def __init__(self, name: str, props: NGINXProperties, opts=None):
"""Initializes NGINX using the given parameters."""
super().__init__('glab:kubernetes:NGINX', name, None, opts)
self.props = props
self.namespace = Namespace('nginx-namespace',
metadata={"name": self.props.namespace_str},
opts=pulumi.ResourceOptions(parent=self))
self.chart = Chart(
'nginx-chart',
ChartOpts(
fetch_opts=FetchOpts(repo='https://helm.nginx.com/stable', ),
chart='nginx-ingress',
namespace=self.props.namespace_str,
values={
'controller': {
'wildcardTLS': {
'secret':
'{}/{}'.format(self.props.namespace_str,
'gilmanio-wildcard-cert-secret')
}
}
}),
opts=pulumi.ResourceOptions(parent=self,
depends_on=[self.namespace]))
self.widlcard_cert = CustomResource(
'nginx-wildcard-cert',
api_version='cert-manager.io/v1alpha2',
kind='Certificate',
metadata={
'name': 'gilmanio-wildcard-cert',
'namespace': self.props.namespace_str,
},
spec={
'secretName': 'gilmanio-wildcard-cert-secret',
'issuerRef': {
'name': 'letsencrypt',
'kind': 'ClusterIssuer'
},
'commonName': '*.gilman.io',
'dnsNames': [
'gilman.io',
'*.gilman.io',
],
},
opts=pulumi.ResourceOptions(parent=self))
def __init__(self, name: str, props: NFSProperties, opts=None):
"""Initializes NFSProvisioner using the given parameters."""
super().__init__('glab:kubernetes:nfs', name, None, opts)
self.props = props
self.namespace = Namespace('nfs-namespace',
metadata={"name": self.props.namespace_str},
opts=pulumi.ResourceOptions(parent=self))
self.chart = Chart('nfs-chart',
ChartOpts(repo='stable',
chart='nfs-client-provisioner',
namespace=self.props.namespace_str,
values={
'nfs': {
'server': props.server,
'path': props.path
},
"replicaCount": 3,
"storageClass": {
"name": "nfs"
}
}),
opts=pulumi.ResourceOptions(parent=self))
# That function requires passing values that are not be known until the resources are created.
# Thus, the use of "apply()" to wait for those values before calling the function.
creds = pulumi.Output.all(resource_group.name, k8s_cluster.name).apply(
lambda args: containerservice.list_managed_cluster_user_credentials(
resource_group_name=args[0], resource_name=args[1]))
# The "list_managed_cluster_user_credentials" function returns an array of base64 encoded kubeconfigs.
# So decode the kubeconfig for our cluster but mark it as a secret so Pulumi treats it accordingly.
kubeconfig = pulumi.Output.secret(creds.kubeconfigs[0].value.apply(
lambda enc: base64.b64decode(enc).decode()))
### End of AKS Cluster Related Resources
# The K8s provider which supplies the helm chart resource needs to know how to talk to the K8s cluster.
# So, instantiate a K8s provider using the retrieved kubeconfig.
k8s_provider = k8s.Provider('k8s-provider', kubeconfig=kubeconfig)
# Create a chart resource to deploy apache using the k8s provider instantiated above.
apache = Chart('apache-chart',
ChartOpts(
chart='apache',
version='8.3.2',
fetch_opts={'repo': 'https://charts.bitnami.com/bitnami'}),
opts=ResourceOptions(provider=k8s_provider))
# Get the helm-deployed apache service IP which isn't known until the chart is deployed.
apache_service_ip = apache.get_resource(
'v1/Service',
'apache-chart').apply(lambda res: res.status.load_balancer.ingress[0].ip)
# Correct option using "concat()"
pulumi.export('Apache_URL', pulumi.Output.concat('http://', apache_service_ip))
ChartOpts(
chart="traefik",
version="9.10.1",
fetch_opts=FetchOpts(repo="https://helm.traefik.io/traefik"),
namespace=traefik_namespace.metadata["name"],
values={
# Debugging
# "logs": {"general": {"level": "DEBUG"}},
# These are the ports that Traefik has open
"ports": {
# This one is used for readiness/liveness probes, and is not exposed
"traefik": {
"port": 9000,
"expose": True,
"exposedPort": 9000,
"protocol": "TCP",
},
# This one is exposed on port 80, and is used for HTTP
# It redirects traffic it receives to HTTPS
"web": {
"port": 8000,
"expose": True,
"exposedPort": 80,
"protocol": "TCP",
"redirectTo": "websecure",
},
# This one is exposed on port 443, and is used for HTTPS
"websecure": {
"port": 8443,
"expose": True,
"exposedPort": 443,
"protocol": "TCP",
"tls": {
"enabled": True,
}
},
},
},
transformations=[traefik_chart_transformation],
),
from pulumi_kubernetes.core.v1 import Namespace
from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts
cilium_namespace = Namespace("cilium")
