Deploy the cloudsql-proxy helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy the `cloudsql-proxy` Helm chart on a Google Kubernetes Engine (GKE) cluster using Pulumi, you first need a GKE cluster. We will define the necessary infrastructure as code using Pulumi in TypeScript.

Here's how you can accomplish this:

1. **Set up a GKE cluster**: We'll start by defining a GKE cluster. For this program, we don't need a complex setup. However, you could customize the cluster configuration based on your requirements.
2. **Install the Helm chart**: After the cluster is up and running, we will install the `cloudsql-proxy` Helm chart using Pulumi's Helm support. You typically use this proxy to allow a Kubernetes service to securely connect to a Google Cloud SQL instance without having to expose it to the public internet.

Below is the TypeScript program that performs these steps. Please make sure you have Pulumi installed and configured with your GCP credentials. The program assumes that you're already logged in to your GCP account and have selected the relevant project.

```typescript
import * as gcp from '@pulumi/gcp';
import * as k8s from '@pulumi/kubernetes';
import * as pulumi from '@pulumi/pulumi';

// Create a GKE cluster
const cluster = new gcp.container.Cluster('my-gke-cluster', {
    initialNodeCount: 2,
    minMasterVersion: 'latest', // Use the latest version of GKE
    nodeVersion: 'latest',
    nodeConfig: {
        preemptible: true,
        machineType: 'n1-standard-1',
        oauthScopes: [
            'https://www.googleapis.com/auth/cloud-platform',
        ],
    },
});

// Export the cluster's kubeconfig
export const kubeconfig = pulumi.
    all([cluster.name, cluster.endpoint, cluster.masterAuth]).
    apply(([name, endpoint, masterAuth]) => {
        const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
        return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
    });

// Create a Kubernetes provider instance using the kubeconfig
const k8sProvider = new k8s.Provider('gke-k8s', {
    kubeconfig: kubeconfig,
});

// Install the cloudsql-proxy helm chart
const cloudsqlProxy = new k8s.helm.v3.Chart('cloudsql-proxy', {
    chart: 'cloudsql-proxy',
    fetchOpts: {
        repo: 'https://your-helm-chart-repository', // Replace with the actual repository URL
    },
    // You will need to set appropriate values based on your Cloud SQL setup
    values: {
        // This section needs to be filled out with your actual values
        /* example value structure 
         instanceConnectionName: 'my-project:my-region:my-instance',
         serviceAccountKey: pulumi.secret('my-service-account-key-data'),
         */
    },
}, { provider: k8sProvider });

// Export the deployment name of the cloudsql proxy
export const cloudsqlProxyName = cloudsqlProxy.metadata.apply(m => m.name);
```

In this program:

- We first import the necessary Pulumi libraries for GCP, Kubernetes, and Pulumi itself.
- We then create a GKE cluster `my-gke-cluster` using the `gcp.container.Cluster` class. We configure it with two nodes, and use pre-emptible VMs to reduce costs. You can adjust the number of nodes, machine type, and other configurations as necessary.
- A kubeconfig is generated and exported so that you can interact with the cluster using tools like `kubectl`.
- We set up a Pulumi Kubernetes provider with the kubeconfig from the GKE cluster, allowing Pulumi to interact with your GKE cluster.
- Next, we use the `k8s.helm.v3.Chart` to install the `cloudsql-proxy` Helm chart to the cluster. You would need to replace the `fetchOpts.repo` with the URL for the repository that hosts the `cloudsql-proxy` chart and provide the appropriate values that are specific to your Google Cloud SQL instance and service account keys.
- Finally, we export the deployment name of the cloudsql-proxy for easy reference.

To apply this Pulumi program, you would:

1. Save this code to a file named `index.ts`.
2. Run `pulumi up` from the command line in the same directory as the file.

Please ensure that you replace the placeholders in the `values` object with your actual Cloud SQL information and point to the correct Helm chart repository URL.