Deploy the envoy helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy the Envoy Helm chart on Google Kubernetes Engine (GKE), you'll need to go through several steps using Pulumi. First, you need to create a GKE cluster using the `gcp.container.Cluster` resource. Then, you'll have to install the Envoy helm chart onto the cluster using the `kubernetes.helm.v3.Chart` resource.

We will perform the following steps in our Pulumi program written in TypeScript:

1. **Create a GKE cluster**: To manage Kubernetes resources a cluster is required, so we will create one using Pulumi's GCP provider.

2. **Install the Envoy helm chart**: After the cluster is up and running, we connect to it and deploy the Envoy Helm chart.

Below is a Pulumi program that achieves this:

```typescript
import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Create a GKE cluster
const cluster = new gcp.container.Cluster("envoy-cluster", {
    initialNodeCount: 2,
    nodeVersion: "latest",
    minMasterVersion: "latest",
    nodeConfig: {
        preemptible: true,
        machineType: "n1-standard-1",
        oauthScopes: [
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring"
        ],
    },
});

// Export the Cluster name
export const clusterName = cluster.name;

// Export the Cluster kubeconfig to connect to the Cluster from our local machine
export const kubeconfig = cluster.endpoint.apply(endpoint => cluster.name.apply(name => cluster.masterAuth.apply(masterAuth => {
    const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
    return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
})));

// Step 2: Install the Envoy Helm chart
const envoyChart = new k8s.helm.v3.Chart("envoy", {
    chart: "envoy",
    fetchOpts: { repo: "https://envoy.github.io" },
}, { provider: new k8s.Provider("k8s-provider", { kubeconfig }) });
```

In the above program, follow these main points:

- A new GKE cluster named `envoy-cluster` is created with 2 nodes using standard machine types. The cluster is configured with the required OAuth scopes that allow it to interact with other Google Cloud services.

- The `kubeconfig` is generated and exported so that you can use it to connect to the GKE cluster from your local machine using the `kubectl` command or other Kubernetes tools.

- The `envoyChart` represents the Helm chart for Envoy. It is installed using the Pulumi's Kubernetes provider, which uses the exported `kubeconfig` of the GKE cluster.

Make sure to replace the `envoy` in `chart: "envoy"` with the actual chart name or URL if it's different, and adjust the `repo` accordingly.

To deploy this Pulumi program, make sure you've installed Pulumi CLI, have authenticated with GCP, and set up the required GCP project settings. Then you can run `pulumi up` to create the resources.

If this is the first time deploying the application, Pulumi will ask you to save the stack, typically named `dev` or something similar. Once you confirm the details of the resources being created, Pulumi will proceed with the deployment.

Remember to manage the resources properly. After you’re done with the application, you can run `pulumi destroy` to tear down all resources to avoid incurring unnecessary charges.