Deploy the istio-egress-gateway helm chart on Kubernetes

Question

Pulumi · Accepted Answer

To deploy the Istio Egress Gateway using a Helm chart on Kubernetes with Pulumi, you will need to use the Helm chart resource from Pulumi's Kubernetes provider. Istio is an open-source service mesh that provides a uniform way to secure, connect, and monitor microservices. The Egress Gateway in Istio allows you to define what services can access services outside the cluster.

Here’s a step-by-step breakdown of what we’ll do in the Pulumi program:

1. Import necessary Pulumi and Kubernetes packages.
2. Create a Helm chart resource for the Istio Egress Gateway using the `kubernetes.helm.v3.Chart` class.
3. Specify the chart name, which is 'istio-egressgateway' if you're using the official Istio Helm repository (assuming it's added to your Helm repositories).
4. Set up the values that should be customized as per your requirements. You may need to change these or add additional values based on your specific use case.
5. Deploy the Helm chart to your Kubernetes cluster.

Assuming you have already configured Pulumi with the appropriate credentials to access your Kubernetes cluster, here's how you can define your Pulumi program in TypeScript:

```typescript
import * as kubernetes from "@pulumi/kubernetes";

// Create an instance of the Istio Egress Gateway Helm Chart.
const istioEgressGateway = new kubernetes.helm.v3.Chart("istio-egress-gateway", {
    // Specify the chart repository options.
    // If you have added the istio repository to your Helm CLI, you can use just the name.
    // Otherwise, you will also need to specify the repository URL.
    chart: "istio-egressgateway",
    fetchOpts:{
        repo: "https://istio-release.storage.googleapis.com/charts",
    },
    // Specify the namespace where the egress gateway should be deployed.
    // If the 'istio-system' namespace is not pre-created, you should create it using Pulumi as well.
    namespace: "istio-system",
    // Set the values for the chart here. These are the configuration options for the egress gateway.
    // This example enables some common options, but you should tailor these to your own requirements.
    values: {
        // Replica count for the egress gateway
        replicaCount: 1,

// Resources requests and limits for the egress gateway
        resources: {
            requests: {
                cpu: "100m",
                memory: "128Mi",
            },
            limits: {
                cpu: "500m",
                memory: "256Mi",
            },
        },

// Additional configuration here...
    },
});

// Export the external IP address of the egress gateway if it is exposed via a LoadBalancer service.
// This is useful to know the entry point for accessing services through the egress gateway.
export const egressGatewayIp = istioEgressGateway.getResourceProperty(
    "v1/Service",
    "istio-system/istio-egressgateway",
    "status"
).apply(status => (status as any).loadBalancer.ingress[0].ip);

```

In this code snippet, we:

- Import the `@pulumi/kubernetes` package to interact with your Kubernetes cluster through Pulumi.
- Create a Helm chart resource (`kubernetes.helm.v3.Chart`) for managing the Istio Egress Gateway Helm chart deployment within your Kubernetes cluster, while specifying the chart name and repository.
- Set a few example values (like `replicaCount` and `resources`) but you should check the [official documentation](https://istio.io/latest/docs/setup/additional-setup/egress/) for Istio Egress Gateway to understand all available options and customize this to suit your scalability and performance needs.
- If the service type is `LoadBalancer`, we export the external IP address, so you can easily know where your egress gateway is reachable.

Before running this Pulumi program, make sure you have access to a Kubernetes cluster with Istio installed or the permissions to install Istio if you're setting up a new cluster. After you run this Pulumi program, it will deploy the Istio Egress Gateway to the specified namespace in your Kubernetes cluster.