Deploy the pomerium-console helm chart on Kubernetes

Question

Pulumi · Accepted Answer

In this program, we will deploy a Helm chart for pomerium-console on a Kubernetes cluster using Pulumi. Pomerium is an identity-aware proxy that enables secure access to internal applications. The pomerium-console Helm chart will set up Pomerium’s Console UI in your Kubernetes cluster.

For this task, we will use the kubernetes.helm.v3.Chart resource provided by Pulumi’s Kubernetes provider. This resource will handle fetching the Helm chart from a specified repository, and deploying it to the Kubernetes cluster that Pulumi is connected to.

We assume you have kubectl configured to communicate with your Kubernetes cluster and pulumi CLI installed and configured for use.

Here's a step-by-step TypeScript program for deploying the pomerium-console Helm chart:

We'll import the necessary Pulumi and Kubernetes packages.
We'll specify the Helm chart we wish to install, including its version and any custom values required for the deployment.

Here is the program:

import * as k8s from '@pulumi/kubernetes';

// Pomerium Console Helm chart settings.
const pomeriumConsoleChart = new k8s.helm.v3.Chart('pomerium-console', {
    chart: 'pomerium-console',
    version: '<chart_version>', // Specify the chart version you want to deploy
    fetchOpts: {
        repo: 'https://helm.pomerium.io', // Pomerium's Helm repository URL
    },
    // Define any custom values you need to provide to your Pomerium Console chart.
    // Refer to the chart's values.yaml for the full list of configuration options.
    values: {
        // Example: Set the Pomerium Console's image tag
        // image: {
        //     tag: 'v0.10.0',
        // },
        
        // Example: Set the Ingress to expose the console
        // ingress: {
        //     enabled: true,
        //     annotations: { "kubernetes.io/ingress.class": "nginx" },
        //     hosts: [{ host: "console.example.com", paths: ["/"] }]
        // }
    },
});

// Export the URL for the Pomerium Console.
// Adjust this based on how you've set up your ingress or service to extract the correct endpoint.
export const pomeriumConsoleUrl = pomeriumConsoleChart.getResourceProperty('v1/Service', 'pomerium-console', 'status').apply(status => {
    const ingress = status.loadBalancer.ingress[0];
    if (ingress.ip) return `http://${ingress.ip}`;
    if (ingress.hostname) return `http://${ingress.hostname}`;
    return undefined;
});

Explanation:

@pulumi/kubernetes: This is the Pulumi package which provides resources for managing Kubernetes resources.
k8s.helm.v3.Chart: This resource type is used to install Helm charts into Kubernetes clusters.
chart: The name of the Helm chart to install.
version: The version of the Helm chart you want to deploy.
fetchOpts: Configuration object specifying the chart's repository details.
values: This key allows you to provide a set of customized values to the Helm chart. The customization required would depend on the specific configuration needs of the Pomerium Console Helm chart.

Make sure to replace <chart_version> with the actual version of the Pomerium Console chart you wish to deploy. This information can be typically found in the Helm repository or the documentation for the chart.

Also, customize the values property based on the configuration parameters specific to the Pomerium Console Helm chart and the needs of your deployment. Commented out in the values are examples that set the image tag and configure Ingress for exposing the console.

After the deployment, we're exporting the URL of the Pomerium Console so that you can access it easily from a web browser. The URL extraction assumes that the service is exposed via a load balancer; if your setup differs, you'll need to extract the appropriate endpoint details.

To run this program, save it to a file such as index.ts, then execute pulumi up in the terminal in the same directory. This command will prompt Pulumi to perform the deployment described by the program. After deployment, Pulumi will output the exported pomeriumConsoleUrl.