Deploy the multitenant helm chart on Oracle Kubernetes Engine (OKE)

Question

Pulumi · Accepted Answer

Deploying a multi-tenant Helm chart on Oracle Kubernetes Engine (OKE) involves a few steps: setting up the OKE cluster, preparing Helm for deployment, and finally deploying the Helm chart itself. In this guide, I will walk you through creating a simple OKE cluster and then deploying a multi-tenant Helm chart using Pulumi's infrastructure as code approach.
 
Before we proceed with the Pulumi TypeScript program, please ensure you have done the following:
- Installed the Pulumi CLI and configured it by following the instructions on [Pulumi's installation guide](https://www.pulumi.com/docs/get-started/install/).
- Logged into your Oracle Cloud Infrastructure (OCI) account and set up the required credentials for Pulumi to interact with your OCI resources. Configure your OCI credentials in your environment following the [Pulumi Oracle Cloud Infrastructure setup guide](https://www.pulumi.com/registry/packages/oci/installation-configuration/).
- Installed Helm on your local development machine. Helm's installation instructions are available on [Helm's official website](https://helm.sh/docs/intro/install/).

We'll use the `oci` Pulumi provider to interact with OCI services and create an OKE cluster. After the cluster is provisioned, we'll utilize the `kubernetes.helm.sh/v3.Chart` resource to deploy a Helm chart that, declaring it as a `multi-tenant`, suggests that the Helm chart itself is designed to support multi-tenancy.

Below is the TypeScript program that is responsible for setting up the cluster and deploying the Helm chart:

```typescript
import * as pulumi from '@pulumi/pulumi';
import * as oci from '@pulumi/oci';
import * as k8s from '@pulumi/kubernetes';

// Create an Oracle Kubernetes Engine (OKE) cluster.
const cluster = new oci.ContainerEngine.Cluster("my-oke-cluster", {
    // Mandatory fields
    compartmentId: "your-compartment-id",
    name: "my-oke-cluster",
    kubernetesVersion: "v1.20.11",
    vcnId: "your-vcn-id", // The ID of an existing VCN
    options: {
        serviceLbSubnetIds: ["subnet-id-1", "subnet-id-2"], // Specify the subnet IDs for Load Balancer
    },
});

// Declare the provider to interact with the created OKE cluster.
// This step assumes that you have `kubectl` and `oci` CLI configured,
// and you've obtained the kubeconfig for your OKE cluster.
const k8sProvider = new k8s.Provider("my-oke-k8s-provider", {
    kubeconfig: cluster.kubeconfigs.apply(kubeconfigs => kubeconfigs[0].content),
});

// Deploy the multi-tenant Helm chart on the OKE cluster.
const chart = new k8s.helm.v3.Chart("my-multitenant-chart", {
    chart: "name-of-multitenant-chart", // Replace with the name of your Helm chart
    version: "chart-version", // Specify the version of the Helm chart
    // Optionally, you can specify values that configure the Helm chart
    values: {
        // ... your configuration values ...
    },
    // If the Helm chart requires any specific namespace, specify it
    namespace: "default", 
}, { provider: k8sProvider });

// Export the K8s cluster's name and Helm chart status
export const clusterName = cluster.name;
export const helmChartStatus = chart.status;
```

In this program:
- We define an OKE cluster, specifying mandatory fields such as the `compartmentId`, `kubernetesVersion`, and `vcnId`. You'll need to replace placeholder values (like `"your-compartment-id"`) with the actual values from your own OCI environment.
- We define a new Kubernetes provider that utilizes the kubeconfig from our OKE cluster, allowing Pulumi to communicate with the cluster.
- We declare a new `Chart` resource from the `kubernetes.helm.sh/v3` package to deploy our multi-tenant Helm chart onto the cluster. Replace `"name-of-multitenant-chart"` with the name of the chart in the Helm repository, and `"chart-version"` with the desired version of the chart.

To deploy this Pulumi project, navigate to your project directory in your terminal and run the following Pulumi CLI command:

```shell
pulumi up
```

This command will preview the changes that Pulumi is about to make and, after confirmation, apply those changes to your cloud provider.

When you're done, you can clean up and delete all created resources by running the destroy command:

```shell
pulumi destroy
```

Please ensure you check and respect the configurations and policies outlined by your Helm chart's maintainer, especially for multi-tenancy, as that often includes complex configuration to isolate tenants and resources effectively.