Deploy the argocd-app-bootstrap helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy the `argocd-app-bootstrap` Helm chart on a Google Kubernetes Engine (GKE) cluster using Pulumi, we will follow these steps:

1. **Set up GKE Cluster**: We'll begin by provisioning a GKE cluster. This will be the Kubernetes environment where our Argo CD application will run.
2. **Install Helm Chart**: After the GKE cluster is ready, we will deploy the `argocd-app-bootstrap` Helm chart on this cluster.

For this deployment, we will mainly use two Pulumi resources:
- `gcp.container.Cluster`: This is used to create and manage a GKE cluster ([documentation](https://www.pulumi.com/registry/packages/gcp/api-docs/container/cluster/)).
- `kubernetes.helm.v3.Chart`: This represents a Helm chart resource that will be applied to deploy Argo CD onto the Kubernetes cluster ([documentation](https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/)).

Let's create a Pulumi program in TypeScript to provision the GKE cluster and deploy the `argocd-app-bootstrap` Helm chart on it.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";

// Create a GKE cluster
const cluster = new gcp.container.Cluster("gke-cluster", {
    initialNodeCount: 2,
    minMasterVersion: "latest",
    nodeVersion: "latest",
    nodeConfig: {
        machineType: "n1-standard-1", // Adjust the machine type as needed
        oauthScopes: [
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring",
        ],
    },
});

// Export the Cluster name and Kubeconfig
export const clusterName = cluster.name;
export const kubeconfig = pulumi.all([cluster.name, cluster.endpoint, cluster.masterAuth]).apply(([name, endpoint, auth]) => {
    const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
    return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${auth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
});

// Establish a Kubernetes provider instance using the cluster kubeconfig
const k8sProvider = new k8s.Provider("k8s-provider", {
    kubeconfig: kubeconfig,
});

// Install the argocd-app-bootstrap helm chart
const argocdAppBootstrapChart = new k8s.helm.v3.Chart("argocd-app-bootstrap", {
    chart: "argo-cd",
    version: "3.2.3", // Replace with the desired chart version
    fetchOpts: { // Replace with the repository options where your desired chart is located
        repo: "https://argoproj.github.io/argo-helm",
    },
}, { provider: k8sProvider });

// Export the Argo CD server endpoint
export const argoCdServerEndpoint = pulumi.interpolate`https://${argocdAppBootstrapChart.getResourceProperty("v1/Service", "argocd-server", "status").loadBalancer.ingress[0].ip}`;
```

### Explanation:

- We start by importing the required Pulumi modules.
- We create a GKE cluster with a specified machine type and a set of OAuth scopes that the nodes will have.
- The GKE cluster’s `name`, `endpoint`, and `masterAuth` are used to generate a `kubeconfig` file that we export. This `kubeconfig` is necessary to interact with the Kubernetes cluster.
- We create a `k8s.Provider`, provisioning it with the `kubeconfig`. This Kubernetes provider is used for all subsequent operations on the Kubernetes cluster.
- We then create a `k8s.helm.v3.Chart` resource representing the `argocd-app-bootstrap` Helm chart. Note you might want to replace the `chart`, `version`, and `fetchOpts.repo` with the correct details depending on the Helm Chart you wish to install.
- Finally, we export the Argo CD server endpoint, which assumes that Argo CD is exposed via a LoadBalancer service. This might differ based on how you've configured the Helm chart.

This Pulumi program will provision the necessary infrastructure in GCP and deploy Argo CD using the Helm chart. Remember that you need to have Pulumi installed and configured with the necessary cloud credentials, and you should be authenticated to Google Cloud using the `gcloud` CLI.