Deploy the ghcr-auth helm chart on Digital Ocean Kubernetes Service

Question

Pulumi · Accepted Answer

To deploy a Helm chart on a Digital Ocean Kubernetes Service (DOKS) cluster using Pulumi, we need to follow these steps:

1. Set up the DigitalOcean Kubernetes cluster.
2. Install the Helm chart on the cluster.

We'll use the `digitalocean.KubernetesCluster` resource to create a new DOKS cluster and the `kubernetes.helm.sh/v3.Chart` resource to deploy our `ghcr-auth` Helm chart.

First, ensure that you have the Pulumi CLI installed and configured with the necessary accounts. You'll need to authenticate with DigitalOcean and have access to the Docker image in the GitHub container registry.

Below you'll find a Pulumi TypeScript program that defines the necessary infrastructure to achieve this deployment.

### Prerequisite:
- Have `pulumi` and `kubectl` commands installed.
- Set up DigitalOcean and Docker token/API access via environment variables or the Pulumi configuration system.

### Detailed Explanation:

1. **DigitalOcean Kubernetes Cluster:** The `digitalocean.KubernetesCluster` resource facilitates the creation of a DOKS cluster. We need to define the region, node size, and node count, among other things.

2. **Helm Chart Deployment:** The `kubernetes.helm.sh/v3.Chart` resource enables us to deploy a Helm chart into a Kubernetes cluster. We'll specify the chart name and the repository where it's located. Optionally, we can also provide any custom values we'd like to apply to the chart.

Now, let's create the Pulumi program:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as digitalocean from "@pulumi/digitalocean";
import * as kubernetes from "@pulumi/kubernetes";

// Create a DigitalOcean Kubernetes cluster
const cluster = new digitalocean.KubernetesCluster("do-cluster", {
    region: "nyc3",
    version: "latest",
    nodePool: {
        size: "s-2vcpu-2gb",
        nodeCount: 3,
    },
});

// Export the DigitalOcean kubeconfig
export const kubeconfig = cluster.kubeConfigs[0].rawConfig;

// Set up a provider to use the generated kubeconfig from the cluster above
const k8sProvider = new kubernetes.Provider("k8s-provider", {
    kubeconfig: cluster.kubeConfigs[0].rawConfig,
});

// Deploy the ghcr-auth helm chart using the k8s provider
const ghcrAuthChart = new kubernetes.helm.sh.v3.Chart("ghcr-auth-chart", {
    chart: "ghcr-auth",
    version: "1.0.0",
    // The repository containing the ghcr-auth chart. Substitute this with the actual repository URL.
    repositoryOpts: {
        repo: "https://example.com/charts",
    },
    namespace: "default",
}, { provider: k8sProvider });

// Export the Helm chart's status
export const ghcrAuthChartStatus = ghcrAuthChart.status;
```

In the provided program, substitute the `repositoryOpts.repo` property with the actual URL of the Helm chart repository where `ghcr-auth` is hosted.

To apply this Pulumi program, save it in a file named `index.ts`, then, in the same directory, run `pulumi up`. This command will start provisioning the resources defined in the program. The output will give you status updates and any errors that may occur during provisioning.

It's important to review the changes that Pulumi proposes before confirming the update. If everything looks correct, select `yes` when prompted to apply the changes.

After the deployment is successful, you will see the Kubernetes cluster's kubeconfig and the status of the Helm chart deployment in the terminal. You can use this kubeconfig with `kubectl` or other Kubernetes tools to access your Kubernetes cluster.