Deploy the thanos-config helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

In order to deploy the `thanos-config` Helm chart on a Google Kubernetes Engine (GKE) cluster, you will need to follow a few steps using Pulumi. First, you'll create a GKE cluster, and then you'll install the Helm chart onto the cluster. For the purposes of this guide, I'm assuming that the Helm chart `thanos-config` is publicly available or you have it in your local Helm chart repository.

Here is a detailed explanation followed by the Pulumi program in TypeScript:

1. **Set up Pulumi with GCP**: Ensure that Pulumi is installed and configured with your GCP credentials. This typically involves running `pulumi login` and having the `gcloud` CLI available on your system.

2. **Create a GKE Cluster**: We'll use the `@pulumi/google-native` package and create a cluster resource using the `container.v1.Cluster` class. You must provide the required fields such as the project ID, location, and cluster name. Additional fields could be provided based on customization needs.

3. **Install the Helm Chart**: We'll use the `@pulumi/kubernetes` package to install the Helm chart onto the GKE cluster we just created. You'll need to specify the name of the chart, the version (if not using the latest), and any custom values that you want to apply to your Helm chart deployment.

Here's the corresponding Pulumi program in TypeScript:

```typescript
import * as pulumi from '@pulumi/pulumi';
import * as gcp from '@pulumi/gcp';
import * as k8s from '@pulumi/kubernetes';

// Step 1: Create a GKE Cluster
const name = "thanos-cluster";
const cluster = new gcp.container.Cluster(name, {
    initialNodeCount: 1,
    minMasterVersion: "latest",
    nodeVersion: "latest",
    nodeConfig: {
        machineType: "n1-standard-1",
        // Assuming that thanos requires a Persistent Disk. Modify as necessary for your use case.
        oauthScopes: [
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring",
        ],
    },
});

// Export the Cluster name
export const clusterName = cluster.name;

// Export the Kubeconfig file necessary to connect to the cluster
export const kubeconfig = pulumi.
    all([cluster.name, cluster.endpoint, cluster.masterAuth]).
    apply(([name, endpoint, masterAuth]) => {
        const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
        return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
    });

// Step 2: Set up the Helm Release
const helmRelease = new k8s.helm.v3.Release("thanos-config", {
    chart: "thanos",
    version: "0.1.0", // Replace with the desired chart version
    namespace: "default",
    // Specify the custom values for your Helm release
    values: {
        // ... provide your custom values here ...
    },
}, { provider: cluster.getKubeconfig() }); // This assumes `getKubeconfig` is a custom function that you will define to retrieve the kubeconfig from the created GKE cluster.

// Export the Helm Release status
export const helmReleaseStatus = helmRelease.status.apply(status => status);
```

**Explanation of the Pulumi Resources:**

- `gcp.container.Cluster`: This resource is used to create and manage a GKE cluster in Google Cloud. We use `n1-standard-1` as the machine type for our node pool, but this can be changed depending on your requirements. We enable the necessary OAuth scopes required by Thanos and possibly the Helm chart to interact with GCP services.

- `k8s.helm.v3.Release`: This resource represents a Helm chart release in the Kubernetes cluster. It is used to deploy the `thanos-config` Helm chart. We're applying this to the default namespace, but you can target a different one depending on your Kubernetes setup.

**Note:**
- The `version` in `k8s.helm.v3.Release` should be replaced with the actual version of the `thanos-config` Helm chart you wish to deploy.
- The `values` object should be populated with any custom values your Helm chart accepts to configure Thanos properly.

After writing the above program, you should:

- Run `pulumi up` to deploy these resources.
- Run `kubectl get all --kubeconfig=<path-to-generated-kubeconfig>` to verify the status of your thanos-config deployment in the cluster.

Remember, whenever you are referencing a Helm chart that isn't from an official public repository, you'll need to make sure that Pulumi can access the Helm chart's location. If it's in a private repository, you might need to configure additional authentication details.