def __init__(self, name: str, props: MetalLBProperties, opts=None):
"""Initializes MetalLB using the given parameters."""
super().__init__('glab:kubernetes:metallb', name, None, opts)
self.props = props
self.namespace = Namespace('metallb-namespace',
metadata={
'name': self.props.namespace_str,
'labels': {
'app': 'metallb'
}
},
opts=pulumi.ResourceOptions(parent=self))
self.resources = yaml.ConfigFile('metallb-resources',
self.props.manifest,
transformations=[self._add_namespace],
opts=pulumi.ResourceOptions(parent=self))
secret_key = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(128))
self.secret = Secret('metallb-memberlist',
metadata={
'namespace': self.props.namespace_str,
'name': 'memberlist'
},
type='general',
string_data={
'secretkey': secret_key
},
opts=pulumi.ResourceOptions(parent=self))
config = {
'address-pools': [
{
'name': 'default',
'protocol': 'layer2',
'addresses': [
'{}-{}'.format(props.network_start, props.network_end)
]
}
]
}
self.config = ConfigMap('metallb-config',
metadata={
'namespace': self.props.namespace_str,
'name': 'config'
},
data={
"config": yml.dump(config)
},
opts=pulumi.ResourceOptions(parent=self))
def __init__(self, name: str, props: NGINXProperties, opts=None):
"""Initializes NGINX using the given parameters."""
super().__init__('glab:kubernetes:NGINX', name, None, opts)
self.props = props
self.namespace = Namespace('nginx-namespace',
metadata={"name": self.props.namespace_str},
opts=pulumi.ResourceOptions(parent=self))
self.chart = Chart(
'nginx-chart',
ChartOpts(
fetch_opts=FetchOpts(repo='https://helm.nginx.com/stable', ),
chart='nginx-ingress',
namespace=self.props.namespace_str,
values={
'controller': {
'wildcardTLS': {
'secret':
'{}/{}'.format(self.props.namespace_str,
'gilmanio-wildcard-cert-secret')
}
}
}),
opts=pulumi.ResourceOptions(parent=self,
depends_on=[self.namespace]))
self.widlcard_cert = CustomResource(
'nginx-wildcard-cert',
api_version='cert-manager.io/v1alpha2',
kind='Certificate',
metadata={
'name': 'gilmanio-wildcard-cert',
'namespace': self.props.namespace_str,
},
spec={
'secretName': 'gilmanio-wildcard-cert-secret',
'issuerRef': {
'name': 'letsencrypt',
'kind': 'ClusterIssuer'
},
'commonName': '*.gilman.io',
'dnsNames': [
'gilman.io',
'*.gilman.io',
],
},
opts=pulumi.ResourceOptions(parent=self))
def __init__(self, name: str, props: NFSProperties, opts=None):
"""Initializes NFSProvisioner using the given parameters."""
super().__init__('glab:kubernetes:nfs', name, None, opts)
self.props = props
self.namespace = Namespace('nfs-namespace',
metadata={"name": self.props.namespace_str},
opts=pulumi.ResourceOptions(parent=self))
self.chart = Chart('nfs-chart',
ChartOpts(repo='stable',
chart='nfs-client-provisioner',
namespace=self.props.namespace_str,
values={
'nfs': {
'server': props.server,
'path': props.path
},
"replicaCount": 3,
"storageClass": {
"name": "nfs"
}
}),
opts=pulumi.ResourceOptions(parent=self))
from pulumi_kubernetes.core.v1 import Namespace
from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts
cilium_namespace = Namespace("cilium")
