Deploy the jx-app-anchore helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy the `jx-app-anchore` Helm chart on Google Kubernetes Engine (GKE), we will follow these steps:

1. **Create a GKE Cluster**: We'll start by defining a GKE cluster resource using Pulumi's `google-native.container.v1beta1.Cluster` resource. This represents a Kubernetes cluster on GCP.

2. **Configure Kubeconfig**: After creating the cluster, we'll obtain the kubeconfig file that allows us to interact with the cluster using `kubectl` and other Kubernetes tools.

3. **Deploy Helm Chart**: Finally, we'll use Pulumi's `kubernetes.helm.v3.Chart` resource to deploy the `jx-app-anchore` Helm chart to our GKE cluster.

Below is the TypeScript program that accomplishes this task:

```typescript
import * as gcp from '@pulumi/gcp';
import * as k8s from '@pulumi/kubernetes';
import * as pulumi from '@pulumi/pulumi';

// Step 1: Create a GKE cluster
const cluster = new gcp.container.Cluster('gke-cluster', {
    initialNodeCount: 1,
    minMasterVersion: 'latest',
    nodeVersion: 'latest',
    nodeConfig: {
        machineType: 'n1-standard-1',
        oauthScopes: [
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring"
        ],
    },
});

// Export the Cluster name
export const clusterName = cluster.name;

// Step 2: Configure Kubeconfig
const kubeconfig = pulumi.
    all([ cluster.name, cluster.endpoint, cluster.masterAuth ]).
    apply(([ name, endpoint, masterAuth ]) => {
        const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
        return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
    });

// Export the Kubeconfig
export const kubeConfig = kubeconfig;

// Step 3: Deploy jx-app-anchore Helm chart
const jxAppAnchore = new k8s.helm.v3.Chart('jx-app-anchore', {
    chart: 'jx-app-anchore',
    version: '0.0.1', // Specify the version of the Helm chart you want to deploy
    fetchOpts:{
        repo: 'https://charts.jenkins-x.io', // Specify the Helm chart repository
    },
}, { provider: new k8s.Provider('k8s-provider', {kubeconfig}) });

// Export the Helm chart name
export const helmChartName = jxAppAnchore.chart;
```

This program does the following:

- Defines a GKE cluster with the required node configuration, including machine type and OAuth scopes.
- Exports the cluster name, which is generated by Pulumi and is needed to interact with the cluster.
- Generates a kubeconfig file that allows you to connect to the GKE cluster using the Kubernetes CLI `kubectl`.
- Exports this kubeconfig so you can easily set your KUBECONFIG environment variable to this output for `kubectl` use.
- Deploys a specific version of the `jx-app-anchore` Helm chart from the Jenkins X chart repository to the GKE cluster.
- Utilizes the generated kubeconfig to create an instance of the Pulumi Kubernetes provider to interact with the GKE cluster.
- Exports the name of the deployed Helm chart.

To run this Pulumi program, you need to have Pulumi installed and configured with your GCP credentials. You would place this code in a file (e.g., `index.ts`), run `pulumi up`, and Pulumi will perform the necessary steps to provision the resources and deploy the Helm chart on GKE.