feat: How to Install Helm Charts on Kubernetes with Pulumi - Part 1

content/tutorials/kubernetes-helm-part-one/index.md

@@ -0,0 +1,199 @@
+---
+title_tag: How to Install Helm Charts on Kubernetes with Pulumi - Part 1
+allow_long_title: true
+title: How to Install Helm Charts on Kubernetes with Pulumi - Part 1
+layout: single
+description: |
+  Using Pulumi to install Helm Charts on Kubernetes is a great way to manage to install third-party applications on your Kubernetes cluster.
+meta_desc: Using Pulumi to install Helm Charts on Kubernetes is a great way to manage to install third-party applications on your Kubernetes cluster.
+meta_image: meta.png
+weight: 999
+summary: |
+  If you worked with Pulumi and [Kubernetes](https://kubernetes.io/), you probably know that Pulumi has a [Kubernetes provider](/docs/iac/get-started/kubernetes/) that allows you to deploy Kubernetes resources.
+
+  In this tutorial, we will learn how to install Helm on Kubernetes using Pulumi. [Helm](https://helm.sh/) is a package manager for Kubernetes that allows you to install and manage applications on your Kubernetes cluster.
+
+  Most of the third-party applications that you want to install on your Kubernetes cluster, like whole monitoring stacks, databases, and other applications, are most likely available as Helm charts.
+
+  On services like [Artifact Hub](https://artifacthub.io/), you can find a lot of Helm charts that you can use to install applications on your Kubernetes cluster.
+
+  The Pulumi Kubernetes provider offers two different ways to install Helm on Kubernetes:
+
+  - Using the `Release` resource
+  - Using the `Chart` resource
+
+  The Helm [Chart](/registry/packages/kubernetes/api-docs/helm/v4/chart) resource renders the templates from your chart and then manages the objects directly with the Pulumi Kubernetes provider.
+
+  The Helm [Release](/registry/packages/kubernetes/api-docs/helm/v4/release) resource uses the Helm SDK to install the Helm chart on your Kubernetes cluster.
+youll_learn:
+- How to install Helm on Kubernetes using Pulumi
+
+estimated_time: 10
+collections_weight: 2
+prereqs:
+- "A [Pulumi Cloud account](https://app.pulumi.com/signup) and [access token](/docs/pulumi-cloud/accounts/#access-tokens)"
+- "The [Pulumi CLI](/docs/install/)"
+- "A Kubernetes cluster (for example, [kind](https://kind.sigs.k8s.io/))"
+- "[kubectl](https://kubernetes.io/releases/download/#kubectl)"
+- "[helm](https://helm.sh/docs/intro/install/)"
+
+collections:
+- kubernetes
+---
+
+## Never heard of Helm?
+
+What is Helm? Helm is a package manager for Kubernetes and a Helm chart is a collection of different Kubernetes (like Deployment, Service, Ingress, etc.) resources that are bundled together and can be deployed as a unit.
+
+There are many ways to share Helm charts, but the most popular way is by using a Helm repository. Recently Helm supports also OCI registries as a way to share the Helm chart as an OCI artifact.
+
+Additionally, Helm has a templating engine that allows you to customize the Helm chart before you deploy it. It is based on the go templating engine (plus Sprig functions) and allows you to customize the Helm chart based on your needs.
+
+> This templating engine is also the reason why some folks are avoiding Helm. Things can get pretty complex if not taken care.
+
+## Deploying a Helm chart with Pulumi
+
+To start, [login to the Pulumi CLI](/tutorials/cli-authentication/) and create a new Pulumi project. You can use the following command to create a new Pulumi project and select from the list of templates the `helm-kubernetes-<your-programming-language>` template.
+
+```bash
+# Choose your favorite Pulumi supported language
+pulumi new helm-kubernetes-<your-programming-language>
+```
+
+This will create a new Pulumi project with the necessary files to deploy Kubernetes resources and some example resources.
+
+{{< chooser language "typescript,python,go,csharp,yaml" />}}
+
+{{% choosable language typescript %}}
+
+```typescript
+{{< example-program-snippet path="helm-kubernetes-part-one" language="typescript" from="1" to="45" >}}
+```
+
+{{% /choosable %}}
+
+{{% choosable language python %}}
+
+```python
+{{< example-program-snippet path="helm-kubernetes-part-one" language="python" from="1" to="47" >}}
+```
+
+{{% /choosable %}}
+
+{{% choosable language go %}}
+
+```go
+{{< example-program-snippet path="helm-kubernetes-part-one" language="go" from="1" to="66" >}}
+```
+
+{{% /choosable %}}
+
+{{% choosable language csharp %}}
