Deploy the servicemesh-kiali-resource helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy a Helm chart for a service mesh with Kiali on Google Kubernetes Engine (GKE), we'll need to perform a series of steps using Pulumi. Before we start, you need a GCP account and a Pulumi account. You also need to have Pulumi CLI installed and configured for use with your chosen programming language and cloud provider.

Here's what the program will do:
1. Create a GKE cluster where our Helm chart will be deployed.
2. Install and configure the Helm provider to manage Helm releases on this Kubernetes cluster.
3. Define a Helm release for the `servicemesh-kiali-resource` or an equivalent, including necessary configurations.

Below is the TypeScript program which demonstrates these steps:

```typescript
import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";

// Create a GKE cluster
const cluster = new gcp.container.Cluster("my-gke-cluster", {
    initialNodeCount: 2,
    nodeVersion: "latest",
    minMasterVersion: "latest",
    nodeConfig: {
        machineType: "n1-standard-1",
        oauthScopes: [
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring",
        ],
    },
});

// Export the Cluster name
export const clusterName = cluster.name;

// Export the Kubeconfig so Pulumi can connect to the cluster
const kubeconfig = pulumi.
    all([cluster.name, cluster.endpoint, cluster.masterAuth]).
    apply(([name, endpoint, masterAuth]) => {
        const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
        return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
    });

// Create a Kubernetes Provider referencing the new Kubeconfig
const k8sProvider = new k8s.Provider("gkeK8s", {
    kubeconfig: kubeconfig,
});

// Install the Helm chart for the service mesh with Kiali on the GKE cluster
// Refer to the Helm chart repository for `servicemesh-kiali-resource` for its config values
const kialiRelease = new k8s.helm.v3.Release("kiali", {
    chart: "kiali",
    version: "1.29.0", // Specify the chart version you want to deploy
    repositoryOpts: {
        repo: "https://kiali.org/helm-charts", // Use the correct Helm repository URL
    },
    namespace: "istio-system", // Deploy Kiali in the Istio system namespace
    values: {
        // Set the values for the Kiali Helm chart as required
    },
}, { provider: k8sProvider });

// Export the Helm release name
export const kialiReleaseName = kialiRelease.name;
```

Here's an explanation for each part of the program:

1. **Import the required Pulumi packages**: The `@pulumi/gcp`, `@pulumi/kubernetes`, and `@pulumi/pulumi` packages are imported to be used within the program. These packages allow us to define resources related to GCP and Kubernetes.

2. **Create a GKE cluster**: We define a GKE cluster with a specified number of nodes, node version, and the necessary OAuth scopes for the nodes to interact with other GCP services. The `machineType` is set to `n1-standard-1`, which can be adjusted according to your needs.

3. **Export the cluster name**: The name of the GKE cluster is exported so that it can be easily accessed after the deployment.

4. **Generate and export Kubeconfig**: This configuration file enables Pulumi to connect and interact with the Kubernetes cluster. It uses the cluster details and GCP authentication provider.

5. **Create a Kubernetes Provider instance**: This provider uses the generated Kubeconfig, allowing Pulumi to manage Kubernetes resources on the GKE cluster.

6. **Install the Helm chart**: We define a Helm release using Pulumi's Kubernetes provider. This references the Kiali Helm chart and its specific version, along with the Helm repository that contains the chart. The `namespace` and `values` fields should be specified based on how you want to configure Kiali and your service mesh.

Remember to replace `"servicemesh-kiali-resource"` with the actual chart name if it's different, and ensure that you are using the correct chart version and repository URL. For the `values`, provide the configuration according to the Helm chart's documentation.

After this Pulumi program is executed, it will:
- Create a GKE cluster.
- Configure kubectl using the outputted Kubeconfig.
- Deploy the specified Helm chart onto the GKE cluster.

Please remember to replace dummy values like `chart`, `version`, `repositoryOpts.repo`, and values in the chart deployment with the actual values specific to the Kiali Helm chart you intend to deploy.