Deploy the tempest helm chart on Google Kubernetes Engine (GKE)

Question

Pulumi · Accepted Answer

To deploy a Helm chart on Google Kubernetes Engine (GKE) using Pulumi, we will follow a series of steps:

1. **Create a GKE cluster**: We'll use the `gcp.container.Cluster` resource, which encapsulates a GKE cluster's properties and provides a way to provision a cluster in your GCP project.

2. **Configure kubectl**: This step involves configuring `kubectl` to interact with the newly created GKE cluster, which is necessary for deploying Helm charts.

3. **Deploy the Helm chart**: We'll use the `harness.service.Helm` resource to deploy the Helm chart. The Tempest Helm chart must be available in a Helm repository.

Here's the TypeScript program that accomplishes these tasks, with comments explaining each part:

```typescript
import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";

// Create a GKE cluster.
const cluster = new gcp.container.Cluster("gke-cluster", {
    // ... specify your cluster configuration
    initialNodeCount: 2,
    nodeVersion: "latest",
    minMasterVersion: "latest",
    nodeConfig: {
        machineType: "n1-standard-1",
        oauthScopes: [
            // Scopes for authenticating with GCP services.
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring",
        ],
    },
});

// Export the Kubeconfig for the GKE cluster.
export const kubeconfig = pulumi.all([cluster.name, cluster.endpoint, cluster.masterAuth]).apply(([name, endpoint, masterAuth]) => {
    const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
    return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
});

// Create a Kubernetes provider instance that uses our cluster from above.
const k8sProvider = new k8s.Provider("gkeK8s", {
    kubeconfig: kubeconfig,
});

// Deploy the Tempest Helm chart into the GKE cluster.
const tempest = new k8s.helm.v3.Chart("tempest", {
    chart: "tempest",
    // Assuming 'tempest' is the name of the chart in your repository
    // You'll need to specify the repository too if it is not a stable chart
    // e.g., repository: "https://charts.example.com/",
    version: "1.0.0", // substitute with actual chart version
    // values: { /* override default chart values here if needed */ },
}, { provider: k8sProvider });

// Export the endpoint to access the deployed service, if applicable.
export const tempestEndpoint = tempest.getResourceProperty("v1/Service", "tempest", "status").apply(status => status.loadBalancer?.ingress[0]?.ip);

// To view this endpoint, you can use `pulumi stack output tempestEndpoint` once the application is deployed.
```

Here is an explanation of the program:

- We start by importing necessary Pulumi packages including `@pulumi/gcp` for Google Cloud resources, `@pulumi/kubernetes` for Kubernetes resources, and `@pulumi/pulumi` for core Pulumi functionalities.
- We configure and create a GKE cluster using the `gcp.container.Cluster` resource. You'll have to fill in the desired configuration for your cluster, such as the node count, machine type, and OAuth scopes required for accessing other Google Cloud services.
- The `kubeconfig` is dynamically generated using the output properties of the created cluster, so you can interact with the cluster using `kubectl`.
- We create a Pulumi Kubernetes provider associated with our GKE cluster; this provider is used when deploying the Helm chart. The `kubeconfig` is passed to this provider.
- We then create a new instance of `k8s.helm.v3.Chart`, which represents the Helm chart deployment. We specify the chart name and the version. If the Helm chart is located in a custom repository, you should also specify the `repository` property with the correct URL.
- The last step involves exporting the endpoint to the deployed service, which can be accessed once the service is up and running, through the provided output command.

To run this Pulumi program, save the TypeScript code to a file usually named `index.ts` in your Pulumi project directory. Ensure you have authenticated with GCP and have installed the necessary packages by running `npm install @pulumi/gcp @pulumi/kubernetes @pulumi/pulumi`. Then, execute the program by running `pulumi up`.

Please note that you might need to adjust the Helm chart related settings such as the chart name, repository, and values to match with the Tempest Helm chart you are referring to.