Deploy the k8s-envoy-sidecar helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy the `k8s-envoy-sidecar` Helm chart on Google Kubernetes Engine (GKE), you need to follow a series of steps:

1. **Set up a GKE Cluster**: This involves creating a Google Kubernetes Engine cluster. A cluster is the foundation of GKE: the Kubernetes objects that represent your containerized applications all run on top of a cluster.

2. **Deploy the Helm Chart**: Helm is a package manager for Kubernetes that allows you to define, install, and upgrade even the most complex Kubernetes applications. Helm charts help you define, install, and upgrade even the most complex Kubernetes application.

Below I'll provide you a detailed Pulumi program written in TypeScript, which includes creating a GKE cluster and deploying the `k8s-envoy-sidecar` Helm chart to that cluster. I assume you have Pulumi CLI and gcloud CLI installed and properly configured to interact with your Google Cloud account.

First, we'll import the necessary packages:

- `@pulumi/gcp` for working with GKE.
- `@pulumi/kubernetes` for deploying the Helm chart to the GKE cluster.

Here is how you can define the above steps in code:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";

// Create a GKE cluster. The following configuration is for a basic cluster setup. Adjust the properties as necessary for your project's requirements.
const cluster = new gcp.container.Cluster("my-cluster", {
    initialNodeCount: 1,
    minMasterVersion: "latest", // It is recommended to specify the latest GKE version
    nodeVersion: "latest",
    nodeConfig: {
        machineType: "e2-medium", // Machine type can be adjusted based on the workload
        oauthScopes: [
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring"
        ],
    },
});

// Export the Cluster name
export const clusterName = cluster.name;

// Export the Kubeconfig file to interact with the GKE cluster
export const kubeconfig = pulumi.
    all([cluster.name, cluster.endpoint, cluster.masterAuth]).
    apply(([name, endpoint, masterAuth]) => {
        const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
        return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
    });

// Initialize a new k8s provider using the kubeconfig obtained from the cluster.
const k8sProvider = new k8s.Provider("k8s-provider", {
    kubeconfig: kubeconfig,
});

// Deploy the `k8s-envoy-sidecar` Helm chart on the GKE cluster using the k8s provider.
const envoyHelmChart = new k8s.helm.v3.Chart("envoy-sidecar", {
    chart: "k8s-envoy-sidecar", // Make sure this matches the name of the Helm chart you intend to deploy
    version: "0.1.0", // Specify the chart version you want to deploy
    namespace: "default", // Choose the namespace to deploy into, or create one if needed
}, { provider: k8sProvider });

// Export the name of the Helm release
export const helmReleaseName = envoyHelmChart.releaseName;
```

Let's explain what the code is doing:

- We create a new GKE cluster with `gcp.container.Cluster`, specifying the initial number of nodes, the Kubernetes version, and node configurations such as machine type and OAuth scopes.

- We export the cluster name and generate the Kubeconfig required to interact with the cluster outside of Pulumi.

- We set up a Kubernetes provider that specifies how to communicate with the GKE cluster using the generated Kubeconfig.

- Finally, we use the Kubernetes provider to deploy the `k8s-envoy-sidecar` Helm chart with `k8s.helm.v3.Chart`.

Make sure to replace the placeholder `k8s-envoy-sidecar` and `0.1.0` with the actual name and version of the Helm chart you intend to use. This Helm chart should exist in a Helm repository that is accessible from your GKE cluster.

Consult the official [Pulumi GCP documentation](https://www.pulumi.com/docs/reference/pkg/gcp/container/cluster/) for the GKE cluster resource and the [Pulumi Kubernetes documentation](https://www.pulumi.com/docs/reference/pkg/kubernetes/helm/v3/chart/) for deploying Helm charts to understand all available options and to tailor the example according to your needs.

Once the Pulumi program is set, run `pulumi up` from your terminal in the directory containing this code to create the GKE cluster and deploy the Helm chart.

Remember, managing cloud resources with IaC tools like Pulumi can incur costs in the cloud provider used. Always be aware of the resources you are creating and their associated costs.