1. Deploy the harbor-scanner-trivy helm chart on Google Kubernetes Engine (GKE)


    To deploy the Harbor Scanner Trivy Helm chart on Google Kubernetes Engine (GKE), you'll need to follow a few distinct steps:

    1. Create a GKE cluster: Use Pulumi to provision a new GKE cluster. This is where your applications and services will run.

    2. Configure Kubectl: Set up kubectl to communicate with the new GKE cluster so that you can deploy applications onto it.

    3. Deploy the Helm chart: Use Pulumi's Helm support to deploy the Harbor Scanner Trivy chart into your GKE cluster.

    Below is a Pulumi program written in TypeScript that demonstrates how to carry out these steps. Here, we are using Pulumi's @pulumi/kubernetes and @pulumi/gcp packages to create the cluster and deploy the Helm chart to it.

    Before running this program, ensure you have completed the following pre-requisites:

    import * as pulumi from "@pulumi/pulumi"; import * as gcp from "@pulumi/gcp"; import * as k8s from "@pulumi/kubernetes"; // Create a GKE cluster const cluster = new gcp.container.Cluster("my-gke-cluster", { initialNodeCount: 2, minMasterVersion: "latest", nodeVersion: "latest", location: "us-central1", nodeConfig: { machineType: "n1-standard-1", oauthScopes: [ "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring" ], }, }); // Export the Cluster name and Kubeconfig export const clusterName = cluster.name; export const kubeconfig = pulumi.all([cluster.name, cluster.endpoint, cluster.masterAuth]).apply(([name, endpoint, masterAuth]) => { const context = `${gcp.config.project}_${gcp.config.zone}_${name}`; return `apiVersion: v1 clusters: - cluster: certificate-authority-data: ${masterAuth.clusterCaCertificate} server: https://${endpoint} name: ${context} contexts: - context: cluster: ${context} user: ${context} name: ${context} current-context: ${context} kind: Config preferences: {} users: - name: ${context} user: auth-provider: config: cmd-args: config config-helper --format=json cmd-path: gcloud expiry-key: '{.credential.token_expiry}' token-key: '{.credential.access_token}' name: gcp `; }); // Create a Kubernetes provider instance that uses our cluster from above. const k8sProvider = new k8s.Provider("gke-k8s", { kubeconfig: kubeconfig, }); // Deploy the Harbor Scanner Trivy Helm chart into the GKE cluster const trivyChart = new k8s.helm.v3.Chart("trivy", { chart: "harbor-trivy", version: "x.y.z", // Specify the Helm chart version here fetchOpts:{ repo: "https://helm.goharbor.io", // Specify the chart repository URL }, }, { provider: k8sProvider }); // Export the Harbor Trivy service endpoint export const trivyServiceEndpoint = trivyChart.getResourceProperty("v1/Service", "harbor-trivy", "status").apply(status => status.loadBalancer.ingress[0].ip);

    This program sets up the GKE cluster with 2 nodes using a standard machine type (n1-standard-1). Then, it configures the kubectl by exporting kubeconfig which is used by a Pulumi Kubernetes provider to create trivyChart. Here, we are deploying the Harbor Scanner Trivy Helm chart from its repository using Pulumi's Helm Chart resource.

    To run this program:

    1. Save the code to a file with a .ts extension, for example, deploy-trivy.ts.
    2. Run pulumi up to preview and deploy the changes.

    Remember to replace the placeholder x.y.z with the version of the Harbor Scanner Trivy Helm chart that you wish to deploy.

    The last exported variable trivyServiceEndpoint is the endpoint at which the deployed Trivy service can be accessed, once it's provisioned and assigned an IP by GKE's load balancer.