 
Then, run `pulumi up` from the command line. This will prompt Pulumi to create the GKE cluster and deploy the Helm chart to that cluster. You can inspect the changes before they're applied and confirm the deployment.

Please ensure that you have the correct access rights and APIs enabled in your GCP project and that you have set the proper region and zone in your Pulumi GCP configuration.