1. Deploy the jaeger-cert-manager helm chart on Google Kubernetes Engine (GKE)


    To deploy the Jaeger Helm chart with the cert-manager for SSL certificates on Google Kubernetes Engine (GKE), you'll need to follow these steps:

    1. Set up a GKE cluster.
    2. Install cert-manager Helm chart which is a prerequisite for automatically managing certificates.
    3. Deploy the Jaeger Helm chart with the appropriate configuration to use cert-manager.

    Below is a Pulumi program written in TypeScript that demonstrates how to accomplish these steps.

    Pulumi Program Explanation

    Before writing the Pulumi code, ensure you have set up:

    • Pulumi CLI and account: Make sure that you have Pulumi CLI installed and have an account set up. Log in via the CLI to your Pulumi account.
    • Google Cloud SDK: Install and configure the gcloud tool with the credentials necessary for Pulumi to access your GKE resources.

    The following Pulumi program defines:

    • A new GKE cluster resource.
    • A Kubernetes provider that uses the created GKE cluster's kubeconfig.
    • The cert-manager Helm chart installation into the GKE cluster.
    • The Jaeger Helm chart installation with a reference to cert-manager for certificates.

    Google Kubernetes Engine (GKE) Cluster Creation

    The program begins by creating a new GKE cluster using the google-native.container/v1beta1.Cluster resource. This will set up a Kubernetes cluster in GCP.

    Kubernetes Provider Configuration

    The Kubernetes provider allows Pulumi to deploy resources to the GKE cluster. The provider needs the kubeconfig generated from the newly created GKE cluster to interact with it.

    Cert-Manager Helm Chart Installation

    After setting up the GKE cluster and Kubernetes provider, cert-manager is installed using the kubernetes-cert-manager.CertManager Helm chart. This sets up the certificate management on the cluster that Jaeger requires to operate with TLS.

    Jaeger Helm Chart Deployment

    Finally, the Jaeger Helm chart is deployed using the harness.service.Helm Helm chart. The configuration for the chart should specify that cert-manager is used to manage its certificates.

    Let's go ahead and see the code for these steps:

    import * as pulumi from '@pulumi/pulumi'; import * as gcp from '@pulumi/gcp'; import * as k8s from '@pulumi/kubernetes'; // Step 1: Create a GKE cluster const cluster = new gcp.container.Cluster("gke-cluster", { initialNodeCount: 2, minMasterVersion: "latest", nodeVersion: "latest", nodeConfig: { machineType: "n1-standard-1", oauthScopes: [ "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring" ], }, }); // Export the cluster's kubeconfig export const kubeconfig = pulumi.all([cluster.name, cluster.endpoint, cluster.masterAuth]).apply( ([name, endpoint, masterAuth]) => { const context = `${gcp.config.project}_${gcp.config.zone}_${name}`; return `apiVersion: v1 clusters: - cluster: certificate-authority-data: ${masterAuth.clusterCaCertificate} server: https://${endpoint} name: ${context} contexts: - context: cluster: ${context} user: ${context} name: ${context} current-context: ${context} kind: Config preferences: {} users: - name: ${context} user: auth-provider: config: cmd-args: config config-helper --format=json cmd-path: gcloud expiry-key: '{.credential.token_expiry}' token-key: '{.credential.access_token}' name: gcp `; } ); // Step 2: Create a Kubernetes Provider instance using the GKE cluster's kubeconfig const k8sProvider = new k8s.Provider("k8s-provider", { kubeconfig: kubeconfig, }); // Step 3: Install the 'cert-manager' helm chart const certManagerChart = new k8s.helm.v3.Chart("cert-manager", { chart: "cert-manager", version: "v1.4.0", namespace: "cert-manager", fetchOpts:{ repo: "https://charts.jetstack.io", }, }, { provider: k8sProvider }); // Ensure the 'cert-manager' services are running before deploying Jaeger helm chart const certManagerDeployment = certManagerChart.getResource("v1/Service", "cert-manager", "cert-manager-webhook"); // Step 4: Deploy the Jaeger helm chart configured to use 'cert-manager' for SSL const jaegerChart = new k8s.helm.v3.Chart("jaeger", { chart: "jaeger", version: "2.19.0", namespace: "monitoring", fetchOpts: { repo: "https://jaegertracing.github.io/helm-charts", }, values: { // You should configure these values according to your Jaeger setup requirements // and make sure to annotate Jaeger's components with the appropriate cert-manager annotations. }, // Make sure Jaeger is installed after cert-manager }, { provider: k8sProvider, dependsOn: certManagerDeployment }); // Export the Jaeger service URL, once available export const jaegerUrl = jaegerChart .getResourceProperty("v1/Service", "monitoring", "jaeger-agent") .apply(svc => svc.status.loadBalancer.ingress[0].hostname);

    Here are the explanations for some of the components:

    • fetchOpts.repo specifies the Helm repository where the chart is located.
    • values in the Helm chart declarations are where you configure the chart with the appropriate values for your setup. For Jaeger, make sure to include the necessary annotations or values for cert-manager to generate and manage the SSL certificates.


    To execute this Pulumi program, you need to:

    1. Save this code into a file with a .ts extension (for example, deploy-jaeger-gke.ts).
    2. Run pulumi up command in your terminal — this command will provision all the resources specified in the program.
    3. After successful completion, Pulumi will output any exported values, such as the Jaeger service URL.

    Make sure you review the changes before selecting 'yes' to apply them since this will incur in Google Cloud Platform costs.


    Once the deployment finishes, you will need to configure your DNS or ingress controller to properly route traffic to the Jaeger service. The exported jaegerUrl is the address you will use for these configurations or for direct access.

    Always remember to check the Helm chart documentations for cert-manager and Jaeger to ensure you have the most suitable configuration for your needs.

    This Pulumi program should give you a foundational setup for Jaeger on GKE with SSL certificates managed by cert-manager.