+
+```csharp
+{{< example-program-snippet path="helm-kubernetes-part-one" language="csharp" from="1" to="59" >}}
+```
+
+{{% /choosable %}}
+
+{{% choosable language yaml %}}
+
+```yaml
+{{< example-program-snippet path="helm-kubernetes-part-one" language="yaml" from="1" to="53" >}}
+```
+
+{{% /choosable %}}
+
+## Deploying the Helm chart
+
+Now run the `pulumi up` command to preview and deploy the resources you’ve just defined in your project.
+
+```bash
+pulumi up
+Please choose a stack, or create a new one: dev
+Previewing update (dev)
+
+View in Browser (Ctrl+O): https://app.pulumi.com/dirien/helm/dev/previews/88cf6d4c-d4a4-401f-9b25-cedd50146545
+
+     Type                              Name               Plan
+ +   pulumi:pulumi:Stack               helm-dev           create
+ +   ├─ kubernetes:core/v1:Namespace   ingressns          create
+ +   └─ kubernetes:helm.sh/v3:Release  ingresscontroller  create
+
+Outputs:
+    name: "ingresscontroller-7e4b854f"
+
+Resources:
+    + 3 to create
+
+Do you want to perform this update? yes
+Updating (dev)
+
+View in Browser (Ctrl+O): https://app.pulumi.com/dirien/helm/dev/updates/1
+
+     Type                              Name               Status
+ +   pulumi:pulumi:Stack               helm-dev           created (15s)
+ +   ├─ kubernetes:core/v1:Namespace   ingressns          created (0.32s)
+ +   └─ kubernetes:helm.sh/v3:Release  ingresscontroller  created (7s)
+
+Outputs:
+    name: "ingresscontroller-b5455c41"
+
+Resources:
+    + 3 created
+
+Duration: 17s
+```
+
+After the deployment is complete, you can check the resources in your Kubernetes cluster.
+
+```bash
+kubectl get all -n nginx-ingress
+```
+
+And you should see the resources that were created by the Helm chart.
+
+```bash
+NAME                                                            READY   STATUS    RESTARTS   AGE
+pod/ingresscontroller-b5455c41-nginx-ingress-5987c7bd56-57bph   1/1     Running   0          104s
+
+NAME                                               TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                      AGE
+service/ingresscontroller-b5455c41-nginx-ingress   LoadBalancer   10.103.162.34   localhost     80:30725/TCP,443:31959/TCP   105s
+
+NAME                                                       READY   UP-TO-DATE   AVAILABLE   AGE
+deployment.apps/ingresscontroller-b5455c41-nginx-ingress   1/1     1            1           104s
+
+NAME                                                                  DESIRED   CURRENT   READY   AGE
+replicaset.apps/ingresscontroller-b5455c41-nginx-ingress-5987c7bd56   1         1         1       104s
+```
+
+## Deploying a OCI Helm chart with Pulumi
+
+In the previous example, we deployed a Helm chart from a Helm repository. Helm supports also [OCI registries](https://helm.sh/blog/storing-charts-in-oci/) as a way to share Helm charts. The changes in the Pulumi program are minimal.
+
+```typescript
+// omitting the namespace creation for brevity
+const nodered = new k8s.helm.v3.Release("node-red", {
+    name: "node-red",
+    chart: "oci://ghcr.io/schwarzit/charts/node-red",
+    namespace: "node-red",
+    createNamespace: true,
+});
+```
+
+The `chart` property now points to the OCI registry where the Helm chart is stored and you add the `oci://` prefix to the chart URL. You can also drop the `repositoryOpts` property since it is not needed when you deploy a Helm chart from an OCI registry.
+
+## Housekeeping
+
+Before moving on, tear down the resources that are part of your stack to avoid incurring any charges.
+
+1. Run `pulumi destroy` to tear down all resources. You'll be prompted to make sure you really want to delete these resources. A destroy operation may take some time, since Pulumi waits for the resources to finish shutting down before it considers the destroy operation to be complete.
+2. To delete the stack itself, run `pulumi stack rm`. Note that this command deletes all deployment history from the Pulumi Service.
+
+## Next steps
+
+In this tutorial, you learned how to install Helm on Kubernetes using the Kubernetes provider from Pulumi and the `Release` resource.
+
+- Learn more about Pulumi and Kubernetes in the [Kubernetes documentation](/docs/iac/clouds/kubernetes/).
+- Learn more about the `Release` resource in the [Pulumi Kubernetes API documentation](/registry/packages/kubernetes/api-docs/helm/v3/release/).
+- Or give the tutorial about [Creating Resources on Kubernetes](/tutorials/creating-resources-kubernetes/) a try.

