Deploy the portal helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy a Helm chart onto a Google Kubernetes Engine (GKE) cluster using Pulumi, we first need to ensure that a GKE cluster is set up and reachable. After the cluster is running, we can then use Pulumi to deploy the Helm chart to the cluster.

Below, I will guide you through the process in two stages: first, we'll create the GKE cluster, and second, we'll deploy the Helm chart onto that cluster.

### Creating a GKE Cluster

We are going to use the `gcp.container.Cluster` resource to create a new GKE cluster. This resource requires properties such as the name of the cluster, the location, and the node configuration.

### Deploying the Helm Chart

Once the GKE cluster is up and running, we can deploy the Helm chart to it using the `kubernetes.helm.v3.Chart` resource from Pulumi's Kubernetes provider. This resource allows us to specify the chart version, values, and other configurations to customize our installation.

### Prerequisites

Before running the program, we need the following:

- Pulumi CLI installed and set up.
- Access to a Google Cloud account and a project configured with billing enabled.
- Google Cloud SDK (gcloud) installed and configured for the proper project and account.
- Kubernetes CLI (kubectl) installed.
- Helm 3.x installed if we need to fetch dependencies or configure the chart locally.

Now, let's start with the TypeScript program to perform these tasks:

```typescript
import * as gcp from "@pulumi/gcp";
import * as kubernetes from "@pulumi/kubernetes";

// Create a GKE cluster
const cluster = new gcp.container.Cluster("portal-cluster", {
    initialNodeCount: 2,
    minMasterVersion: "latest",
    nodeVersion: "latest",
    nodeConfig: {
        machineType: "n1-standard-1",
        oauthScopes: [
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring"
        ],
    },
});

// Export the Cluster name and Kubeconfig
export const clusterName = cluster.name;
export const kubeconfig = cluster.endpoint.apply(endpoint => {
    return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${cluster.masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${cluster.name}
contexts:
- context:
    cluster: ${cluster.name}
    user: ${cluster.name}
  name: ${cluster.name}
current-context: ${cluster.name}
kind: Config
preferences: {}
users:
- name: ${cluster.name}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
});

// Create a Kubernetes provider instance that uses our cluster from above.
const k8sProvider = new kubernetes.Provider("k8s-provider", {
    kubeconfig: kubeconfig,
});

// Deploy a Helm chart to the cluster
const portalHelmChart = new kubernetes.helm.v3.Chart("portal", {
    chart: "portal-chart", // The name of the chart
    version: "1.0.0", // The version of the chart
    fetchOpts: {
        repo: "https://charts.example.com/", // Replace with your Helm chart's repository
    },
}, { provider: k8sProvider });

// Export the Helm chart deployment name
export const portalHelmDeploymentName = portalHelmChart.getResource("v1/Service", "portal-chart");
```

In the above program:

1. We create a GKE cluster with two nodes using `gcp.container.Cluster`.
2. Once the cluster is created, we build the kubeconfig needed to access the cluster programmatically from Pulumi.
3. We create a Kubernetes provider using the kubeconfig, which allows Pulumi to interact with the newly created GKE cluster.
4. We then use `kubernetes.helm.v3.Chart` to deploy the portal helm chart to the GKE cluster, specifying the chart and version. Replace `"portal-chart"` and the `repo` property with the name and location of your Helm chart.

To run this Pulumi program, save it in a file with a `.ts` extension, e.g., `deployHelmChart.ts`, and then execute it using the Pulumi CLI:

```shell
pulumi up
```

This command will provision the GKE cluster and deploy the Helm chart as described in the TypeScript program. Make sure you have selected or created a Pulumi stack where this program's resources will live. If this is your first time running a Pulumi program, the CLI will guide you through the process of creating a new stack.