Deploy the kong-authorizer helm chart on Digital Ocean Kubernetes Service

Question

Pulumi · Accepted Answer

Deploying a Helm chart on a Digital Ocean Kubernetes Service with Pulumi involves several steps: setting up a Kubernetes cluster, installing the Helm chart, and configuring any necessary Kubernetes resources. We'll go through the process using Pulumi's TypeScript programming language.

Here's a breakdown of what we'll be doing:

1. **Creating a Kubernetes cluster on Digital Ocean**: This is done using the `digitalocean.KubernetesCluster` resource. You are required to provide a name, region, version, and node pool details at a minimum. For this example, we'll create a simple cluster with just one node pool.

2. **Installing the Helm chart**: After the cluster is provisioned, we use the `kubernetes.helm.v3.Chart` resource to deploy the `kong-authorizer` chart. This resource lets you manage Helm chart deployments just as you would with the `helm` CLI tool, but with the benefits of infrastructure as code practices.

First, ensure you have the Digital Ocean and Kubernetes Pulumi providers installed:

```bash
pulumi plugin install resource digitalocean v4.22.0
pulumi plugin install resource kubernetes v4.4.0
```

Now let's set up the Pulumi program:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as digitalocean from "@pulumi/digitalocean";
import * as kubernetes from "@pulumi/kubernetes";

// Create a Digital Ocean Kubernetes cluster
const cluster = new digitalocean.KubernetesCluster("kong-authorizer-cluster", {
    region: digitalocean.Regions.NYC3, // You can choose the region that is closer to your users
    version: "latest", // Specify your desired Kubernetes version
    nodePool: {
        name: "kong-authorizer-pool",
        size: digitalocean.DropletSlugs.DropletS2VCPU2GB, // This is the size of the node. You can select as per your requirement
        nodeCount: 1, // Number of nodes in the node pool
    },
});

// Export the cluster's kubeconfig
export const kubeconfig = cluster.kubeConfigs.apply(kubeConfig => kubeConfig[0].rawConfig);

// Using the resulting kubeconfig, install a Helm chart for Kong Authorizer
const kongAuthorizer = new kubernetes.helm.v3.Chart("kong-authorizer", {
    chart: "kong-authorizer",
    // You would specify the repository here if this chart is hosted on a Helm repo
    // e.g., repo: "https://charts.example.com/"
    values: {
        // Specify your Helm chart values here
        // These are dependent on the 'kong-authorizer' chart you're using
    },
}, { provider: new kubernetes.Provider("kong-authorizer-provider", { kubeconfig: kubeconfig }) });

// Export the endpoint of the kong-authorizer service
export const kongAuthorizerEndpoint = kongAuthorizer.getResource("v1/Service", "kong-authorizer", "kong-authorizer").status.apply(status => status.loadBalancer.ingress[0].ip);
```

Explanation of the code:

- `digitalocean.KubernetesCluster`: This resource provisions a Kubernetes cluster in the specified Digital Ocean region. We named the cluster `kong-authorizer-cluster` and the node pool `kong-authorizer-pool`. The `version` selects the Kubernetes version; using `latest` will provision the cluster with the latest stable version supported by Digital Ocean.

- `cluster.kubeConfigs`: This attribute of the `KubernetesCluster` resource outputs the kubeconfig needed to communicate with the cluster. We're exporting this so it can be used to configure the Kubernetes provider for Helm.

- `kubernetes.helm.v3.Chart`: We're deploying the `kong-authorizer` chart onto the Kubernetes cluster we created. The `values` object should contain configuration specific to the Helm chart you're deploying. If the chart requires being fetched from a specific Helm repository, you would include the `repo` field with the repository URL.

- `kubernetes.Provider`: This is a Pulumi Kubernetes provider that uses the kubeconfig of the created cluster. We're associating this provider with our Helm chart so that it installs on the correct cluster.

- `kongAuthorizerEndpoint`: We're exporting an IP address which is the endpoint through which you can access the deployed `kong-authorizer`. This assumes that the Helm chart creates a LoadBalancer service.

You should adjust the `values` configuration to match whatever configuration parameters the `kong-authorizer` chart requires. This might include things like custom resource definitions (CRDs), service type, and so on.

After writing and saving your `index.ts` file, navigate to your Pulumi project directory in your terminal, and run `pulumi up` to execute the Pulumi program. This will create the cluster and deploy the Helm chart, managing the entire operation as a single deployment.