1. Deploy the kubernetes-external-secrets helm chart on Digital Ocean Kubernetes Service


    Deploying a Helm chart on Kubernetes, in this case, kubernetes-external-secrets on DigitalOcean Kubernetes Service (DOKS), involves a few steps:

    1. Provisioning the Kubernetes Cluster: This step creates a DOKS cluster using Pulumi's DigitalOcean provider.
    2. Installing the Helm Chart: This deploys the kubernetes-external-secrets chart onto the DOKS cluster.

    Let's go through each step with the corresponding Pulumi code.

    Step 1: Provisioning the DOKS Cluster

    First, we will provision a DigitalOcean Kubernetes cluster. Here, we make use of the digitalocean.KubernetesCluster resource from the Pulumi DigitalOcean provider. Adjust the nodePool configuration to match your desired capacity and instance size.

    import * as digitalocean from "@pulumi/digitalocean"; const cluster = new digitalocean.KubernetesCluster("do-cluster", { region: "nyc3", version: "latest", // Specify the desired Kubernetes version. nodePool: { name: "default", size: "s-2vcpu-2gb", // Size of the nodes (this is the smallest size). nodeCount: 2, // Number of nodes you want in your DOKS cluster. }, });

    Step 2: Installing the Helm Chart

    For installing the Helm chart, we utilize the kubernetes.helm.v3.Chart resource from Pulumi's Kubernetes provider. This resource facilitates the deployment of Helm charts on a Kubernetes cluster. In this scenario, we're deploying the kubernetes-external-secrets chart from its Helm repository.

    import * as kubernetes from "@pulumi/kubernetes"; // Ensure you have configured the Kubernetes provider to connect to the DOKS cluster. const kubeconfig = cluster.kubeConfigs[0].rawConfig; const provider = new kubernetes.Provider("do-k8s", { kubeconfig }); // Deploy the kubernetes-external-secrets Helm chart on the DOKS cluster. const externalSecretsChart = new kubernetes.helm.v3.Chart("external-secrets", { chart: "kubernetes-external-secrets", version: "8.3.0", // Specify the chart version you want to deploy. fetchOpts: { repo: "https://external-secrets.github.io/kubernetes-external-secrets/", }, }, { provider });

    Putting it all together

    Now let's combine both steps into a single Pulumi program that will set up your DOKS cluster and deploy the kubernetes-external-secrets chart onto it.

    Here’s the complete program:

    import * as digitalocean from "@pulumi/digitalocean"; import * as kubernetes from "@pulumi/kubernetes"; // Create a DigitalOcean Kubernetes cluster. const cluster = new digitalocean.KubernetesCluster("do-cluster", { region: "nyc3", version: "latest", nodePool: { name: "default", size: "s-2vcpu-2gb", nodeCount: 2, }, }); // Export the Kubeconfig so that clients can access the cluster. export const kubeconfig = cluster.kubeConfigs[0].rawConfig; // Kubernetes provider to connect to the created cluster. const provider = new kubernetes.Provider("do-k8s", { kubeconfig: kubeconfig, }); // Deploy the kubernetes-external-secrets Helm chart. const externalSecretsChart = new kubernetes.helm.v3.Chart("external-secrets", { chart: "kubernetes-external-secrets", version: "8.3.0", fetchOpts: { repo: "https://external-secrets.github.io/kubernetes-external-secrets/", }, }, { provider }); // Export the external-secrets chart version being deployed. export const externalSecretsVersion = externalSecretsChart.version;

    Running the Program

    To run this Pulumi program, save the code into a file named index.ts, and then follow these steps:

    1. Initialize a new Pulumi project if you haven't already. You can use pulumi new typescript and then replace the auto-generated index.ts with the content above.
    2. Make sure you have the required Pulumi stack configuration set up.
    3. Run pulumi up to preview and deploy these changes.

    After successful deployment, Pulumi will provision a DOKS cluster, install the Kubernetes provider to connect to this cluster, and then deploy the kubernetes-external-secrets Helm chart onto your cluster using the specified chart version.