static/programs/helm-kubernetes-part-one-csharp/Program.cs

@@ -0,0 +1,58 @@
+using System.Collections.Generic;
+using Pulumi;
+using Kubernetes = Pulumi.Kubernetes;
+
+return await Deployment.RunAsync(() =>
+{
+    var config = new Config();
+    var k8sNamespace = config.Get("k8sNamespace") ?? "nginx-ingress";
+    var appLabels = new InputMap<string>
+    {
+        { "app", "nginx-ingress" },
+    };
+
+    var ingressns = new Kubernetes.Core.V1.Namespace("ingressns", new()
+    {
+        Metadata = new Kubernetes.Types.Inputs.Meta.V1.ObjectMetaArgs
+        {
+            Labels = appLabels,
+            Name = k8sNamespace,
+        },
+    });
+
+    var ingresscontroller = new Kubernetes.Helm.V3.Release("ingresscontroller", new()
+    {
+        Chart = "nginx-ingress",
+        Namespace = ingressns.Metadata.Apply(m => m.Name),
+        RepositoryOpts = new Kubernetes.Types.Inputs.Helm.V3.RepositoryOptsArgs
+        {
+            Repo = "https://helm.nginx.com/stable",
+        },
+        SkipCrds = true,
+        Values = new Dictionary<string, object>
+        {
+            ["controller"] = new Dictionary<string, object>
+            {
+                ["enableCustomResources"] = "false",
+                ["appprotect"] = new Dictionary<string, object>
+                {
+                    ["enable"] = "false"
+                },
+                ["appprotectdos"] = new Dictionary<string, object>
+                {
+                    ["enable"] = "false"
+                },
+                ["service"] = new Dictionary<string, object>
+                {
+                    ["extraLabels"] = appLabels
+                },
+            },
+        },
+        Version = "0.14.1",
+    });
+
+    return new Dictionary<string, object?>
+    {
+        ["name"] = ingresscontroller.Name,
+    };
+});

static/programs/helm-kubernetes-part-one-csharp/Pulumi.yaml

@@ -0,0 +1,7 @@
+name: helm-kubernetes-part-one-csharp
+description: Demo Code Part 1 of the Tutorial around Helm in Kubernetes
+runtime: dotnet
+config:
+  pulumi:tags:
+    value:
+      pulumi:template: helm-kubernetes-csharp

static/programs/helm-kubernetes-part-one-csharp/helm-kubernetes-part-one-csharp.csproj

