Deploy the istio-local helm chart on Oracle Kubernetes Engine (OKE)

Question

Pulumi · Accepted Answer

Deploying the Istio Helm chart on Oracle Kubernetes Engine (OKE) involves creating a Kubernetes cluster on OKE, configuring your Kubernetes client (`kubectl`) to communicate with the cluster, and finally using Pulumi's Kubernetes API to deploy Helm charts.

Here is a detailed guide and a corresponding Pulumi TypeScript program that deploys the Istio Helm chart on Oracle Kubernetes Engine.

### Step 1: Oracle Kubernetes Engine Cluster
Before deploying the chart, you need to have a running OKE cluster. You can create one using Pulumi's OCI provider.

### Step 2: Configuring `kubeconfig`
Once the cluster is up, you'll retrieve the `kubeconfig` file, which allows `kubectl` to interact with your Kubernetes cluster.

### Step 3: Deploying the Istio Helm Chart
With your cluster running and `kubectl` configured, use Pulumi's `kubernetes.helm.v3.Chart` resource to deploy the Istio Helm chart. This resource is a high-level abstraction over Helm’s functionality that manages the installation of Helm charts into a Kubernetes cluster.

Note: Ensure you have the necessary OCI and Kubernetes provider configuration in place. It includes setting up credentials for OCI and possibly configuring the Kubernetes provider to use the `kubeconfig` you obtained from the OCI cluster.

Below is the Pulumi program that performs these steps:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
import * as k8s from "@pulumi/kubernetes";

// Replace these with appropriate values
const compartmentId = "oci-compartment-id";
const vcnId = "oci-vcn-id";
const clusterName = "istio-enabled-oke-cluster";

// Step 1: Create an Oracle Kubernetes Engine cluster
const cluster = new oci.containerengine.Cluster(clusterName, {
    compartmentId: compartmentId,
    vcnId: vcnId,
    kubernetesVersion: "v1.21.5", // choose a version compatible with Istio
    options: { serviceLbSubnetIds: [] }, // fill in with actual subnet IDs
});

// Step 2: Obtain kubeconfig for the created OKE cluster
// This assumes that there is a mechanism to write kubeconfig to a file.
const kubeconfig = cluster.kubeconfig /* Use the kubeconfig content from the cluster */

// Step 3: Initialize the Kubernetes provider with the obtained kubeconfig
const k8sProvider = new k8s.Provider("oke-k8s-provider", {
    kubeconfig: kubeconfig,
});

// Step 4: Deploy Istio Helm chart
const istioChart = new k8s.helm.v3.Chart("istio", {
    chart: "istio",
    version: "1.10.0", // specify the version of Istio chart you want to deploy
    namespace: "istio-system", // Istio's recommended namespace
    fetchOpts: {
        repo: "https://istio-release.storage.googleapis.com/charts", // Istio's Helm repository
    },
}, { provider: k8sProvider });

// Export the cluster name and kubeconfig
export const clusterName = cluster.name;
export const kubeconfigFile = kubeconfig;

```

In the above program:
- We create a new OKE cluster instance named `istio-enabled-oke-cluster`.
- We obtain the `kubeconfig` that allows us to interact with the OKE cluster.
- We set up a Kubernetes provider, passing the `kubeconfig` to properly authenticate and interact with our OKE cluster.
- We then declare a new Helm chart resource, specifying the Istio chart and selecting its version. Note that we also specify the Helm repository where the Istio chart is located.
- Finally, we export the cluster name for easy reference and the kubeconfig for use with `kubectl`.

Please make sure to replace placeholder values with actual values for your OCI configuration. Also, adjust the versions of the Istio chart and Kubernetes as necessary to match the versions compatible with OKE and your deployment requirements.

Deploy the istio-local helm chart on Oracle Kubernetes Engine (OKE)

Step 1: Oracle Kubernetes Engine Cluster

Step 2: Configuring kubeconfig

Step 3: Deploying the Istio Helm Chart

Step 2: Configuring `kubeconfig`