Deploy the istio-ingress helm chart on Oracle Kubernetes Engine (OKE)

Question

Pulumi · Accepted Answer

To deploy the Istio ingress Helm chart on Oracle Kubernetes Engine (OKE), you will need to perform a series of steps that involve setting up your Oracle cloud environment, configuring Kubernetes, and deploying the Helm chart. This program assumes you have `kubectl` configured to interact with your OKE cluster and that Helm is installed and ready to use.

Here is what we will be doing in the Pulumi program:

1. Create an instance of the OKE cluster. You must have the correct configuration for connecting to your Oracle Cloud Infrastructure (OCI), which includes your tenancy OCID, user OCID, fingerprint, private key, and region.
2. Using the Pulumi `kubernetes` package, we will deploy the Istio ingress Helm chart to your OKE cluster. You'll specify the chart name, the version, and any additional configuration parameters needed for Istio.

Below you'll find a Pulumi program in TypeScript that accomplishes these steps. This example demonstrates creating a Kubernetes cluster in OCI and deploying a Helm chart to it.

Please replace any placeholder values with your actual OCI configuration and desired Istio Helm chart settings.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
import * as k8s from "@pulumi/kubernetes";

// Ensure you replace these values with those specific to your environment and Istio chart needs
const compartmentId = "YOUR_OCI_COMPARTMENT_OCID";
const vcnId = "YOUR_OCI_VCN_OCID";
const kubernetesVersion = "v1.21.5"; // Use a version compatible with Istio
const istioChartVersion = "1.12.1"; // Specify the version of Istio you want to install

// Create an OKE cluster
const cluster = new oci.containerengine.Cluster("ociCluster", {
    compartmentId: compartmentId,
    vcnId: vcnId,
    kubernetesVersion: kubernetesVersion,
    options: {
        // Add any additional options you require for the cluster
    },
});

// Export the Kubernetes cluster name
export const clusterName = cluster.name;

// Once your OKE cluster is created, you need to configure kubectl to point to it.
// Usually, this setup is done outside of the Pulumi program using OCI CLI commands
// or OCI console to obtain the kubeconfig file.

// Now, we'll deploy Istio using its Helm chart.
// Note that to use `k8s.helm.v3.Chart`, you must have kubectl and Helm configured to access your Kubernetes cluster.
const istioNamespace = new k8s.core.v1.Namespace("istio-system", {
    metadata: { name: "istio-system" },
}, { provider: ociProvider });

// Deploy Istio using its Helm chart
const istio = new k8s.helm.v3.Chart("istio-ingress", {
    chart: "istio-ingress",
    version: istioChartVersion,
    namespace: istioNamespace.metadata.name,
    fetchOpts: {
        repo: "https://istio-release.storage.googleapis.com/charts",
    },
    // You can add additional configuration values here as needed
}, { provider: ociProvider });

// Export the Istio ingress service URL
export const istioIngressUrl = istio.getResourceProperty("v1/Service", "istio-system", "istio-ingressgateway", "status")
    .apply(status => status.loadBalancer.ingress[0].ip || status.loadBalancer.ingress[0].hostname);
```

Here's what each part does:

- Imports the required Pulumi, OCI, and Kubernetes packages.
- Specifies the necessary identifiers and versions related to your OCI infrastructure and Istio Helm chart.
- Declares the creation of an OKE cluster with your desired settings using the `oci.containerengine.Cluster` resource. You need to specify `compartmentId`, `vcnId`, and `kubernetesVersion`. [More about OCI Cluster](https://www.pulumi.com/registry/packages/oci/api-docs/containerengine/cluster/).
- Declares a new Kubernetes namespace for Istio using Pulumi's Kubernetes `Namespace` resource.
- Deploys the Istio ingress controller using the `k8s.helm.v3.Chart` resource. It specifies the Helm chart name (`istio-ingress`), the version, and configuration options like the repository URL for fetching the Helm chart. [More about Helm Chart](https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/).
- Exports the name of the Kubernetes cluster and the URL of the Istio ingress service, which you can use to access your Istio-managed services.

Once this code is ready, you run it using the Pulumi CLI to provision your resources on OCI and deploy the Istio ingress controller to your OKE cluster. Remember to replace placeholder strings such as `YOUR_OCI_COMPARTMENT_OCID` and `YOUR_OCI_VCN_OCID` with your actual OCI credentials and resource identifiers.