Deploy the kubernetes-vault helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy the Kubernetes-Vault Helm chart on Google Kubernetes Engine (GKE), you need to complete a few steps:

1. **Set up a GKE cluster**: First, you'll need a running Kubernetes cluster on GKE. You can create one using Pulumi's `gcp.container.Cluster` resource.
2. **Deploy the Helm chart**: Once you have the GKE cluster up and running, you can deploy the Kubernetes-Vault Helm chart to your cluster using Pulumi's `kubernetes.helm.v3.Chart` resource.

Below is a TypeScript Pulumi program that demonstrates how to accomplish these steps:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";

// Create a GKE cluster
const cluster = new gcp.container.Cluster("vault-cluster", {
    initialNodeCount: 2,
    nodeConfig: {
        oauthScopes: [
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring"
        ],
        machineType: "n1-standard-1",
    },
});

// Export the Cluster name
export const clusterName = cluster.name;

// Export the Kubeconfig
export const kubeconfig = pulumi.
    all([cluster.name, cluster.endpoint, cluster.masterAuth]).
    apply(([name, endpoint, masterAuth]) => {
        const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
        return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
    });

// Create a Kubernetes provider instance that uses our cluster from above.
const clusterProvider = new k8s.Provider("gkeK8s", {
    kubeconfig: kubeconfig,
});

// Deploy the Kubernetes-Vault Helm chart using the kubernetes provider created above.
const vaultChart = new k8s.helm.v3.Chart("kubernetes-vault", {
    chart: "vault",
    version: "0.13.0", // replace with the desired chart version
    fetchOpts:{
        repo: "https://kubernetes-charts.storage.googleapis.com/", // replace with the correct repository if different
    },
}, { provider: clusterProvider });

// Export the Helm chart deployment details
export const vaultChartResources = vaultChart.resources;
```

This program will create a new GKE cluster with two nodes of type `n1-standard-1`. It also exports a Kubeconfig file that can be used to connect to the cluster with `kubectl` or other Kubernetes management tools.

Once the cluster is provisioned, this program deploys the Kubernetes-Vault Helm chart to the GKE cluster. Ensure you have the correct repository and chart version. At the time of writing this, you would need to replace `0.13.0` and the repository URL with the current values as they might have changed.

Use `pulumi up` to execute the Pulumi program. It will provision the resources in the order specified, handling all dependencies between the resources automatically. After it completes, you will have a GKE cluster running the Kubernetes-Vault Helm chart.

**Important Note**: Before running `pulumi up`, make sure you have authenticated with GCP and set up the Pulumi CLI with the necessary configurations. You may need to replace default project and zone in the `kubeconfig` generation with specific values consistent with your GCP setup.