Deploy the kubernetes-vault helm chart on Google Kubernetes Engine (GKE)
TypeScriptTo deploy the Kubernetes-Vault Helm chart on Google Kubernetes Engine (GKE), you need to complete a few steps:
- Set up a GKE cluster: First, you'll need a running Kubernetes cluster on GKE. You can create one using Pulumi's
gcp.container.Cluster
resource. - Deploy the Helm chart: Once you have the GKE cluster up and running, you can deploy the Kubernetes-Vault Helm chart to your cluster using Pulumi's
kubernetes.helm.v3.Chart
resource.
Below is a TypeScript Pulumi program that demonstrates how to accomplish these steps:
import * as pulumi from "@pulumi/pulumi"; import * as gcp from "@pulumi/gcp"; import * as k8s from "@pulumi/kubernetes"; // Create a GKE cluster const cluster = new gcp.container.Cluster("vault-cluster", { initialNodeCount: 2, nodeConfig: { oauthScopes: [ "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring" ], machineType: "n1-standard-1", }, }); // Export the Cluster name export const clusterName = cluster.name; // Export the Kubeconfig export const kubeconfig = pulumi. all([cluster.name, cluster.endpoint, cluster.masterAuth]). apply(([name, endpoint, masterAuth]) => { const context = `${gcp.config.project}_${gcp.config.zone}_${name}`; return `apiVersion: v1 clusters: - cluster: certificate-authority-data: ${masterAuth.clusterCaCertificate} server: https://${endpoint} name: ${context} contexts: - context: cluster: ${context} user: ${context} name: ${context} current-context: ${context} kind: Config preferences: {} users: - name: ${context} user: auth-provider: config: cmd-args: config config-helper --format=json cmd-path: gcloud expiry-key: '{.credential.token_expiry}' token-key: '{.credential.access_token}' name: gcp `; }); // Create a Kubernetes provider instance that uses our cluster from above. const clusterProvider = new k8s.Provider("gkeK8s", { kubeconfig: kubeconfig, }); // Deploy the Kubernetes-Vault Helm chart using the kubernetes provider created above. const vaultChart = new k8s.helm.v3.Chart("kubernetes-vault", { chart: "vault", version: "0.13.0", // replace with the desired chart version fetchOpts:{ repo: "https://kubernetes-charts.storage.googleapis.com/", // replace with the correct repository if different }, }, { provider: clusterProvider }); // Export the Helm chart deployment details export const vaultChartResources = vaultChart.resources;
This program will create a new GKE cluster with two nodes of type
n1-standard-1
. It also exports a Kubeconfig file that can be used to connect to the cluster withkubectl
or other Kubernetes management tools.Once the cluster is provisioned, this program deploys the Kubernetes-Vault Helm chart to the GKE cluster. Ensure you have the correct repository and chart version. At the time of writing this, you would need to replace
0.13.0
and the repository URL with the current values as they might have changed.Use
pulumi up
to execute the Pulumi program. It will provision the resources in the order specified, handling all dependencies between the resources automatically. After it completes, you will have a GKE cluster running the Kubernetes-Vault Helm chart.Important Note: Before running
pulumi up
, make sure you have authenticated with GCP and set up the Pulumi CLI with the necessary configurations. You may need to replace default project and zone in thekubeconfig
generation with specific values consistent with your GCP setup.- Set up a GKE cluster: First, you'll need a running Kubernetes cluster on GKE. You can create one using Pulumi's