@@ -0,0 +1,14 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+	<PropertyGroup>
+		<OutputType>Exe</OutputType>
+		<TargetFramework>net8.0</TargetFramework>
+		<Nullable>enable</Nullable>
+	</PropertyGroup>
+
+	<ItemGroup>
+		<PackageReference Include="Pulumi" Version="3.*" />
+		<PackageReference Include="Pulumi.Kubernetes" Version="4.*" />
+	</ItemGroup>
+
+</Project>

static/programs/helm-kubernetes-part-one-go/Pulumi.yaml

@@ -0,0 +1,7 @@
+name: helm-kubernetes-part-one-go
+description: Demo Code Part 1 of the Tutorial around Helm in Kubernetes
+runtime: go
+config:
+  pulumi:tags:
+    value:
+      pulumi:template: helm-kubernetes-go

static/programs/helm-kubernetes-part-one-go/go.mod

@@ -0,0 +1,93 @@
+module helm-kubernetes-part-one-go
+
+go 1.20
+
+require (
+	github.com/pulumi/pulumi-kubernetes/sdk/v4 v4.0.3
+	github.com/pulumi/pulumi/sdk/v3 v3.96.1
+)
+
+require (
+	dario.cat/mergo v1.0.0 // indirect
+	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/acomagu/bufpipe v1.0.4 // indirect
+	github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect
+	github.com/agext/levenshtein v1.2.3 // indirect
+	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/atotto/clipboard v0.1.4 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/blang/semver v3.5.1+incompatible // indirect
+	github.com/charmbracelet/bubbles v0.16.1 // indirect
+	github.com/charmbracelet/bubbletea v0.24.2 // indirect
+	github.com/charmbracelet/lipgloss v0.7.1 // indirect
+	github.com/cheggaaa/pb v1.0.29 // indirect
+	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect
+	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
+	github.com/djherbis/times v1.5.0 // indirect
+	github.com/emirpasic/gods v1.18.1 // indirect
+	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
+	github.com/go-git/go-billy/v5 v5.5.0 // indirect
+	github.com/go-git/go-git/v5 v5.9.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/glog v1.1.0 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/hcl/v2 v2.17.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/kevinburke/ssh_config v1.2.0 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/mattn/go-isatty v0.0.18 // indirect
+	github.com/mattn/go-localereader v0.0.1 // indirect
+	github.com/mattn/go-runewidth v0.0.14 // indirect
+	github.com/mitchellh/go-ps v1.0.0 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
+	github.com/muesli/ansi v0.0.0-20211018074035-2e021307bc4b // indirect
+	github.com/muesli/cancelreader v0.2.2 // indirect
+	github.com/muesli/reflow v0.3.0 // indirect
+	github.com/muesli/termenv v0.15.1 // indirect
+	github.com/opentracing/basictracer-go v1.1.0 // indirect
+	github.com/opentracing/opentracing-go v1.2.0 // indirect
+	github.com/pgavlin/fx v0.1.6 // indirect
+	github.com/pjbgf/sha1cd v0.3.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pkg/term v1.1.0 // indirect
+	github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect
+	github.com/pulumi/esc v0.5.6 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/rogpeppe/go-internal v1.11.0 // indirect
+	github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect
+	github.com/santhosh-tekuri/jsonschema/v5 v5.0.0 // indirect
+	github.com/sergi/go-diff v1.3.1 // indirect
+	github.com/skeema/knownhosts v1.2.0 // indirect
+	github.com/spf13/cast v1.4.1 // indirect
+	github.com/spf13/cobra v1.7.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/texttheater/golang-levenshtein v1.0.1 // indirect
+	github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 // indirect
+	github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect
+	github.com/uber/jaeger-lib v2.4.1+incompatible // indirect
+	github.com/xanzy/ssh-agent v0.3.3 // indirect
+	github.com/zclconf/go-cty v1.13.2 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
+	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
+	golang.org/x/mod v0.13.0 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/sync v0.4.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/term v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/tools v0.14.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130 // indirect
+	google.golang.org/grpc v1.57.1 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	lukechampine.com/frand v1.4.2 // indirect
+)