Deploy the simple-keycloak helm chart on Google Kubernetes Engine (GKE)
TypeScriptDeploying a Helm chart on Google Kubernetes Engine (GKE) involves several steps. Here's a high-level overview, followed by the Pulumi TypeScript code that accomplishes this:
- Provision a GKE Cluster: Use Pulumi's GCP provider to create a GKE Cluster. This will be the environment where Keycloak will run.
- Install the Helm Chart: Pulumi has a native Kubernetes provider which can be used to deploy Helm charts directly into a Kubernetes cluster.
In this case, we will use the
kubernetes.helm.v3.Chart
resource to deploy thesimple-keycloak
Helm chart onto our GKE cluster. To do this, first, we need to create a Kubernetes cluster in GKE with thegoogle-native.container.v1.Cluster
resource. Once the cluster is up and running, we utilize the Helm Chart resource to deploy Keycloak.Below you'll find the Pulumi TypeScript code to accomplish this deployment:
import * as gcp from "@pulumi/gcp"; import * as k8s from "@pulumi/kubernetes"; import * as pulumi from "@pulumi/pulumi"; // Create a GKE cluster. const cluster = new gcp.container.Cluster("gke-cluster", { initialNodeCount: 2, minMasterVersion: "latest", nodeVersion: "latest", nodeConfig: { preemptible: true, machineType: "e2-medium", oauthScopes: [ "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring", ], }, }); // Export the Cluster name and Kubeconfig so we can easily interact with the Cluster using kubectl export const clusterName = cluster.name; export const kubeconfig = pulumi. all([cluster.name, cluster.endpoint, cluster.masterAuth]). apply(([name, endpoint, masterAuth]) => { const context = `${gcp.config.project}_${gcp.config.zone}_${name}`; return `apiVersion: v1 clusters: - cluster: certificate-authority-data: ${masterAuth.clusterCaCertificate} server: https://${endpoint} name: ${context} contexts: - context: cluster: ${context} user: ${context} name: ${context} current-context: ${context} kind: Config preferences: {} users: - name: ${context} user: auth-provider: config: cmd-args: config config-helper --format=json cmd-path: gcloud expiry-key: '{.credential.token_expiry}' token-key: '{.credential.access_token}' name: gcp `; }); // Create a Kubernetes provider instance that uses our cluster from above. const clusterProvider = new k8s.Provider("gke-k8s", { kubeconfig: kubeconfig, }); // Deploy the simple-keycloak Helm chart. const keycloak = new k8s.helm.v3.Chart("simple-keycloak", { chart: "keycloak", version: "13.0.1", // Use the specific chart version you want to deploy; refer to your helm repository for the correct version. fetchOpts:{ repo: "https://codecentric.github.io/helm-charts", // This is the helm repository where the keycloak chart is hosted. }, values: { persistence: { deployPostgres: true, // Changes this setting according to whether you want an in-cluster Postgres or not. }, // Include here any other values you might want to override from the default chart values. }, }, { provider: clusterProvider }); // Export the Keycloak service endpoint to access it export const keycloakEndpoint = keycloak.getResourceProperty("v1/Service", "simple-keycloak", "status") .apply(status => `http://${status.loadBalancer.ingress[0].ip}:8080`);
Here's what each part of the code is doing:
- We start by importing the necessary Pulumi packages for GCP and Kubernetes.
- Next, we create a GKE cluster with two nodes using the
gcp.container.Cluster
class. We've made the nodespreemptible
to reduce costs, and specified OAuth scopes that the nodes will need. - We define
kubeconfig
which is a configuration file that allows Kubernetes command-line toolkubectl
to access the cluster. - We create a Kubernetes provider
clusterProvider
which is a Pulumi concept that packages the configuration needed to manage Kubernetes resources within the cluster. - We deploy Keycloak using the
k8s.helm.v3.Chart
class, specifying thekeycloak
chart from thecodecentric
Helm chart repository. Thevalues
parameter allows us to override default values from the chart, such as enabling the deployment of a Postgres instance. - Finally, we export the
keycloakEndpoint
which will allow us to access the Keycloak service from outside the cluster.
This code assumes you have Pulumi and
gcloud
CLI set up and configured to interact with your GCP account. When you run this Pulumi program, it will provision the necessary infrastructure and deploy thesimple-keycloak
Helm chart to the GKE cluster. Remember to runpulumi up
from the same directory as your program to initiate the deployment.Make sure to have the Helm repository added that contains the
simple-keycloak
chart if the Helm chart is available from a particular source, and replace thevalues
with the actual values that you want to configure for your Keycloak installation.