Deploy the grafaml helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy the Grafana Helm chart on Google Kubernetes Engine (GKE), you will need to follow these steps. First, you need to set up a GKE cluster to house your Helm chart deployments. Next, you'll use Helm to deploy Grafana onto this cluster. The following Pulumi program creates a GKE cluster and deploys Grafana using the Helm chart. I'll guide you through the code to ensure you understand each part of the process.

### Define GKE Cluster

We use the `google-native.container/v1.Cluster` resource to create a new GKE cluster. This is the foundation where we can deploy applications like Grafana.

Here is the TypeScript code that accomplishes these tasks:

```typescript
import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";

// Create a GCP GKE cluster where we will deploy Grafana.
const cluster = new gcp.container.Cluster("my-gke-cluster", {
  initialNodeCount: 2,
  nodeVersion: "latest",
  minMasterVersion: "latest",
  nodeConfig: {
    preemptible: false,
    machineType: "n1-standard-1",
    oauthScopes: [
      "https://www.googleapis.com/auth/compute",
      "https://www.googleapis.com/auth/devstorage.read_only",
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring"
    ],
  },
});

// Export the Cluster name and Kubeconfig
export const clusterName = cluster.name;
export const kubeconfig = pulumi.
  all([cluster.name, cluster.endpoint, cluster.masterAuth]).
  apply(([name, endpoint, masterAuth]) => {
    const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
    return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        access-token: ${masterAuth.accessToken}
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
});

// Create a Kubernetes Provider instance that uses our cluster from above.
const k8sProvider = new k8s.Provider("my-k8s-provider", {
  kubeconfig: kubeconfig,
});

// Deploy Grafana Helm chart using the new Kubernetes provider.
const grafana = new k8s.helm.v3.Chart("my-grafana", {
  chart: "grafana",
  version: "6.1.17",
  fetchOpts: {
    repo: "https://grafana.github.io/helm-charts",
  },
}, { provider: k8sProvider });

// Export the public Service endpoint of Grafana.
export const grafanaServiceEndpoint = grafana.getResourceProperty(
  "v1/Service", "my-grafana-grafana", "status"
).apply(status => status.loadBalancer.ingress[0].ip);
```

Here's what each part of this code is doing:

1. We import the necessary Pulumi libraries to work with Google Cloud and Kubernetes.
2. We declare a GKE cluster with 2 nodes. The cluster version is set to the latest available version, and we define the necessary OAuth scopes for the nodes.
3. We create a kubeconfig that contains the credentials to connect to the GKE cluster. This kubeconfig will be used by the Kubernetes provider to manage resources in the cluster.
4. We define a Kubernetes provider and pass the kubeconfig from the GKE cluster. This provider directs the Helm chart to be installed on this particular GKE cluster.
5. We use a Helm chart resource to deploy Grafana from its official Helm chart repository. We specify the chart name (`grafana`) and version.
6. Finally, we export the IP endpoint for the Grafana service, grabbing it from the load balancer's ingress, so you can access the Grafana dashboard in a web browser.

Remember to have Helm and the GCP CLI installed and configured on your local machine if you plan to run this Pulumi program locally. Helm will be used by Pulumi to fetch and deploy the Grafana chart, and the GCP CLI will be used to authenticate the Kubernetes provider to your GKE cluster. Make sure you've also set up Pulumi with the proper access to your GCP account.

Once the Pulumi program is executed, you can use the exported `grafanaServiceEndpoint` to access Grafana. Open that IP address in a web browser, and you should see Grafana's login screen. The default login credentials are typically `admin` for both the username and password, unless otherwise configured.

Please read the documentation for [`pulumi/gcp` package](https://www.pulumi.com/registry/packages/gcp/api-docs/) and the [`pulumi/kubernetes` package](https://www.pulumi.com/registry/packages/kubernetes/api-docs/) for more information about the resources used.