def __init__(self, name: str, props: MetalLBProperties, opts=None): """Initializes MetalLB using the given parameters.""" super().__init__('glab:kubernetes:metallb', name, None, opts) self.props = props self.namespace = Namespace('metallb-namespace', metadata={ 'name': self.props.namespace_str, 'labels': { 'app': 'metallb' } }, opts=pulumi.ResourceOptions(parent=self)) self.resources = yaml.ConfigFile('metallb-resources', self.props.manifest, transformations=[self._add_namespace], opts=pulumi.ResourceOptions(parent=self)) secret_key = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(128)) self.secret = Secret('metallb-memberlist', metadata={ 'namespace': self.props.namespace_str, 'name': 'memberlist' }, type='general', string_data={ 'secretkey': secret_key }, opts=pulumi.ResourceOptions(parent=self)) config = { 'address-pools': [ { 'name': 'default', 'protocol': 'layer2', 'addresses': [ '{}-{}'.format(props.network_start, props.network_end) ] } ] } self.config = ConfigMap('metallb-config', metadata={ 'namespace': self.props.namespace_str, 'name': 'config' }, data={ "config": yml.dump(config) }, opts=pulumi.ResourceOptions(parent=self))
def __init__(self, name: str, props: NGINXProperties, opts=None): """Initializes NGINX using the given parameters.""" super().__init__('glab:kubernetes:NGINX', name, None, opts) self.props = props self.namespace = Namespace('nginx-namespace', metadata={"name": self.props.namespace_str}, opts=pulumi.ResourceOptions(parent=self)) self.chart = Chart( 'nginx-chart', ChartOpts( fetch_opts=FetchOpts(repo='https://helm.nginx.com/stable', ), chart='nginx-ingress', namespace=self.props.namespace_str, values={ 'controller': { 'wildcardTLS': { 'secret': '{}/{}'.format(self.props.namespace_str, 'gilmanio-wildcard-cert-secret') } } }), opts=pulumi.ResourceOptions(parent=self, depends_on=[self.namespace])) self.widlcard_cert = CustomResource( 'nginx-wildcard-cert', api_version='cert-manager.io/v1alpha2', kind='Certificate', metadata={ 'name': 'gilmanio-wildcard-cert', 'namespace': self.props.namespace_str, }, spec={ 'secretName': 'gilmanio-wildcard-cert-secret', 'issuerRef': { 'name': 'letsencrypt', 'kind': 'ClusterIssuer' }, 'commonName': '*.gilman.io', 'dnsNames': [ 'gilman.io', '*.gilman.io', ], }, opts=pulumi.ResourceOptions(parent=self))
def __init__(self, name: str, props: NFSProperties, opts=None): """Initializes NFSProvisioner using the given parameters.""" super().__init__('glab:kubernetes:nfs', name, None, opts) self.props = props self.namespace = Namespace('nfs-namespace', metadata={"name": self.props.namespace_str}, opts=pulumi.ResourceOptions(parent=self)) self.chart = Chart('nfs-chart', ChartOpts(repo='stable', chart='nfs-client-provisioner', namespace=self.props.namespace_str, values={ 'nfs': { 'server': props.server, 'path': props.path }, "replicaCount": 3, "storageClass": { "name": "nfs" } }), opts=pulumi.ResourceOptions(parent=self))
from pulumi_kubernetes.core.v1 import Namespace from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts cilium_namespace = Namespace("cilium") cilium = Chart( "cilium", ChartOpts( chart="cilium", version="1.8.5", fetch_opts=FetchOpts(repo="https://helm.cilium.io"), namespace=cilium_namespace.metadata["name"], values={ # The values change when upgrading cilium to 1.9, watch out! "operator": { "numReplicas": 1, }, }, ), )
custom_provider = Provider("k8s", kubeconfig=aks.kube_config_raw) sql = mssql.Server("kzhou-sql", resource_group_name=rg.name, location=rg.location, version="12.0", administrator_login="******", administrator_login_password=SA_PASSWORD, minimum_tls_version="1.2", public_network_access_enabled=True) name = 'kzhou' # Create a Kubernetes Namespace namespace = Namespace(name, metadata={}, __opts__=ResourceOptions(provider=custom_provider)) # Create a NGINX Deployment appLabels = {"appClass": name} deployment = Deployment(name, metadata={"labels": appLabels}, spec={ "selector": { "match_labels": appLabels }, "replicas": 1, "template": { "metadata": { "labels": appLabels },
