Deploy the shoot-oidc-service helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy the `shoot-oidc-service` helm chart on Google Kubernetes Engine (GKE), we'll need to carry out these high-level steps: 1. **Set up a GKE Cluster**: We'll first create a GKE cluster, which is a set of compute resources that host our containerized applications. 2. **Install the Helm Chart**: Once the cluster is ready, we will deploy the helm chart to the Kubernetes cluster using Pulumi's Helm support. Below is a detailed TypeScript program using Pulumi's Google Cloud (GCP) and Kubernetes providers. This program is divided into two main parts: provisioning the GKE cluster and deploying the Helm chart to the cluster. ### Prerequisites - Make sure you have [Pulumi CLI](https://www.pulumi.com/docs/get-started/install/) installed. - Make sure you have [Google Cloud SDK](https://cloud.google.com/sdk) installed. - Make sure you have configured your Google Cloud credentials via the CLI or Pulumi. We'll start by importing the necessary packages and initializing our Pulumi program: ```typescript import * as gcp from "@pulumi/gcp"; import * as k8s from "@pulumi/kubernetes"; const projectName = ""; // Replace with your GCP project ID const config = new pulumi.Config(); const clusterName = "gke-cluster"; ``` ### Step 1: Create a GKE Cluster We're going to provision a GKE cluster. GKE clusters are the foundation of GKE - they are the Kubernetes clusters where your containers and services live. ```typescript // Create a GKE cluster const gkeCluster = new gcp.container.Cluster(clusterName, { initialNodeCount: 1, nodeVersion: "latest", minMasterVersion: "latest", nodeConfig: { machineType: "n1-standard-1", // This is a suitable default, but it’s flexible oauthScopes: [ "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring" ], }, }); // Export the Cluster name and kubeconfig export const kubeconfig = pulumi. all([ gkeCluster.name, gkeCluster.endpoint, gkeCluster.masterAuth ]). apply(([ name, endpoint, masterAuth ]) => { const context = `${gcp.config.project}_${gcp.config.zone}_${name}`; return `apiVersion: v1 clusters: - cluster: certificate-authority-data: ${masterAuth.clusterCaCertificate} server: https://${endpoint} name: ${context} contexts: - context: cluster: ${context} user: ${context} name: ${context} current-context: ${context} kind: Config preferences: {} users: - name: ${context} user: auth-provider: config: cmd-args: config config-helper --format=json cmd-path: gcloud expiry-key: '{.credential.token_expiry}' token-key: '{.credential.access_token}' name: gcp `; }); ``` The export at the end creates a kubeconfig output which can be used to interact with the Kubernetes cluster. ### Step 2: Deploy the Helm Chart Once the cluster is created, we can deploy Helm charts to it. Pulumi has a Helm Release resource we can use for this. ```typescript // Set up a Kubernetes provider to interact with the GKE cluster. const k8sProvider = new k8s.Provider("k8sProvider", { kubeconfig: gkeCluster.kubeconfig.apply(JSON.stringify), }); // Deploy the shoot-oidc-service helm chart const oidcServiceChart = new k8s.helm.v3.Chart("shoot-oidc-service", { chart: "shoot-oidc-service", version: "1.0.0", // Replace with the correct chart version // Values in values.yaml can be overridden using `values` field. values: { // Your service-specific values here }, }, { provider: k8sProvider }); // Export the Helm chart's deployment name export const oidcServiceName = oidcServiceChart.getResourceProperty("v1/Service", "shoot-oidc-service", "metadata").apply(m => m.name); ``` The above block sets up a Kubernetes provider which knows how to communicate with our GKE cluster using the generated kubeconfig. The `k8s.helm.v3.Chart` resource then manages the deployment of the `shoot-oidc-service` Helm chart on the GKE cluster. ### Complete Program Combining all the above steps, here's the full program: ```typescript import * as pulumi from '@pulumi/pulumi'; import * as gcp from "@pulumi/gcp"; import * as k8s from "@pulumi/kubernetes"; const projectName = ""; // Replace with your GCP project ID const clusterName = "gke-cluster"; // Start creating a GKE cluster const gkeCluster = new gcp.container.Cluster(clusterName, { initialNodeCount: 1, nodeVersion: "latest", minMasterVersion: "latest", nodeConfig: { machineType: "n1-standard-1", oauthScopes: [ "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring" ], }, }); // Export the Cluster name and kubeconfig export const kubeconfig = pulumi. all([ gkeCluster.name, gkeCluster.endpoint, gkeCluster.masterAuth ]). apply(([ name, endpoint, masterAuth ]): string => { const context = `${gcp.config.project}_${gcp.config.zone}_${name}`; return `apiVersion: v1 clusters: - cluster: certificate-authority-data: ${masterAuth.clusterCaCertificate} server: https://${endpoint} name: ${context} contexts: - context: cluster: ${context} user: ${context} name: ${context} current-context: ${context} kind: Config preferences: {} users: - name: ${context} user: auth-provider: config: cmd-args: config config-helper --format=json cmd-path: gcloud expiry-key: '{.credential.token_expiry}' token-key: '{.credential.access_token}' name: gcp `; }); // Create a Kubernetes provider that uses our kubeconfig const k8sProvider = new k8s.Provider("k8sProvider", { kubeconfig: kubeconfig.apply(JSON.stringify), }); // Deploy the shoot-oidc-service helm chart const oidcServiceChart = new k8s.helm.v3.Chart("shoot-oidc-service", { chart: "shoot-oidc-service", version: "1.0.0", // Replace with the actual chart version // Override default values from the chart's 'values.yaml' values: { // Add service-specific values here }, }, { provider: k8sProvider }); // Export the Helm chart's deployment name export const oidcServiceName = oidcServiceChart.getResourceProperty("v1/Service", "shoot-oidc-service", "metadata").apply(m => m.name); ``` To deploy this Pulumi program: 1. Save the code above to a file named `index.ts`. 2. Run `pulumi up` to preview and deploy the changes. The Helm chart release name is exported so you can easily reference it. You must replace the placeholder `` in the program with your actual Google Cloud project identifier and `1.0.0` with the version of the Helm Chart you want to use. Make sure that you have authenticated your Pulumi CLI with Google Cloud and that you have permissions to create resources in your project. This program assumes that you have already set up the Pulumi CLI and have an account on Google Cloud with sufficient permissions.