Deploy the tt-workflow helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy a Helm chart on Google Kubernetes Engine (GKE) using Pulumi, we'll need to follow these steps:

1. **Set up a GKE Cluster**: Before deploying any applications, we need a Kubernetes cluster. With Pulumi, we can define and configure a GKE cluster programmatically.

2. **Install the Helm chart**: Once we've set up our GKE cluster, we can deploy applications to it using Helm charts. Pulumi provides a resource type for Helm releases, allowing us to deploy Helm charts in a declarative manner.

Here's a detailed explanation and program to deploy the `tt-workflow` Helm chart on GKE using Pulumi with TypeScript:

### Step 1: Define the GKE Cluster

The `google-native.container/v1.Cluster` resource from the `google-native` package allows us to define a GKE cluster. We'll set up the cluster with the necessary properties such as the location, node configuration, and networking settings.

### Step 2: Deploy the Helm Chart

We'll use the `kubernetes.helm.sh/v3.Release` resource from the `kubernetes` package to deploy the `tt-workflow` Helm chart. This resource will require us to specify the chart name, the repository where the chart is located, the namespace to deploy into, and any values we need to override in the Helm chart's default configuration.

Below is the TypeScript program which carries out these steps:

```typescript
import * as gcp from "@pulumi/gcp";
import * as pulumi from "@pulumi/pulumi";
import * as kubernetes from "@pulumi/kubernetes";

// Create a GKE cluster
const cluster = new gcp.container.Cluster("gke-cluster", {
    initialNodeCount: 3,
    nodeConfig: {
        machineType: "n1-standard-1", // Specify the machine type for the nodes
    },
});

// Export the Kubeconfig
export const kubeconfig = pulumi.all([cluster.name, cluster.endpoint, cluster.masterAuth]).apply(([name, endpoint, masterAuth]) => {
    const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
    return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
});

// Deploy the Helm chart
const helmRelease = new kubernetes.helm.v3.Release("tt-workflow-helm-chart", {
    chart: "tt-workflow",
    // Specify the repository if "tt-workflow" isn't a stable chart;
    // e.g., repository: "http://charts.example.com/",
    namespace: "default", // Which namespace to deploy into
    // values: { /* Any values to override */ }
}, {provider: new kubernetes.Provider("gke-k8s", {kubeconfig})});

// Export the Helm Release status
export const helmReleaseStatus = helmRelease.status;
```

This program performs the following actions:

- It initializes a new GKE cluster with a given name and node configuration. We're using `n1-standard-1` machines for the nodes.
- It creates a `kubeconfig` which will help us interact with the GKE cluster using `kubectl` or other Kubernetes tools.
- It deploys the `tt-workflow` Helm chart to the `default` namespace in the GKE cluster. It assumes that the chart is available in a Helm repository that has already been added to your Helm client.

### Important Notes:

- The actual installation of the Pulumi CLI, setup of the GKE cluster prerequisites (like creating a project and enabling the necessary APIs in Google Cloud), and configuration of `kubectl` are outside the scope of this code.
- If the `tt-workflow` chart requires specific values, you will need to provide them in the `values` field of the `Release` resource definition.
- We're using the `google-native` provider for the GKE cluster and the `kubernetes` provider for Helm. Ensure you have both Pulumi providers configured correctly.
- Credentials management for GKE is handled via the `gcloud` CLI within the kubeconfig. Ensure the `gcloud` CLI is properly configured with credentials on the machine executing Pulumi, or set `kubeconfig` to point to an existing `kubeconfig` file with access to the GKE cluster.

**After running this program with Pulumi up**, the `tt-workflow` Helm chart should be up and running in your GKE cluster.