#!/usr/bin/env python3 import pathlib import tempfile import urllib3 import zipfile from pulumi_kubernetes.core.v1 import Namespace from pulumi_kubernetes.helm.v3 import Chart, LocalChartOpts local_path_provisioner_namespace = Namespace("local-path-provisioner") # Location on each node to store Persistent Volumes local_path_storage = "/opt/local-path-provisioner" # Local path provisioner is not on any helm repo that I know of # So we have to download and import it locally # Tracking issue: https://github.com/rancher/local-path-provisioner/issues/89 local_path_provisioner_version = "0.0.18" local_path_provisioner_location = f"https://github.com/rancher/local-path-provisioner/archive/v{local_path_provisioner_version}.zip" # Downloads local-path-provisioner def download_lpp_chart(): tmpdir_ = tempfile.mkdtemp() tmpdir = pathlib.Path(tmpdir_) # We don't really need requests to simplify 5 lines
# you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from pulumi_kubernetes.core.v1 import Namespace from pulumi_kubernetes.helm.v2 import Chart, ChartOpts, FetchOpts from pulumi_random import RandomString from os.path import expanduser namespace = Namespace("test") rs = RandomString("random-string", length=8).result values = { "unbound": { "image": { "pullPolicy": "Always" } }, "random-string": rs } Chart("unbound", ChartOpts( "stable/unbound", values=values, namespace=namespace.metadata["name"], version="1.1.0", fetch_opts=FetchOpts(home=expanduser("~"))))
from pulumi_kubernetes.core.v1 import Namespace from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts vault_namespace = Namespace("vault") cilium = Chart( "vault", ChartOpts( chart="vault", version="0.8.0", fetch_opts=FetchOpts( repo="https://helm.releases.hashicorp.com"), namespace=vault_namespace.metadata["name"], values={ # Not yet configured... # https://github.com/hashicorp/vault-helm/blob/master/values.yaml }, ), )
stack_ref = pulumi.StackReference(sr) # Get the kubeconfig from the stack kubeconfig = stack_ref.get_output("kubeConfig") # Get configuration options config = pulumi.Config() namespace = config.require("namespace") # Set up the provider provider = k8s.Provider("home.lbrlabs", kubeconfig=kubeconfig) # Create the namespace ns = Namespace( "ns", metadata={ "name": namespace, }, opts=pulumi.ResourceOptions(provider=provider), ) # Install the helm chart helm.Chart( "local-volume-provisioner", helm.LocalChartOpts(path="charts/provisioner", namespace=ns.metadata["name"], values={ "classes": [{ "name": 'local', "hostDir": "/mnt/", "mountDir": "/mnt/k8s", "volumeMode": "Filesystem",
# Copyright 2016-2019, Pulumi Corporation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import pulumi from pulumi_kubernetes.core.v1 import Pod, Namespace namespace = Namespace("ns") pod = Pod("smoke-test", metadata={ "namespace": namespace, }, spec={"containers": [ { "name": "nginx", "image": "nginx" }, ]}) pulumi.export("ip", pod.status["pod_ip"])
# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from pulumi_kubernetes.core.v1 import Namespace from pulumi_kubernetes.yaml import ConfigFile, ConfigGroup ns = Namespace("ns") ns2 = Namespace("ns2") def set_namespace(namespace): def f(obj): if "metadata" in obj: obj["metadata"]["namespace"] = namespace.metadata["name"] else: obj["metadata"] = {"namespace": namespace.metadata["name"]} return f def secret_status(obj, opts): if obj["kind"] == "Pod" and obj["apiVersion"] == "v1":
from pulumi_kubernetes.core.v1 import Namespace from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts prometheus_namespace = Namespace("prometheus") # TODO: Add TLS to the ingresses in this config. # See values reference below.... # https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus/values.yaml prometheus = Chart( "prometheus", ChartOpts( chart="prometheus", version="11.16.8", fetch_opts=FetchOpts( repo="https://prometheus-community.github.io/helm-charts"), namespace=prometheus_namespace.metadata["name"], values={ "alertmanager": { "enabled": True, "ingress": { "enabled": True, "hosts": ["alertmanager.dev-k8s.ocf.berkeley.edu"], }, }, "server": { "ingress": { "enabled": True, "hosts": ["prometheus.dev-k8s.ocf.berkeley.edu"], }
