Deploy the fusionauth helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy the FusionAuth Helm chart on Google Kubernetes Engine (GKE), we will follow these steps:

1. Set up a GKE cluster.
2. Install the Helm chart for FusionAuth.

Firstly, you will need a GKE cluster, so we will use the `gcp.container.Cluster` [resource](https://www.pulumi.com/registry/packages/gcp/api-docs/container/cluster/) to provision a new Kubernetes cluster on Google Cloud. After creating the cluster, we will configure Pulumi to use the newly created cluster's credentials to deploy applications.

Next, we will use the `kubernetes.helm.sh/v3.Release` [resource](https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm.sh/v3/release/) to install the FusionAuth Helm chart. Helm is a package manager for Kubernetes, which allows us to deploy a pre-packaged application with all needed resources and configurations. Helm charts are the packaging format used by Helm.

Below is a comprehensive TypeScript program that demonstrates how to use Pulumi to create a GKE cluster and deploy FusionAuth to it:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";

// Create a new GCP project and GKE cluster for our application.
const project = new gcp.organizations.Project("fusionauth-project", {
    name: "fusionauth-project",
    projectId: "fusionauth-project-id",
});

const cluster = new gcp.container.Cluster("fusionauth-cluster", {
    initialNodeCount: 2,
    minMasterVersion: "latest", // Ensure the version is compatible with FusionAuth helm chart
    nodeConfig: {
        machineType: "n1-standard-1",
        oauthScopes: [
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring",
        ],
    },
});

// Export the Cluster name and kubeconfig
export const clusterName = cluster.name;
export const kubeConfig = cluster.name.apply(name => {
    return gcp.container.getCluster({
        name: name,
        location: cluster.location,
    }, { async: true }).then(cluster => {
        const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
        return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${cluster.masterAuth.clusterCaCertificate}
    server: https://${cluster.endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
    });
});

// Now deploy FusionAuth with the Helm chart
const fusionAuthRelease = new k8s.helm.v3.Release("fusionauth", {
    chart: "fusionauth",
    version: "0.1.0", // specify the chart version
    repositoryOpts: {
        repo: "https://fusionauth.github.io/charts",
    },
    values: {
        // Configure the necessary values for FusionAuth
    },
}, { provider: new k8s.Provider("k8s-provider", { kubeconfig: kubeConfig }) });

// Export the FusionAuth service URL
export const fusionAuthUrl = pulumi.interpolate`http://${cluster.endpoint}:9011`;
```

This program creates a GCP project and a GKE cluster with the `gcp.container.Cluster` resource. You may need to adjust the `project`, `region`, `nodeCount`, and `machineType` to match your requirements. The `kubeConfig` is retrieved to allow the Pulumi Kubernetes provider to interact with the cluster.

Then, it deploys FusionAuth using the `kubernetes.helm.sh/v3.Release` resource, specifying the name of the chart and the repository where the chart is located. You can customize the `values` to provide any required configuration for FusionAuth based on your needs.

To run this program:

1. Install Pulumi if it isn't already installed.
2. Set up the Pulumi CLI with your GCP credentials and select a profile to use.
3. Create a new Pulumi project using the `pulumi new` command if needed.
4. Copy the above program into `index.ts` in your Pulumi project directory.
5. Run `pulumi up` to preview and deploy the changes.

Please make sure to check the [official FusionAuth Helm chart documentation](https://fusionauth.io/docs/v1/tech/installation-guide/helm/) for any specific configuration values you may need to change to suit your deployment needs.