Deploy the rke2-ingress-nginx helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy the rke2-ingress-nginx Helm chart on a Google Kubernetes Engine (GKE) cluster using Pulumi, you will need to perform the following tasks:

1. Create a GKE cluster.
2. Configure Pulumi to use the Kubernetes provider to interact with the created cluster.
3. Deploy the rke2-ingress-nginx Helm chart to the GKE cluster.

Below, I will guide you through the setup with a detailed explanation of each step. We'll be using Pulumi with the TypeScript language.

### Pulumi Program Explanation

Firstly, we'll use the `@pulumi/gcp` package to create a GKE cluster. The google-native.container.v1beta1.Cluster resource is used to create a GKE cluster programmatically.

Once the cluster is created, Pulumi automatically generates a kubeconfig file that allows you to interact with your cluster through the Kubernetes API.

Finally, we need to install the rke2-ingress-nginx Helm chart. We can do this by using the `@pulumi/kubernetes` package to apply a Helm chart directly. We'll use the kubernetes.helm.sh/v3.Release resource from the Pulumi Kubernetes provider, which allows us to specify the Helm chart and the values we want to override.

### Pulumi TypeScript Program

```typescript
import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";

// Step 1: Create a Google Kubernetes Engine (GKE) cluster
const cluster = new gcp.container.Cluster("my-gke-cluster", {
    initialNodeCount: 2,
    nodeVersion: "latest",
    minMasterVersion: "latest",
    nodeConfig: {
        machineType: "n1-standard-1",
        oauthScopes: [
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring"
        ],
    },
});

// Export the Cluster name and Kubeconfig
export const clusterName = cluster.name;
export const kubeconfig = pulumi.
    all([cluster.name, cluster.endpoint, cluster.masterAuth]).
    apply(([name, endpoint, masterAuth]) => {
        const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
        return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
    });

// Step 2: Set up the Kubernetes provider to deploy the Helm chart
const k8sProvider = new k8s.Provider("k8s-provider", {
    kubeconfig: kubeconfig,
});

// Step 3: Deploy the rke2-ingress-nginx Helm chart
const nginxIngress = new k8s.helm.v3.Chart("rke2-ingress-nginx", {
    chart: "rke2-ingress-nginx",
    // Add the name of the repository or the repository URL where the chart can be found,
    // e.g., "https://charts.rancher.io"
    fetchOpts: {
        repo: "https://charts.rancher.io",
    },
    // Optionally, you can provide the version of the chart and values to override settings in the chart
    values: {
        // Override default values here if needed
    },
}, { provider: k8sProvider });

// Export the ingress controller service IP or hostname to access it later
export const ingressIp = nginxIngress.getResourceProperty("v1/Service", "rke2-ingress-nginx-controller", "status").apply(status => status.loadBalancer.ingress[0].ip);
```

In this program, we create a new GKE cluster with the `gcp.container.Cluster` resource. We specify the initial node count and node version, as well as the machine type and OAuth scopes that define the permissions for the GKE nodes.

After creating the GKE cluster, we construct a `kubeconfig` file that provides the necessary credentials to interact with the cluster via the Kubernetes API. This `kubeconfig` is used to set up the `k8s.Provider` instance.

We then instantiate a `Chart` resource from the `@pulumi/kubernetes` provider to deploy the rke2-ingress-nginx Helm chart to the GKE cluster we created earlier. We provide the `chart` name and the repository URL. We also specify any necessary values that should override the defaults in the Helm chart configuration.

Lastly, we export the Ingress IP address, which you can use to access the rke2-ingress-nginx services once they are up and running.

### Running the Program

To run this Pulumi program:

1. Ensure you have [Pulumi installed](https://www.pulumi.com/docs/get-started/install/).
2. Set up [Google Cloud SDK (gcloud) for authentication](https://www.pulumi.com/docs/intro/cloud-providers/gcp/setup/).
3. Create a new directory for your project and change into it.
4. Run `pulumi new typescript` to create a new Pulumi TypeScript project.
5. Replace the contents of `index.ts` with the code provided above.
6. Run `npm install @pulumi/gcp @pulumi/kubernetes` to install the necessary Pulumi packages.
7. Run `pulumi up` to preview and deploy the changes.

This command will lead you through the process of deploying the resources to GKE. You will receive output variables to access your rke2-ingress-nginx Ingress once the deployment is successful.