1. Deploy the envoy helm chart on Google Kubernetes Engine (GKE)


    To deploy the Envoy Helm chart on Google Kubernetes Engine (GKE), you'll need to go through several steps using Pulumi. First, you need to create a GKE cluster using the gcp.container.Cluster resource. Then, you'll have to install the Envoy helm chart onto the cluster using the kubernetes.helm.v3.Chart resource.

    We will perform the following steps in our Pulumi program written in TypeScript:

    1. Create a GKE cluster: To manage Kubernetes resources a cluster is required, so we will create one using Pulumi's GCP provider.

    2. Install the Envoy helm chart: After the cluster is up and running, we connect to it and deploy the Envoy Helm chart.

    Below is a Pulumi program that achieves this:

    import * as gcp from "@pulumi/gcp"; import * as k8s from "@pulumi/kubernetes"; // Step 1: Create a GKE cluster const cluster = new gcp.container.Cluster("envoy-cluster", { initialNodeCount: 2, nodeVersion: "latest", minMasterVersion: "latest", nodeConfig: { preemptible: true, machineType: "n1-standard-1", oauthScopes: [ "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring" ], }, }); // Export the Cluster name export const clusterName = cluster.name; // Export the Cluster kubeconfig to connect to the Cluster from our local machine export const kubeconfig = cluster.endpoint.apply(endpoint => cluster.name.apply(name => cluster.masterAuth.apply(masterAuth => { const context = `${gcp.config.project}_${gcp.config.zone}_${name}`; return `apiVersion: v1 clusters: - cluster: certificate-authority-data: ${masterAuth.clusterCaCertificate} server: https://${endpoint} name: ${context} contexts: - context: cluster: ${context} user: ${context} name: ${context} current-context: ${context} kind: Config preferences: {} users: - name: ${context} user: auth-provider: config: cmd-args: config config-helper --format=json cmd-path: gcloud expiry-key: '{.credential.token_expiry}' token-key: '{.credential.access_token}' name: gcp `; }))); // Step 2: Install the Envoy Helm chart const envoyChart = new k8s.helm.v3.Chart("envoy", { chart: "envoy", fetchOpts: { repo: "https://envoy.github.io" }, }, { provider: new k8s.Provider("k8s-provider", { kubeconfig }) });

    In the above program, follow these main points:

    • A new GKE cluster named envoy-cluster is created with 2 nodes using standard machine types. The cluster is configured with the required OAuth scopes that allow it to interact with other Google Cloud services.

    • The kubeconfig is generated and exported so that you can use it to connect to the GKE cluster from your local machine using the kubectl command or other Kubernetes tools.

    • The envoyChart represents the Helm chart for Envoy. It is installed using the Pulumi's Kubernetes provider, which uses the exported kubeconfig of the GKE cluster.

    Make sure to replace the envoy in chart: "envoy" with the actual chart name or URL if it's different, and adjust the repo accordingly.

    To deploy this Pulumi program, make sure you've installed Pulumi CLI, have authenticated with GCP, and set up the required GCP project settings. Then you can run pulumi up to create the resources.

    If this is the first time deploying the application, Pulumi will ask you to save the stack, typically named dev or something similar. Once you confirm the details of the resources being created, Pulumi will proceed with the deployment.

    Remember to manage the resources properly. After you’re done with the application, you can run pulumi destroy to tear down all resources to avoid incurring unnecessary charges.