Deploy the networking-cilium helm chart on Oracle Kubernetes Engine (OKE)

Question

Pulumi · Accepted Answer

To deploy the `networking-cilium` Helm chart on Oracle Kubernetes Engine (OKE), we will use Pulumi with the Kubernetes provider. Pulumi's Kubernetes provider lets you create, deploy, and manage Kubernetes resources with real programming languages. In this case, I'll use TypeScript to show you how.

We will begin by setting up the necessary Pulumi resources to create an OKE cluster if you don't have one already. Then we will deploy the `networking-cilium` Helm chart to the cluster.

### Step 1: Define the OKE Cluster

First, we will use the `oci.ContainerEngine.Cluster` resource to provision an OKE cluster. This defines the Kubernetes cluster in OCI.

### Step 2: Deploy the Helm Chart

Once we have the cluster, we'll proceed to set up the `kubernetes.helm.v3.Chart` resource, which Pulumi uses to deploy Helm charts. We'll be deploying the `networking-cilium` Helm chart, which sets up Cilium as a CNI (Container Network Interface) for the Kubernetes cluster to provide network policy enforcement and connectivity between pod workloads.

Make sure that you have installed Pulumi, set up your OCI account, and configured Pulumi to use your OCI account.

Here's the complete program in TypeScript:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
import * as k8s from "@pulumi/kubernetes";

// This assumes that you've already configured your OCI provider with the necessary credentials and region.
// Create an OKE cluster.
const cluster = new oci.ContainerEngine.Cluster("myOkeCluster", {
    // You will need to replace these values with the actual ones that correspond to your OCI setup.
    compartmentId: "your-compartment-id",
    vcnId: "your-vcn-id", 
    kubernetesVersion: "v1.20.11", // Ensure this version is compatible with Cilium, check Cilium's documentation for compatibility.
    options: {
        serviceLbConfig: {
            /* ...additional options... */
        },
    },
    // ...additional configurations for the cluster...
});

// Once the cluster is available, we configure the K8s provider to use the cluster's kubeconfig.
const k8sProvider = new k8s.Provider("myK8sProvider", {
    kubeconfig: cluster.kubeConfigs[0].content.apply(content => Buffer.from(content, 'base64').toString('utf-8')),
});

// Deploy the networking-cilium Helm chart.
const ciliumChart = new k8s.helm.v3.Chart("cilium", {
    chart: "cilium",
    version: "1.10.5", // Use the version you need, this is just an example.
    fetchOpts: {
        repo: "https://helm.cilium.io/",
    },
    // Values from the Helm chart's values.yaml can be provided here.
    values: {
        // Add necessary Cilium configuration values here.
    },
}, { provider: k8sProvider });

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeConfigs[0].content.apply(content => Buffer.from(content, 'base64').toString('utf-8'));

// (Optional) Export the public endpoint of the OKE cluster if you've configured one.
export const clusterEndpoint = cluster.endpoints.apply(e => e.publicEndpoint);
```

### Understanding the Program

- We import the required packages: `pulumi` for general Pulumi stuff, `oci` for Oracle Cloud Infrastructure resources, and `kubernetes` for Kubernetes resources, including Helm charts.
- We create an OKE cluster using `oci.ContainerEngine.Cluster`. Replace `your-compartment-id` and `your-vcn-id` with your actual OCI compartment ID and VCN ID.
- Once the cluster resource is created, we use its `kubeConfigs[0]` attribute to set up a Pulumi Kubernetes Provider.
- With that provider set up, we can use it to create a new Chart resource, which represents the `networking-cilium` Helm chart.
- The `version` property on the Helm chart specifies the version of the chart that you want to install. Make sure to specify a version that is compatible with your cluster.
- The `values` field allows you to customize the Helm chart with the same options you would normally set in a `values.yaml` file.
- In the end, we export the cluster's kubeconfig which you can use with `kubectl` to interact with your cluster, and optionally, the public endpoint of the OKE cluster.

This Pulumi program sets up both the OKE cluster and the Cilium networking plugin through Helm. Make sure you review and adjust the configurations to suit your requirements.

### Next Steps

1. Save the code to a file with a `.ts` extension (e.g., `index.ts`).
2. Run `pulumi up` to create the resources.
3. Use the kubeconfig to connect to your cluster with `kubectl`.

Make sure you've installed all dependencies (`@pulumi/pulumi`, `@pulumi/oci`, `@pulumi/kubernetes`) using npm or yarn before running `pulumi up`. Also, ensure that you've authenticated with OCI in your environment where you run Pulumi.