Deploy the internal-ingress helm chart on Digital Ocean Kubernetes Service

Question

Pulumi · Accepted Answer

To deploy the `internal-ingress` Helm chart on Digital Ocean Kubernetes Service (DOKS), we'll need to perform the following high-level steps:

1. **Provision a Kubernetes cluster** on Digital Ocean using Pulumi.
2. **Install the Helm chart** into the cluster.

Before we start writing the code, ensure you have Pulumi CLI installed and you are logged in to your Pulumi account. Also ensure that you have the necessary credentials configured for Digital Ocean provider. The DO token can be set as an environment variable `DIGITALOCEAN_TOKEN`.

Here's a detailed Pulumi program in TypeScript that carries out the deployment:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as digitalocean from "@pulumi/digitalocean";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Provision a Kubernetes cluster on Digital Ocean
// We create a Kubernetes cluster in a specified region with a given version.
// The node pool is configured to have a desired count of nodes of a particular size.
const cluster = new digitalocean.KubernetesCluster("do-cluster", {
    region: "nyc3", // This should be the region closest to you or where your services should be deployed.
    version: "1.21.5-do.0", // Specify the Kubernetes version.
    nodePool: {
        name: "default",
        size: "s-2vcpu-2gb", // Size of the nodes (Droplets) to be used in the node pool.
        nodeCount: 2, // The count of Droplets to be created in the node pool.
    },
});

// Step 2: Install the Helm chart into the cluster
// Using the @pulumi/kubernetes package, we install a Helm chart for the ingress controller.
const chart = new k8s.helm.v3.Chart("nginx-ingress", {
    chart: "nginx-ingress",
    version: "1.41.3", // Use the Helm chart version you need for internal-ingress.
    namespace: "default", // Define the namespace where you want to install the Helm chart. 
    fetchOpts:{
        repo: "https://charts.helm.sh/stable",
    },
    // If your chart requires any values, they can be provided here.
    // For example:
    values: {
        controller: {
            publishService: {
                enabled: true,
            },
            service: {
                type: "ClusterIP", // As you're looking for internal ingress, ClusterIP is advised.
                // Ensure you set the specific annotations required for DigitalOcean if any.
                annotations: {
                  // Add any specific annotations needed for DigitalOcean here
                }
            },
        },
    },
}, { provider: new k8s.Provider("k8s-provider", { kubeconfig: cluster.kubeConfigs[0].rawConfig }) });

// Export the cluster details and ingress IP if available.
export const kubeconfig = cluster.kubeConfigs[0].rawConfig;
export const ingressIp = chart.getResourceProperty("v1/Service", "nginx-ingress-controller", "status")
    .apply(status => status.loadBalancer?.ingress[0].ip);
```

Let's break down what we have here:

- **Digital Ocean Kubernetes Cluster (`digitalocean.KubernetesCluster`)**: This resource creates a new Kubernetes cluster in the Digital Ocean cloud. We have named the cluster `do-cluster`, and it will be created with the specified Kubernetes version in a region (`nyc3` in this case), and a node pool configuration that defines the Droplet size and count.

You can find more about the `KubernetesCluster` resource in the [Pulumi documentation](https://www.pulumi.com/registry/packages/digitalocean/api-docs/kubernetescluster/).

- **Kubernetes Helm Chart (`k8s.helm.v3.Chart`)**: This resource is used to deploy a Helm chart into the Kubernetes cluster we created. In this instance, we're deploying an `nginx-ingress` chart, which will be used to manage internal ingress on our cluster. We set the `publishService` to `enabled` and define a `ClusterIP` service type since this should only be an internal ingress.

For configuring certain aspects of the Helm chart specific to Digital Ocean, annotations unique to Digital Ocean's load balancer or ingress controller can be provided under `service.annotations`. If the `internal-ingress` Helm chart you are referring to is different from `nginx-ingress`, you'll need to adjust the `chart` name and any `values` accordingly.

The documentation for the `Chart` resource is available [here](https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/).

At the end of the program, we export the `kubeconfig`, which you can use to interact with your Kubernetes cluster using `kubectl`, and the IP address for the ingress controller service, if available.

Make sure to replace `"1.21.5-do.0"` with the actual Kubernetes version you want to deploy, and update the `chart`, `version`, and `values` according to your `internal-ingress` Helm chart's needs. Remember, if the chart is not available in the official Helm stable repo, you'll need to specify the correct `repo` URL in `fetchOpts`.