cilium = Chart(
"cilium",
ChartOpts(
chart="cilium",
version="1.8.5",
fetch_opts=FetchOpts(repo="https://helm.cilium.io"),
namespace=cilium_namespace.metadata["name"],
values={
# The values change when upgrading cilium to 1.9, watch out!
"operator": {
"numReplicas": 1,
},
},
),
)
config=ChartOpts(
chart='rabbitmq',
namespace=config_k8s.get("namespace"),
fetch_opts=FetchOpts(repo="https://charts.bitnami.com/bitnami"),
values={
"replicaCount": data.get("replicaCount"),
"resources": {
"limits": {
"memory": data.get("resourcesLimitsMemory")
},
},
"resources": {
"limits": {
"cpu": data.get("resourcesLimitsCpu")
},
},
"resources": {
"requests": {
"memory": data.get("resourcesRequestsMemory"),
},
},
"resources": {
"requests": {
"cpu": data.get("resourcesRequestCpu"),
},
},
"memoryHighWatermark": {
"enabled": data.get("memoryHighWatermarkEnabled"),
},
"memoryHighWatermark": {
"type": data.get("memoryHighWatermarkType"),
},
"memoryHighWatermark": {
"value": data.get("memoryHighWatermarkValue"),
},
"extraPlugins": data.get("extraPlugins"),
"auth": {
"password": config.require_secret("rabbitmqAuthPassword"),
},
"auth": {
"username": data.get("username"),
},
"service": {
"type": data.get('serviceType'),
},
"clustering": {
"forceBoot": data.get("forceBoot"),
},
"persistence": {
"size": data.get("persistenceSize")
},
},
))
prometheus = Chart(
"prometheus",
ChartOpts(
chart="prometheus",
version="11.16.8",
fetch_opts=FetchOpts(
repo="https://prometheus-community.github.io/helm-charts"),
namespace=prometheus_namespace.metadata["name"],
values={
"alertmanager": {
"enabled": True,
"ingress": {
"enabled": True,
"hosts": ["alertmanager.dev-k8s.ocf.berkeley.edu"],
},
},
"server": {
"ingress": {
"enabled": True,
"hosts": ["prometheus.dev-k8s.ocf.berkeley.edu"],
}
},
# Conflicts w/ nodeExporter installed from Puppet.
"nodeExporter": {
"enabled": False,
}
},
),
)
from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts
from pulumi_random import RandomString
namespace = Namespace("test")
rs = RandomString("random-string", length=8).result
values = {"service": {"type": "ClusterIP"}, "random-string": rs}
Chart(
"remote-chart",
ChartOpts(
chart="nginx",
fetch_opts=FetchOpts(home=expanduser("~"),
repo="https://charts.bitnami.com/bitnami"),
namespace=namespace.metadata["name"],
values={"service": {
"type": "ClusterIP"
}},
version="6.0.4",
))
# Deploy a duplicate chart with a different resource prefix to verify that multiple instances of the Chart
# can be managed in the same stack.
Chart(
"remote-chart",
ChartOpts(
chart="nginx",
resource_prefix="dup",
fetch_opts=FetchOpts(home=expanduser("~"),
repo="https://charts.bitnami.com/bitnami"),
namespace=namespace.metadata["name"],
from pulumi_kubernetes.core.v1 import Namespace
from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts
vault_namespace = Namespace("vault")
cilium = Chart(
"vault",
ChartOpts(
chart="vault",
version="0.8.0",
fetch_opts=FetchOpts(
repo="https://helm.releases.hashicorp.com"),
namespace=vault_namespace.metadata["name"],
values={
# Not yet configured...
# https://github.com/hashicorp/vault-helm/blob/master/values.yaml
},
),
)
"""A Kubernetes Python Pulumi program"""
import pulumi
from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts
mongodb = Chart(
'mongodb-julioleal',
config=ChartOpts(
chart='mongodb',
namespace="julioleal",
fetch_opts=FetchOpts(repo="https://charts.bitnami.com/bitnami"),
values={
"auth": {
"enabled": False,
},
"persistence": {
"size": "20Gi",
},
},
))
# Export the public IP for WordPress.
#frontend = mongodb.get_resource('v1/Service', 'mongodb-julioleal')
#pulumi.export('frontend_ip', frontend.status.load_balancer.ingress[0].ip)