Deploy the rke2-canal helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

In this program, we will deploy an RKE2 Canal Helm chart to a Google Kubernetes Engine (GKE) cluster using Pulumi with TypeScript.

Canal is a community-driven project that combines [Flannel](https://github.com/flannel-io/flannel) and [Calico](https://github.com/projectcalico/calico) to provide both overlay networking and network policy. The rke2-canal Helm chart installs this combined networking and network policy provider for Kubernetes.

Before we begin, ensure you have the following prerequisites in place:

- Pulumi CLI installed
- Access to a Google Cloud Platform (GCP) account
- GCP configured with Pulumi via `pulumi config set gcp:project PROJECT_NAME` and similar commands for setting the region and zone
- Helm CLI installed (for managing Helm charts)

Now, let's create a Pulumi program to provision a GKE cluster and deploy the rke2-canal Helm chart onto it.

To accomplish this, we'll take the following steps in our program:

1. Provision a GKE cluster using `@pulumi/gcp` module which provides native resources to interface with GCP.
2. Use the `@pulumi/kubernetes` module to interact with Kubernetes resources, including deploying Helm charts.

Here is the Pulumi program written in TypeScript to perform the required steps:

```typescript
import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";

// Step 1: Provision a GKE cluster.
// Details: This will create a GKE cluster with default settings which can be customized as needed.

// Replace these variables with appropriate values if needed.
const gkeClusterName = "rke2-canal-cluster";
const gcpProject = pulumi.config.require("gcp:project");
const gcpZone = pulumi.config.require("gcp:zone");

const cluster = new gcp.container.Cluster(gkeClusterName, {
    initialNodeCount: 2,
    minMasterVersion: "latest",
    nodeVersion: "latest",
    location: gcpZone,
    project: gcpProject,
});

// Export the Cluster name and Kubeconfig
export const kubeconfig = cluster.name.apply(name => {
    return cluster.endpoint.apply(endpoint => {
        return cluster.masterAuth.apply(masterAuth => {
            const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
            return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    client-certificate-data: ${masterAuth.clientCertificate}
    client-key-data: ${masterAuth.clientKey}
    token: ${masterAuth.password}
`;
        });
    });
});

// Step 2: Deploy the rke2-canal Helm chart to the provisioned GKE cluster using the kubeconfig.
// Details: We are using the K8s provider to interact with the GKE cluster and deploy the Helm chart.

// Create a Kubernetes provider instance that uses our kubeconfig.
const k8sProvider = new k8s.Provider("k8sProvider", {
    kubeconfig: kubeconfig,
});

// Deploy the rke2-canal Helm chart using the Kubernetes provider created above.
const canalChart = new k8s.helm.v3.Chart("rke2-canal", {
    chart: "rke2-canal",
    version: "latest", // Use the desired chart version
    fetchOpts: {
        repo: "https://helm.rancher.io", // The repository where the rke2-canal chart is located
    },
}, { provider: k8sProvider });

// Export the GKE cluster name and the rke2-canal Helm chart status
export const gkeClusterStatus = cluster.status;
export const canalChartStatus = canalChart.status;

```
This program starts by importing the necessary Pulumi Google Cloud Platform (`@pulumi/gcp`) and Kubernetes (`@pulumi/kubernetes`) modules. The `@pulumi/pulumi` module is imported for core Pulumi functionalities.

In the `gkeClusterName` variable, we define the name of our GKE cluster. The program assumes that the GCP project and zone information have been set in the Pulumi configuration.

We create a new GKE cluster with a defined initial node count, Kubernetes master version and location. The `kubeconfig` is then constructed using the cluster details which will be used to interact with the GKE cluster through Kubernetes commands.

Next, we instantiate a new `Provider` which is needed to handle Kubernetes resources. This provider references the `kubeconfig` we exported from the GKE cluster output.

In the last section, we deploy the `rke2-canal` Helm chart to the GKE cluster using the instance of the Kubernetes provider. The `repo` option specifies the Helm chart repository location.

The program exports the GKE cluster status and the rke2-canal Helm chart status. These can be monitored using the `pulumi up` command's output.

To execute this Pulumi program:

1. Save the above code in a file with a `.ts` extension (e.g., `index.ts`).
2. Open your terminal, navigate to the directory containing your file, and run `pulumi up`.
3. Follow the on-screen prompts to deploy your resources.

It will create a GKE cluster and deploy the rke2-canal Helm chart onto that cluster. Keep in mind, you need access rights to create resources in your GCP account, and it may incur costs.