Deploy the aws-s3-bucket helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy the `aws-s3-bucket` Helm chart on Google Kubernetes Engine (GKE), we'll need to carry out a series of steps that involve setting up a GKE cluster, installing the Helm CLI tool, adding the necessary Helm repositories, and finally deploying the Helm chart.

Here's a high-level overview of the steps we will take in the Pulumi program:

1. **Set up a GKE cluster**: We will create a GKE cluster using Pulumi's Google Cloud (`gcp`) provider.

2. **Install and configure Helm**: As a part of the deployment process, we need to set up Helm on the local machine. Pulumi doesn't manage local software installations, so you should manually install Helm if it is not already installed. Then we'll use Pulumi to configure the Kubernetes provider to interact with the GKE cluster.

3. **Deploy the Helm chart**: With Pulumi's Kubernetes provider, we will then deploy the `aws-s3-bucket` Helm chart to the GKE cluster.

Keep in mind that to follow this explanation and run the code, you must have the Pulumi CLI installed, have a Pulumi account and project set up, have Helm installed on your local machine, and have access to Google Cloud Platform.

Below is a Pulumi TypeScript program that accomplishes the outlined steps:

```typescript
import * as k8s from "@pulumi/kubernetes";
import * as gcp from "@pulumi/gcp";

// Step 1: Create a GKE cluster
const cluster = new gcp.container.Cluster("pulumi-gke-cluster", {
    initialNodeCount: 2,
    minMasterVersion: "latest",
    nodeVersion: "latest",
    nodeConfig: {
        machineType: "n1-standard-1",
        oauthScopes: [ // Defining the set of access scopes to grant to nodes.
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring"
        ],
    },
});

// Export the Cluster name
export const clusterName = cluster.name;

// Export the Kubeconfig
export const kubeconfig = cluster.masterAuth.apply(masterAuth => {
    const context = `${gcp.config.project}_${gcp.config.zone}_${cluster.name}`;
    return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${masterAuth.endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
});

// Step 2: Configure the Kubernetes provider to connect to the GKE cluster
const k8sProvider = new k8s.Provider("k8s-provider", {
    kubeconfig: kubeconfig,
});

// Step 3: Deploy the Helm chart
const awsS3BucketChart = new k8s.helm.v3.Chart("aws-s3-bucket", {
    chart: "aws-s3-bucket",
    version: "0.1.0", // specify the exact chart version
    fetchOpts: {
        repo: "https://helm-charts-repository-url", // replace with the actual Helm repo URL where the aws-s3-bucket chart is located
    },
    // Values to pass to the Helm chart as per the 'aws-s3-bucket' values file.
    values: {
        accessKey: "ACCESS_KEY", // replace with actual AWS access key
        secretKey: "SECRET_KEY", // replace with actual AWS secret key
        region: "us-west-2",
        // ... additional chart values
    },
}, { provider: k8sProvider });

// Export the Helm chart deployment name
export const helmChartName = awsS3BucketChart.releaseName;
```

In the code above:

- We define `gcp.container.Cluster` for creating a GKE cluster with a specified number of nodes and machine types. We ensure that the nodes have the necessary OAuth scopes that grant permissions to the necessary Google services.
  
- After creating the cluster, we build the `kubeconfig` file, which is essential to interact with the Kubernetes cluster. We then create a new Pulumi Kubernetes provider, passing in the `kubeconfig`. The provider will use this configuration to deploy resources to the GKE cluster.
  
- Finally, we deploy the `aws-s3-bucket` Helm chart using `k8s.helm.v3.Chart`, specifying the chart name, version, repository, and values according to the chart's requirements. These values typically contain necessary information like AWS credentials and region, among other chart-specific configurations.

Please ensure you replace placeholders, like `ACCESS_KEY`, `SECRET_KEY`, and `https://helm-charts-repository-url`, with actual values appropriate for your use case.

After you've understood the code steps outlined above and replaced the placeholders, you can execute this Pulumi program by running the following commands in your terminal:

```sh
pulumi up
```

This command will initiate the deployment. Pulumi CLI will display a preview of the resources that will be created and ask for your confirmation before proceeding with the actual deployment.

Remember that you should also configure your AWS credentials and region appropriately for the S3 bucket access to work correctly. However, please note that deploying AWS resources using a Helm chart on a GKE cluster will not create resources on the GCP side; it assumes that the necessary AWS resources are available and the Kubernetes cluster can access them using the credentials provided.