Deploy the istio-ingress helm chart on Digital Ocean Kubernetes Service

Question

Pulumi · Accepted Answer

In order to deploy the Istio ingress Helm chart on a Digital Ocean Kubernetes Service (DOKS) using Pulumi, you would need to follow these steps:

1. Set up a new Digital Ocean Kubernetes cluster or use an existing one.
2. Configure Pulumi to use the `digitalocean` and `kubernetes` providers.
3. Use the `kubernetes.helm.v3.Chart` resource to deploy the Istio ingress chart into the DOKS cluster.

Here's a detailed explanation and a program written in TypeScript to accomplish this:

### Prerequisites
- Ensure you have Pulumi CLI installed.
- Ensure you have `kubectl` and `doctl` (Digital Ocean CLI) installed and configured.
- Make sure you have the necessary Digital Ocean and Kubernetes credentials set up in your environment for Pulumi to access.

### Explanation
- **DigitalOcean Kubernetes Cluster**: We are not creating a new cluster in this example, but you would typically use the `digitalocean.KubernetesCluster` resource if you wanted to define one with Pulumi.
- **Providers Configuration**: We use the `kubernetes` provider to interact with the Kubernetes cluster and the `helm` chart. It's configured to use the kubeconfig generated from the Digital Ocean setup. The `digitalocean` provider is used implicitly when creating resources like clusters or other Digital Ocean resources.
- **Helm Chart for Istio Ingress**: The `kubernetes.helm.v3.Chart` resource is a representation of a Helm chart. We'll deploy Istio by specifying the chart name and other configuration details like values and namespace.

### Pulumi Program
```typescript
import * as pulumi from '@pulumi/pulumi';
import * as k8s from '@pulumi/kubernetes';

// Assume we're using an existing cluster with a kubeconfig file already set up by Digital Ocean.
// If not, you would have code here to create a cluster with the `digitalocean.KubernetesCluster` resource.

// Fetch the kubeconfig from file or environment variable.
const kubeconfig = process.env.KUBECONFIG;

// Create a provider to interact with the DOKS.
const k8sProvider = new k8s.Provider('do-k8s', {
    kubeconfig: kubeconfig,
});

// Deploy the Istio ingress using Helm chart.
const istioIngressChart = new k8s.helm.v3.Chart('istio-ingress', {
    chart: 'istio-ingress',
    version: '1.7.3', // Put the desired chart version here
    namespace: 'istio-system', // Deploy in the istio-system namespace, or another of your choice
    fetchOpts: {
        repo: 'https://istio-release.storage.googleapis.com/charts', // The Helm repository URL where the Istio chart is located
    }
}, { provider: k8sProvider });

// Export the chart name of Istio Ingress.
export const istioIngressChartName = istioIngressChart.metadata.apply(m => m.name);

// To apply this Pulumi program run `pulumi up`. This will create the Kubernetes resources defined by the Istio Helm chart on your DOKS cluster.
```

In this program:
- We create a new instance of `k8s.Provider` which allows Pulumi to communicate with your DOKS cluster. You need to have your kubeconfig environment variable (`KUBECONFIG`) set to the path of your Kubernetes configuration file that you get from Digital Ocean.
- The `istioIngressChart` is a representation of the Istio ingress Helm chart that we are deploying to the `istio-system` namespace. You should replace `1.7.3` with the actual version of the Istio ingress chart you wish to deploy.

**Note**: Before running `pulumi up`, make sure to install the Pulumi CLI and login using `pulumi login`. This example assumes that you are logged in and have selected the appropriate stack that represents your deployment environment.

### Next Steps
After running this Pulumi program with `pulumi up`, you will have Istio Ingress running in your DOKS cluster. You can verify the deployment using `kubectl get services -n istio-system` to see Istio services and `kubectl get pods -n istio-system` to check the running pods for Istio.