Deploy the ingress-controller helm chart on Oracle Kubernetes Engine (OKE)

Question

Pulumi · Accepted Answer

To deploy the ingress-controller Helm chart on Oracle Kubernetes Engine (OKE), you would typically need to perform the following steps:

1. Set up the OKE cluster and configure your local environment to interact with it through `kubectl`.
2. Install Helm on your local machine.
3. Add the ingress-controller Helm chart repository, if it's not part of the stable repository set.
4. Use Helm to deploy the ingress-controller chart to your OKE cluster.

With Pulumi, we can automate these steps and declare them as code using TypeScript. This provides us with the ability to track the state of our resources, share and repeat deployments, and apply practices such as version control and code review to our infrastructure.

Below, I'll guide you through a Pulumi TypeScript program that performs this deployment:

1. Ensure you have the necessary Pulumi providers installed for interacting with Kubernetes and Oracle Cloud Infrastructure (OCI).
   - The `@pulumi/kubernetes` package is used to interact with Kubernetes clusters.
   - The `@pulumi/oci` package is used to provision and manage resources in Oracle Cloud Infrastructure.

2. Instantiate the OKE cluster using the OCI provider. If you already have a cluster, you can use the Kubernetes provider to configure `kubectl`.

3. Use the Pulumi Kubernetes provider to deploy the ingress-controller Helm chart.

Here's how the program might look like:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
import * as k8s from "@pulumi/kubernetes";

// We begin by creating an Oracle Kubernetes Engine cluster. Here, you will need
// to specify the compartment ID, VCN ID and other cluster-related configurations.
// For this example, we assume these resources are already created and we have their IDs.
const okeCluster = new oci.ContainerEngine.Cluster("okeCluster", {
    // Replace these with actual values from your OCI environment.
    compartmentId: "compartment-id",
    vcnId: "vcn-id",
    kubernetesVersion: "v1.20.8",
    options: {
        serviceLbSubnetIds: ["subnet-id1", "subnet-id2"],
        // Add other options as needed.
    },
});

// Once the cluster is provisioned, we need to fetch the kubeconfig file that will
// allow us to connect to the Kubernetes cluster. The OKE cluster creation can take
// some time so this resource depends on the okeCluster.
const kubeconfig = pulumi.all([okeCluster.name, okeCluster.id]).apply(([name, id]) =>
    oci.ContainerEngine.getClusterKubeconfig({
        name: name,
        clusterId: id,
    }),
);

// Now we use the kubeconfig to configure the Kubernetes provider.
const k8sProvider = new k8s.Provider("oke-k8s", {
    kubeconfig: kubeconfig.rawConfig,
});

// Next, we deploy the ingress-controller Helm chart. Note that you may need to
// replace the chart version with the one you wish to use and potentially add the
// repository where the ingress-controller chart is located using helm.repository(...).
const ingressControllerChart = new k8s.helm.v3.Chart("nginx-ingress", {
    chart: "ingress-nginx",
    version: "3.7.1", // Replace with your desired chart version
    namespace: "kube-system",
    // Values can be customized depending on your ingress-controller requirements.
    values: {
        controller: {
            replicaCount: 2,
            service: {
                type: "LoadBalancer",
            },
        },
    },
}, { provider: k8sProvider });

// Export the endpoint to access the ingress controller. This assumes that the Service
// is of type LoadBalancer, which will not have an endpoint until the service is provisioned.
export const ingressEndpoint = ingressControllerChart.getResourceProperty("v1/Service", "kube-system/nginx-ingress-ingress-nginx-controller", "status")
    .apply(status => status.loadBalancer?.ingress?.[0]?.ip || status.loadBalancer?.ingress?.[0]?.hostname);
```

In this program:

- We create an instance of the OKE cluster with OCI-specific details.
- We retrieve the kubeconfig using `oci.ContainerEngine.getClusterKubeconfig`.
- We set up the Kubernetes provider with the kubeconfig to connect to the cluster.
- We use the `@pulumi/kubernetes` Helm chart resource to deploy the ingress-controller to the Kubernetes cluster created in OKE.

Finally, we export the endpoint of the ingress-controller service. Please note that after the Helm chart is deployed, it might take a few minutes for the LoadBalancer service to receive an external IP address or hostname from the cloud provider.

Before running this Pulumi program, ensure that Pulumi CLI is installed and the OCI configuration is set up with appropriate credentials and default region to communicate with the Oracle Cloud Infrastructure. You can run this program with the Pulumi CLI commands `pulumi up` to create or update resources, and `pulumi destroy` to clean up all resources.

Remember to install the Pulumi OCI and Kubernetes SDKs using npm or yarn before executing the program:

```
npm install @pulumi/pulumi @pulumi/oci @pulumi/kubernetes
```

This should give you a solid starting point to deploy the ingress controller on Oracle Kubernetes Engine using Pulumi.