cilium = Chart(
"cilium",
ChartOpts(
chart="cilium",
version="1.8.5",
fetch_opts=FetchOpts(repo="https://helm.cilium.io"),
namespace=cilium_namespace.metadata["name"],
values={
# The values change when upgrading cilium to 1.9, watch out!
"operator": {
"numReplicas": 1,
},
},
),
)
custom_provider = Provider("k8s", kubeconfig=aks.kube_config_raw)
sql = mssql.Server("kzhou-sql",
resource_group_name=rg.name,
location=rg.location,
version="12.0",
administrator_login="******",
administrator_login_password=SA_PASSWORD,
minimum_tls_version="1.2",
public_network_access_enabled=True)
name = 'kzhou'
# Create a Kubernetes Namespace
namespace = Namespace(name,
metadata={},
__opts__=ResourceOptions(provider=custom_provider))
# Create a NGINX Deployment
appLabels = {"appClass": name}
deployment = Deployment(name,
metadata={"labels": appLabels},
spec={
"selector": {
"match_labels": appLabels
},
"replicas": 1,
"template": {
"metadata": {
"labels": appLabels
},
#!/usr/bin/env python3
import pathlib
import tempfile
import urllib3
import zipfile
from pulumi_kubernetes.core.v1 import Namespace
from pulumi_kubernetes.helm.v3 import Chart, LocalChartOpts
local_path_provisioner_namespace = Namespace("local-path-provisioner")
# Location on each node to store Persistent Volumes
local_path_storage = "/opt/local-path-provisioner"
# Local path provisioner is not on any helm repo that I know of
# So we have to download and import it locally
# Tracking issue: https://github.com/rancher/local-path-provisioner/issues/89
local_path_provisioner_version = "0.0.18"
local_path_provisioner_location = f"https://github.com/rancher/local-path-provisioner/archive/v{local_path_provisioner_version}.zip"
# Downloads local-path-provisioner
def download_lpp_chart():
tmpdir_ = tempfile.mkdtemp()
tmpdir = pathlib.Path(tmpdir_)
# We don't really need requests to simplify 5 lines
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from pulumi_kubernetes.core.v1 import Namespace
from pulumi_kubernetes.helm.v2 import Chart, ChartOpts, FetchOpts
from pulumi_random import RandomString
from os.path import expanduser
namespace = Namespace("test")
rs = RandomString("random-string", length=8).result
values = {
"unbound": {
"image": {
"pullPolicy": "Always"
}
},
"random-string": rs
}
Chart("unbound", ChartOpts(
"stable/unbound", values=values, namespace=namespace.metadata["name"], version="1.1.0",
fetch_opts=FetchOpts(home=expanduser("~"))))
from pulumi_kubernetes.core.v1 import Namespace
from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts
vault_namespace = Namespace("vault")
cilium = Chart(
"vault",
ChartOpts(
chart="vault",
version="0.8.0",
fetch_opts=FetchOpts(
repo="https://helm.releases.hashicorp.com"),
namespace=vault_namespace.metadata["name"],
values={
# Not yet configured...
# https://github.com/hashicorp/vault-helm/blob/master/values.yaml
},
),
)
stack_ref = pulumi.StackReference(sr)
# Get the kubeconfig from the stack
kubeconfig = stack_ref.get_output("kubeConfig")
# Get configuration options
config = pulumi.Config()
namespace = config.require("namespace")
# Set up the provider
provider = k8s.Provider("home.lbrlabs", kubeconfig=kubeconfig)
# Create the namespace
ns = Namespace(
"ns",
metadata={
"name": namespace,
},
opts=pulumi.ResourceOptions(provider=provider),
)
# Install the helm chart
helm.Chart(
"local-volume-provisioner",
helm.LocalChartOpts(path="charts/provisioner",
namespace=ns.metadata["name"],
values={
"classes": [{
"name": 'local',
"hostDir": "/mnt/",
"mountDir": "/mnt/k8s",
"volumeMode": "Filesystem",
# Copyright 2016-2019, Pulumi Corporation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import pulumi
from pulumi_kubernetes.core.v1 import Pod, Namespace
namespace = Namespace("ns")
pod = Pod("smoke-test",
metadata={
"namespace": namespace,
},
spec={"containers": [
{
"name": "nginx",
"image": "nginx"
},
]})
pulumi.export("ip", pod.status["pod_ip"])
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from pulumi_kubernetes.core.v1 import Namespace
from pulumi_kubernetes.yaml import ConfigFile, ConfigGroup
ns = Namespace("ns")
ns2 = Namespace("ns2")
def set_namespace(namespace):
def f(obj):
if "metadata" in obj:
obj["metadata"]["namespace"] = namespace.metadata["name"]
else:
obj["metadata"] = {"namespace": namespace.metadata["name"]}
return f
def secret_status(obj, opts):
if obj["kind"] == "Pod" and obj["apiVersion"] == "v1":
from pulumi_kubernetes.core.v1 import Namespace
from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts
prometheus_namespace = Namespace("prometheus")
