https://pulumi.com logo
Join Slack
Powered by
Okay, first pulumi experience, I have EKS building...
# kubernetes
b
Okay, first pulumi experience, I have EKS building with my index.ts, I wanted to also deploy a helm chart as part of my base platform IaC. Can 
k8s.helm.v3.Chart
inherit the credentials for the cluster it built? How do I go from building the cluster to also deploying stuff to it? if I manually pull the kubeconfig (future will be oidc) and re-run 
pulumi up
everything deploys fine. index.ts LINK
b
Hey Kathryn! Yes this is a common pattern 🙂 Your EKS resource outputs a 
provider
which can then be passed to your Kubernetes resources! https://github.com/pulumi/examples/blob/master/aws-ts-eks-hello-world/index.ts#L60 Your pass it to your resource via the helm chart's resource options, so in this case it'd be:
Copy code
const kongGateway = new k8s.helm.v3.Chart("gateway", {
  repo: "kong",
  chart: "kong",
  // TODO: tear down and change namespace to `kong`
  namespace: "default",
  fetchOpts:{
    repo: "<https://charts.konghq.com/>",
  },
  values: {
    postgresql: {
      enabled: true,
    }
  },
},
providers: { kubernetes: cluster.provider } }
);
regarding your comment about the namespace, you can also create your namespace and pass that to your helm chart too: https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/digitalocean/kubernetes/index.ts#L44
b
awesome!!!!! giving this a go
b
I haven't actually tested the helm example, hopefully your IDE can help 😄
b
ha, just in vim for now. should switch over to VSCode
Okay, updated gist. Erroring out, but it's odd to me that it is, because it definitely did create the namespace. So the kubeconfig 
provider
cant be garbage. Unless I somehow created the namespace somewhere else after deploying this fresh cluster without remembering.
Copy code
<http://kongclusterplugins.configuration.konghq.com|kongclusterplugins.configuration.konghq.com> (kubernetes:<http://helm.sh/v3:Chart$kubernetes:apiextensions.k8s.io/v1beta1:CustomResourceDefinition|helm.sh/v3:Chart$kubernetes:apiextensions.k8s.io/v1beta1:CustomResourceDefinition>)
error: configured Kubernetes cluster is unreachable: unable to load Kubernetes client configuration from kubeconfig file: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
If the cluster has been deleted, you can edit the pulumi state to remove this resource

default/gateway-kong (kubernetes:<http://helm.sh/v3:Chart$kubernetes:apps/v1:Deployment|helm.sh/v3:Chart$kubernetes:apps/v1:Deployment>)
error: configured Kubernetes cluster is unreachable: unable to load Kubernetes client configuration from kubeconfig file: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
If the cluster has been deleted, you can edit the pulumi state to remove this resource

  pulumi:pulumi:Stack (KongOnEKS-KongOnEKS):
    W0729 22:20:38.072566    2219 loader.go:223] Config not found: /root/.kube/config
 
    error: update failed
b
Ah, the provider field on the helm chart is slightly different to kubernetes resources
b
looking back at it.
b
Notice the kubernetes map of the map here { providers: { kubernetes: provider } },
b
learning how to navigate docs still I suppose
b
ah, that's because the helm chart resource is a component resource, and the provider options goes on that
b
Success!!! Now on to learning how to create kubernetes secrets in pulumi before the helm chart deploys.
++ @billowy-army-68599 thank you!
b
Now on to learning how to create kubernetes secrets in pulumi before the helm chart deploys.
if you define a secret output as an input to the helm chart, this will happen automatically, similar to what you did with the namespace earlier
@busy-journalist-6936 once you have this all working, I'd be interested in helping you turn this into a component that other users can reuse, keep me updated!
b
I'm 100% on board with getting it mature enough for wider use. *disclaimer I work for Kong
b
excellent, once you're in a good place, DM me and we can chat more!
👍 1
b
@billowy-army-68599 do you have an example of that secret thing which would be equivalent to something like:
Copy code
kubectl create secret generic \
  kong-enterprise-license -n kong \
  --from-file=./license
I can do 
--from-literal
style instead and make the license part of pulumi config
b
Not to hand, but you should be able to use fs.readFileSync to read the file and then input it into stringData
7 Views
Open in Slack
PreviousNext
Powered by