tokenKey='{.credential.access_token}') return config gke_masterAuth = cluster.master_auth['clusterCaCertificate'] gke_endpoint = cluster.endpoint gke_context = gcp_project + '_' + gcp_zone + '_' + cluster_name k8s_config = pulumi.Output.all( gke_masterAuth, gke_endpoint, gke_context).apply(lambda args: generate_k8_config(*args)) cluster_provider = pulumi_kubernetes.Provider(cluster_name, kubeconfig=k8s_config) ns = Namespace(cluster_name, __opts__=ResourceOptions(provider=cluster_provider)) gke_deployment = Deployment( app_name, metadata={ 'namespace': ns, 'labels': app_label, }, spec={ 'replicas': 3, 'selector': { 'matchLabels': app_label }, 'template': { 'metadata': { 'labels': app_label
}, network_profile={ "networkPlugin": "azure", "dnsServiceIp": "10.10.1.254", "dockerBridgeCidr": "172.17.0.1/16", "serviceCidr": "10.10.1.0/24" }, identity={"type": "SystemAssigned"}) k8s = Provider( "k8s", kubeconfig=aks.kube_config_raw, ) ns_consul = Namespace("consul", opts=pulumi.ResourceOptions(depends_on=[aks], provider=k8s), metadata={"name": "consul"}) ns_flux = Namespace("flux", opts=pulumi.ResourceOptions(depends_on=[aks], provider=k8s), metadata={"name": "flux"}) consul = v3.Chart("consul", config=v3.LocalChartOpts(path="consul-helm", namespace="consul", values={ "connectInject.enabled": "true", "client.enabled": "true", "client.grpc": "true", "syncCatalog.enabled": "true"
}, }, }], }) # Create the KubeConfig Structure as per https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html kubeconfig = Output.all(cluster.endpoint, cluster.certificate_authority["data"], cluster.name).apply(lambda args: generateKubeconfig(args[0], args[1], args[2])) # Declare a provider using the KubeConfig we created # This will be used to interact with the EKS cluster k8s_provider = Provider("k8s-provider", kubeconfig=kubeconfig) # Create a Namespace object https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ ns = Namespace("app-ns", metadata={ "name": "joe-duffy", }, opts=ResourceOptions(provider=k8s_provider) ) app_labels = { "app": "iac-workshop" } app_deployment = Deployment("app-dep", metadata={ "namespace": ns.metadata["name"] }, spec={ "selector": { "match_labels": app_labels, }, "replicas": 1,
import pulumi import os from pulumi_kubernetes.meta.v1 import ObjectMetaArgs from pulumi_kubernetes.core.v1 import PersistentVolume, PersistentVolumeClaim, PersistentVolumeClaimSpecArgs, ResourceRequirementsArgs, Namespace from pulumi_kubernetes.storage.v1 import StorageClass from pulumi_kubernetes.helm.v2 import Chart, ChartOpts, FetchOpts namespace_name = os.getenv('namespace_name') mongodb_database = os.getenv('mongodb_database') mongodb_username = os.getenv('mongodb_username') mongodb_password = os.getenv('mongodb_password') namespace = Namespace( resource_name=namespace_name, metadata=ObjectMetaArgs( name=namespace_name ) ) ingress_service = Chart( 'nginx-ingress', config = ChartOpts( fetch_opts = FetchOpts( repo='https://kubernetes.github.io/ingress-nginx' ), chart = 'ingress-nginx', version = '3.21.0', namespace = namespace_name, values = { "controller" : { "replicaCount" : 1
#!/usr/bin/env python3 import socket from pulumi_kubernetes.core.v1 import Namespace from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts traefik_namespace = Namespace("traefik") # Get the current IP address for kubernetes to expose as a NodePort node_ip = socket.gethostbyname(socket.gethostname()) exposed_ips = [node_ip] def traefik_chart_transformation(obj, opts): # The default Traefik chart's Service is a LoadBalancer in the default namespace # We set it to a NodePort, listening on all IPs, in the traefik namespace if obj["kind"] == "Service": obj["spec"]["type"] = "NodePort" obj["metadata"]["namespace"] = traefik_namespace.metadata["name"] obj["spec"]["externalIPs"] = exposed_ips traefik = Chart( "traefik", ChartOpts( chart="traefik", version="9.10.1", fetch_opts=FetchOpts(repo="https://helm.traefik.io/traefik"), namespace=traefik_namespace.metadata["name"], values={
# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from pulumi_kubernetes.core.v1 import Namespace from pulumi_kubernetes.yaml import ConfigFile ns = Namespace("ns") def add_namespace(obj): if "metadata" in obj: obj["metadata"]["namespace"] = ns.metadata["name"] else: obj["metadata"] = {"namespace": ns.metadata["name"]} return obj cf_local = ConfigFile( "yaml-test", "manifest.yaml", transformations=[add_namespace],