# TODO: Add TLS to the ingresses in this config.
# See values reference below....
# https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus/values.yaml
prometheus = Chart(
"prometheus",
ChartOpts(
chart="prometheus",
version="11.16.8",
fetch_opts=FetchOpts(
repo="https://prometheus-community.github.io/helm-charts"),
namespace=prometheus_namespace.metadata["name"],
values={
"alertmanager": {
"enabled": True,
"ingress": {
"enabled": True,
"hosts": ["alertmanager.dev-k8s.ocf.berkeley.edu"],
},
},
"server": {
"ingress": {
"enabled": True,
"hosts": ["prometheus.dev-k8s.ocf.berkeley.edu"],
}
tokenKey='{.credential.access_token}')
return config
gke_masterAuth = cluster.master_auth['clusterCaCertificate']
gke_endpoint = cluster.endpoint
gke_context = gcp_project + '_' + gcp_zone + '_' + cluster_name
k8s_config = pulumi.Output.all(
gke_masterAuth, gke_endpoint,
gke_context).apply(lambda args: generate_k8_config(*args))
cluster_provider = pulumi_kubernetes.Provider(cluster_name,
kubeconfig=k8s_config)
ns = Namespace(cluster_name,
__opts__=ResourceOptions(provider=cluster_provider))
gke_deployment = Deployment(
app_name,
metadata={
'namespace': ns,
'labels': app_label,
},
spec={
'replicas': 3,
'selector': {
'matchLabels': app_label
},
'template': {
'metadata': {
'labels': app_label
},
network_profile={
"networkPlugin": "azure",
"dnsServiceIp": "10.10.1.254",
"dockerBridgeCidr": "172.17.0.1/16",
"serviceCidr": "10.10.1.0/24"
},
identity={"type": "SystemAssigned"})
k8s = Provider(
"k8s",
kubeconfig=aks.kube_config_raw,
)
ns_consul = Namespace("consul",
opts=pulumi.ResourceOptions(depends_on=[aks],
provider=k8s),
metadata={"name": "consul"})
ns_flux = Namespace("flux",
opts=pulumi.ResourceOptions(depends_on=[aks],
provider=k8s),
metadata={"name": "flux"})
consul = v3.Chart("consul",
config=v3.LocalChartOpts(path="consul-helm",
namespace="consul",
values={
"connectInject.enabled": "true",
"client.enabled": "true",
"client.grpc": "true",
"syncCatalog.enabled": "true"
},
},
}],
})
# Create the KubeConfig Structure as per https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
kubeconfig = Output.all(cluster.endpoint, cluster.certificate_authority["data"], cluster.name).apply(lambda args: generateKubeconfig(args[0], args[1], args[2]))
# Declare a provider using the KubeConfig we created
# This will be used to interact with the EKS cluster
k8s_provider = Provider("k8s-provider", kubeconfig=kubeconfig)
# Create a Namespace object https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
ns = Namespace("app-ns",
metadata={
"name": "joe-duffy",
},
opts=ResourceOptions(provider=k8s_provider)
)
app_labels = {
"app": "iac-workshop"
}
app_deployment = Deployment("app-dep",
metadata={
"namespace": ns.metadata["name"]
},
spec={
"selector": {
"match_labels": app_labels,
},
"replicas": 1,
import pulumi
import os
from pulumi_kubernetes.meta.v1 import ObjectMetaArgs
from pulumi_kubernetes.core.v1 import PersistentVolume, PersistentVolumeClaim, PersistentVolumeClaimSpecArgs, ResourceRequirementsArgs, Namespace
from pulumi_kubernetes.storage.v1 import StorageClass
from pulumi_kubernetes.helm.v2 import Chart, ChartOpts, FetchOpts
namespace_name = os.getenv('namespace_name')
mongodb_database = os.getenv('mongodb_database')
mongodb_username = os.getenv('mongodb_username')
mongodb_password = os.getenv('mongodb_password')
namespace = Namespace(
resource_name=namespace_name,
metadata=ObjectMetaArgs(
name=namespace_name
)
)
ingress_service = Chart(
'nginx-ingress',
config = ChartOpts(
fetch_opts = FetchOpts(
repo='https://kubernetes.github.io/ingress-nginx'
),
chart = 'ingress-nginx',
version = '3.21.0',
namespace = namespace_name,
values = {
"controller" : {
"replicaCount" : 1
#!/usr/bin/env python3
import socket
from pulumi_kubernetes.core.v1 import Namespace
from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts
traefik_namespace = Namespace("traefik")
# Get the current IP address for kubernetes to expose as a NodePort
node_ip = socket.gethostbyname(socket.gethostname())
exposed_ips = [node_ip]
def traefik_chart_transformation(obj, opts):
# The default Traefik chart's Service is a LoadBalancer in the default namespace
# We set it to a NodePort, listening on all IPs, in the traefik namespace
if obj["kind"] == "Service":
obj["spec"]["type"] = "NodePort"
obj["metadata"]["namespace"] = traefik_namespace.metadata["name"]
obj["spec"]["externalIPs"] = exposed_ips
traefik = Chart(
"traefik",
ChartOpts(
chart="traefik",
version="9.10.1",
fetch_opts=FetchOpts(repo="https://helm.traefik.io/traefik"),
namespace=traefik_namespace.metadata["name"],
values={
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from pulumi_kubernetes.core.v1 import Namespace
from pulumi_kubernetes.yaml import ConfigFile
ns = Namespace("ns")
def add_namespace(obj):
if "metadata" in obj:
obj["metadata"]["namespace"] = ns.metadata["name"]
else:
obj["metadata"] = {"namespace": ns.metadata["name"]}
return obj
cf_local = ConfigFile(
"yaml-test",
"manifest.yaml",
transformations=[add_namespace],
