Deploy the rekor helm chart on Digital Ocean Kubernetes Service
TypeScriptTo deploy the rekor helm chart on Digital Ocean Kubernetes Service using Pulumi, we'll go through the following steps:
-
Create a Kubernetes cluster on Digital Ocean: This will give us the Kubernetes environment where we can deploy Helm charts.
-
Install a Helm chart into the created Kubernetes cluster: We'll install the rekor helm chart which you are interested in.
We'll use two primary resources for these steps:
-
digitalocean.KubernetesCluster
: This Pulumi resource will provision a Kubernetes cluster on Digital Ocean. The cluster will consist of a set pool of nodes (VMs) where your Kubernetes workloads will run. -
kubernetes.helm.v3.Chart
: This resource allows us to deploy a Helm chart into a Kubernetes cluster. Helm is a package manager for Kubernetes, and charts are packages of pre-configured Kubernetes resources.
Let's start with the TypeScript program which accomplishes these steps. Ensure you have Pulumi set up with Digital Ocean as the provider. Please replace
<YOUR_TOKEN>
with your actual Digital Ocean access token.import * as pulumi from '@pulumi/pulumi'; import * as digitalocean from '@pulumi/digitalocean'; import * as k8s from '@pulumi/kubernetes'; // Step 1: Create a Digital Ocean Kubernetes cluster const cluster = new digitalocean.KubernetesCluster('rekor-cluster', { region: 'nyc1', // Replace with your desired region version: 'latest', // Use the latest Kubernetes version, or choose a specific version nodePool: { name: 'default', size: 's-1vcpu-2gb', // The size of the Droplets to run (this is the smallest size) nodeCount: 2, // The number of Droplet instances in the node pool }, }); // Step 2: Deploy the Rekor Helm Chart to the cluster const rekorChart = new k8s.helm.v3.Chart('rekor', { repo: 'sigstore', // Name of the Helm repo chart: 'rekor', // Name of the chart version: '0.1.0', // Version of the chart; specify the version that you want to deploy namespace: 'default', // The namespace in which to deploy the chart }, { provider: new k8s.Provider('k8s-provider', { kubeconfig: cluster.kubeConfigs[0].rawConfig }) }); // Export the cluster's kubeconfig and the Rekor service endpoint if available export const kubeconfig = cluster.kubeConfigs[0].rawConfig; export const rekorServiceEndpoint = rekorChart.getResourceProperty('v1/Service', 'rekor', 'status').apply(status => status.loadBalancer.ingress[0]);
Here is a step-by-step guide explaining the above program:
-
We import the needed packages from Pulumi libraries:
@pulumi/pulumi
for the core constructs,@pulumi/digitalocean
for Digital Ocean resources, and@pulumi/kubernetes
for Kubernetes and Helm related resources. -
We create a new Digital Ocean Kubernetes cluster with
new digitalocean.KubernetesCluster
. Here, we specify the region, the Kubernetes version, and details about the node pool (size of VMs and the number of nodes). -
After the cluster is provisioned, we deploy the rekor Helm chart using the
new k8s.helm.v3.Chart
resource. This requires us to specify the repository where the Helm chart is located and the name of the chart. We also define the version of the chart we want to deploy and in which namespace to deploy it in the Kubernetes cluster. -
Since the Kubernetes cluster and Helm chart are deployed as part of the same Pulumi program, we need to pass the provider configuration to the Helm chart. We do this by creating a new instance of
k8s.Provider
which uses thekubeconfig
from the cluster we created in the first step. -
Lastly, we export the
kubeconfig
of the Kubernetes cluster and the service endpoint for the rekor service, if it is exposed via a LoadBalancer and has an external IP address.
To use this Pulumi TypeScript program:
- Install the required Pulumi packages using
npm
oryarn
by runningnpm install
oryarn install
. - Setup a Digital Ocean token with the necessary access rights.
- Create a new Pulumi project and place this program into the
index.ts
file. - Run
pulumi up
to preview and deploy the resources. - Access the cluster's kubeconfig and rekor service endpoint from the exported variables after deployment.
Remember to populate variables like
<YOUR_TOKEN>
with actual values. Always review and understand the Helm chart values and configurations as they are specific to the application you are deploying. Adjust the chart and chart version to fit the particular version of the rekor Helm chart you intend to deploy.-