Deploy the basic-auth-secret helm chart on Google Kubernetes Engine (GKE)
TypeScriptTo deploy a Helm chart on Google Kubernetes Engine (GKE), you'll need to follow these steps:
- Set up the GKE Cluster: Before deploying any Helm charts, a Kubernetes cluster must be running. We will use Pulumi to declare a GKE cluster.
- Deploy the Helm chart: Once the cluster is up and running, we will deploy the Helm chart to the cluster. For basic authentication secret management, we can use the
basic-auth-secret
as an example Helm chart.
We will be using the
@pulumi/kubernetes
package to create a GKE cluster and then to deploy the Helm chart on it.Let's go through each step in detail:
Step 1: Create a Google Kubernetes Engine Cluster
The
google-native.container.v1.Cluster
resource is used to create a new GKE cluster. This setup includes the necessary configuration such as the zone, initial node count, and network settings.Step 2: Deploy a Helm Chart
The
@pulumi/kubernetes/helm/v3.Chart
resource allows you to deploy Helm charts into a Kubernetes cluster. In this case, we will assume that thebasic-auth-secret
Helm chart is available in a known Helm repository.Below is a TypeScript program that illustrates how to accomplish this:
import * as gcp from "@pulumi/gcp"; import * as k8s from "@pulumi/kubernetes"; import * as pulumi from "@pulumi/pulumi"; // Step 1: Create a GKE cluster const cluster = new gcp.container.Cluster("gke-cluster", { initialNodeCount: 1, nodeVersion: "latest", minMasterVersion: "latest", nodeConfig: { machineType: "e2-medium", oauthScopes: [ "https://www.googleapis.com/auth/compute", "https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring", ], }, }); // Export the Cluster name export const clusterName = cluster.name; // Export the Kubeconfig to access the cluster using kubectl export const kubeconfig = pulumi. all([cluster.name, cluster.endpoint, cluster.masterAuth]). apply(([name, endpoint, masterAuth]) => { const context = `${gcp.config.project}_${gcp.config.zone}_${name}`; return `apiVersion: v1 clusters: - cluster: certificate-authority-data: ${masterAuth.clusterCaCertificate} server: https://${endpoint} name: ${context} contexts: - context: cluster: ${context} user: ${context} name: ${context} current-context: ${context} kind: Config preferences: {} users: - name: ${context} user: auth-provider: config: cmd-args: config config-helper --format=json cmd-path: gcloud expiry-key: '{.credential.token_expiry}' token-key: '{.credential.access_token}' name: gcp `; }); // Step 2: Deploy the Helm chart for basic-auth-secret const helmChart = new k8s.helm.v3.Chart("basic-auth-secret", { chart: "basic-auth-secret", // Assuming 'basic-auth-secret' is the chart name and it is available in the specified repository // Replace `REPO_URL` with the repository where your desired helm chart is located fetchOpts: { repo: "REPO_URL", }, // Specify the values for the Helm chart // Replace these with your desired values for 'username' and 'password' values: { username: "admin", password: "password", }, }, { provider: new k8s.Provider("k8s-provider", { kubeconfig: kubeconfig }) }); // Export the Helm chart resource name export const helmChartName = helmChart.getResourceName();
This program performs the following actions:
- It initializes a new GKE cluster with the specified node count and machine type.
- A kubeconfig file is generated for accessing the cluster. This kubeconfig is outputted as one of the stack exports, allowing you to interact with your cluster via kubectl or other Kubernetes tools.
- It then creates a Helm release for the
basic-auth-secret
chart. The release is configured with the values you specify, which in this case are placeholders for the basic auth username and password. - It uses a Kubernetes Provider that is configured with the kubeconfig. This tells Pulumi to use this specific Kubernetes cluster for deploying resources.
Remember to replace
REPO_URL
with the actual URL of the Helm chart repository containing thebasic-auth-secret
Helm chart, and fill in thevalues
with the actual username and password you'd like to use for basic authentication.You will need to have Pulumi installed, along with the appropriate GCP credentials configured on your system to run this program. Execute
pulumi up
in the project directory to create the resources.For more information on how to use GKE with Pulumi, you can refer to the Pulumi GKE documentation. For working with Kubernetes resources in general, see the Pulumi Kubernetes documentation.