Deploy the tyk-oss helm chart on Oracle Kubernetes Engine (OKE)

Question

Pulumi · Accepted Answer

To deploy the `tyk-oss` Helm chart on Oracle Kubernetes Engine (OKE), you'll need to follow these steps:

1. Provision an Oracle Kubernetes Engine (OKE) cluster with the necessary configurations.
2. Install the Tyk open-source (OSS) Helm chart onto the OKE cluster.

We will use Pulumi's TypeScript SDK to define the necessary infrastructure as code. Pulumi provides a Kubernetes provider that can be used to interact with Kubernetes clusters, including OKE managed by Oracle Cloud Infrastructure (OCI).

Here's an outline of what the Pulumi program will do:

- Set up the OCI provider to manage resources in Oracle Cloud.
- Provision an OKE cluster using Pulumi's OCI provider.
- Define a Kubernetes provider that will interact with the provisioned OKE cluster.
- Use Pulumi's Helm chart resource to deploy `tyk-oss` onto the OKE cluster.

### The Pulumi Program for Deploying tyk-oss Helm Chart on OKE

Below is a Pulumi TypeScript program that accomplishes this deployment:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
import * as k8s from "@pulumi/kubernetes";

// We assume you have Oracle Cloud configured with the correct credentials.
// For this program, you would need to have your OCI configuration preset.
// It usually involves setting OCI specific environment variables or a configuration file.

const config = new pulumi.Config();
const compartmentId = config.require("compartmentId"); // OCI Compartment ID where the resources will be provisioned.

// Create an OKE cluster
const cluster = new oci.containerengine.Cluster("my-oke-cluster", {
    // You need to provide your compartments ID.
    compartmentId: compartmentId,
    // Configure VCN, subnets, and other networking resources as needed.
    // This example keeps it simple without detailed network configuration.
});

// To interact with your Kubernetes cluster, you require kubeconfig.
// OCI provides a way to generate kubeconfig for OKE clusters.
const kubeconfig = pulumi.
    all([cluster.id, compartmentId]).
    apply(([clusterId, compartmentId]) =>
        oci.containerengine.getClusterKubeconfig({
            clusterId: clusterId,
            compartmentId: compartmentId,
        })
    );

// Instantiate a Kubernetes provider with the obtained kubeconfig from OKE.
const k8sProvider = new k8s.Provider("k8s-provider", {
    kubeconfig: kubeconfig.rawConfig, // Using the raw kubeconfig string.
});

// Now, you prepare to deploy the Tyk OSS Helm chart onto the cluster using Pulumi’s Helm Release resource.
const tykOssChart = new k8s.helm.v3.Chart("tyk-oss", {
    chart: "tyk-headless",
    version: "0.6.0", // You may need to update the version number to the latest supported version.
    fetchOpts: {
        repo: "https://helm.tyk.io/public/helm/charts/", // Repository URL where the chart is located.
    },
}, { provider: k8sProvider });

// Export the resulting Kubernetes cluster endpoint to access your Tyk Dashboard
export const kubeClusterEndpoint = cluster.endpoints.apply(e => e.publicEndpoint);
```

In the above program, replace `"compartmentId"` with your actual OCI Compartment ID. In OCI, compartments are a way to organize resources within your tenancy (account) and can contain resources such as cloud networks and compute instances.

Once the program is executed with Pulumi (`pulumi up`), it will provision a new Oracle Kubernetes Engine cluster within your OCI compartment. After setting up the cluster, the program creates a Pulumi Kubernetes provider, which is used to link Pulumi with the OKE cluster. With this link in place, the `tyk-oss` Helm chart is deployed on the cluster.

**Note:** Before running the program, make sure you have Pulumi CLI installed and configured for TypeScript, and that your environment is set up to authenticate with Oracle Cloud Infrastructure.

After deploying the chart, you can use the exported `kubeClusterEndpoint` value to connect to your Kubernetes cluster. You can then proceed to interact with the `tyk-oss` services as you would normally do with any Kubernetes application, such as port forwarding to access the dashboard from your local machine if needed.

Remember to keep your OCI tokens and credentials secure, and understand any costs associated with provisioning cloud resources through Pulumi on OCI.