lblackstone/gke.ts Secret

## gke.ts
// Copyright 2016-2019, Pulumi Corporation.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";
import * as random from "@pulumi/random";

export class GkeCluster extends pulumi.ComponentResource {
    public cluster: gcp.container.Cluster;
    public provider: k8s.Provider;

    constructor(name: string,
                opts: pulumi.ComponentResourceOptions = {}) {
        super("examples:kubernetes-ts-multicloud:GkeCluster", name, {}, opts);

        // Find the latest engine version.
        const engineVersion = gcp.container.getEngineVersions().then(v => v.latestMasterVersion);

        // Generate a strong password for the Kubernetes cluster.
        const password = new random.RandomString("password", {
            length: 20,
            special: true
        }, {parent: this, additionalSecretOutputs: ["result"]}).result;

        // Create the GKE cluster.
        const k8sCluster = new gcp.container.Cluster("cluster", {
            initialNodeCount: 2,
            nodeVersion: engineVersion,
            minMasterVersion: engineVersion,
            masterAuth: {username: "example-user", password: password},
            nodeConfig: {
                machineType: "n1-standard-1",
                oauthScopes: [
                    "https://www.googleapis.com/auth/compute",
                    "https://www.googleapis.com/auth/devstorage.read_only",
                    "https://www.googleapis.com/auth/logging.write",
                    "https://www.googleapis.com/auth/monitoring"
                ],
            },
        }, {parent: this});
        this.cluster = k8sCluster;

        // Manufacture a GKE-style Kubeconfig. Note that this is slightly "different" because of the way GKE requires
        // gcloud to be in the picture for cluster authentication (rather than using the client cert/key directly).
        const k8sConfig = pulumi.all([k8sCluster.name, k8sCluster.endpoint, k8sCluster.masterAuth]).apply(
            ([name, endpoint, auth]) => {
            const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
            return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${auth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
        });

        // Export a Kubernetes provider instance that uses our cluster from above.
        this.provider = new k8s.Provider("gke", {kubeconfig: k8sConfig}, {parent: this});
    }
}

## guestbook.yaml
apiVersion: v1
kind: Service
metadata:
  name: redis-master
  labels:
    app: redis
    tier: backend
    role: master
spec:
  ports:
    - port: 6379
      targetPort: 6379
  selector:
    app: redis
    tier: backend
    role: master
---
apiVersion: apps/v1 #  for k8s versions before 1.9.0 use apps/v1beta2  and before 1.8.0 use extensions/v1beta1
kind: Deployment
metadata:
  name: redis-master
spec:
  selector:
    matchLabels:
      app: redis
      role: master
      tier: backend
  replicas: 1
  template:
    metadata:
      labels:
        app: redis
        role: master
        tier: backend
    spec:
      containers:
        - name: master
          image: k8s.gcr.io/redis:e2e  # or just image: redis
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
          ports:
            - containerPort: 6379
---
apiVersion: v1
kind: Service
metadata:
  name: redis-slave
  labels:
    app: redis
    tier: backend
    role: slave
spec:
  ports:
    - port: 6379
  selector:
    app: redis
    tier: backend
    role: slave
---
apiVersion: apps/v1 #  for k8s versions before 1.9.0 use apps/v1beta2  and before 1.8.0 use extensions/v1beta1
kind: Deployment
metadata:
  name: redis-slave
spec:
  selector:
    matchLabels:
      app: redis
      role: slave
      tier: backend
  replicas: 2
  template:
    metadata:
      labels:
        app: redis
        role: slave
        tier: backend
    spec:
      containers:
        - name: slave
          image: gcr.io/google_samples/gb-redisslave:v1
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
          env:
            - name: GET_HOSTS_FROM
              value: dns
              # If your cluster config does not include a dns service, then to
              # instead access an environment variable to find the master
              # service's host, comment out the 'value: dns' line above, and
              # uncomment the line below:
              # value: env
          ports:
            - containerPort: 6379
---
apiVersion: v1
kind: Service
metadata:
  name: frontend
  labels:
    app: guestbook
    tier: frontend
spec:
  # if your cluster supports it, uncomment the following to automatically create
  # an external load-balanced IP for the frontend service.
  # type: LoadBalancer
  ports:
    - port: 80
  selector:
    app: guestbook
    tier: frontend
---
apiVersion: apps/v1 #  for k8s versions before 1.9.0 use apps/v1beta2  and before 1.8.0 use extensions/v1beta1
kind: Deployment
metadata:
  name: frontend
spec:
  selector:
    matchLabels:
      app: guestbook
      tier: frontend
  replicas: 2
  template:
    metadata:
      labels:
        app: guestbook
        tier: frontend
    spec:
      containers:
        - name: php-redis
          image: gcr.io/google-samples/gb-frontend:v4
          resources:
            requests:
              cpu: 100m
              memory: 100Mi
          env:
            - name: GET_HOSTS_FROM
              value: dns
              # If your cluster config does not include a dns service, then to
              # instead access environment variables to find service host
              # info, comment out the 'value: dns' line above, and uncomment the
              # line below:
              # value: env
          ports:
            - containerPort: 80

## index.ts
import * as k8s from "@pulumi/kubernetes";
import {GkeCluster} from "./gke";

const gkeCluster = new GkeCluster("gke");

export class TestComponentResource extends pulumi.ComponentResource {
    constructor(name: string,
                opts: pulumi.ComponentResourceOptions = {}) {
        super("test:kubernetes-ts:TestComponentResource", name, {}, opts);

        new k8s.yaml.ConfigFile("guestbook",
            {file: "guestbook.yaml"}, {parent: this}
        );
    }
}

new TestComponentResource("test", {provider: gkeCluster.provider});

//new k8s.yaml.ConfigFile("guestbook",
//    {
//        file: "guestbook.yaml",
//    }, {provider: gkeCluster.provider}
//);
	// Copyright 2016-2019, Pulumi Corporation.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	import * as gcp from "@pulumi/gcp";
	import * as k8s from "@pulumi/kubernetes";
	import * as pulumi from "@pulumi/pulumi";
	import * as random from "@pulumi/random";

	export class GkeCluster extends pulumi.ComponentResource {
	public cluster: gcp.container.Cluster;
	public provider: k8s.Provider;

	constructor(name: string,
	opts: pulumi.ComponentResourceOptions = {}) {
	super("examples:kubernetes-ts-multicloud:GkeCluster", name, {}, opts);

	// Find the latest engine version.
	const engineVersion = gcp.container.getEngineVersions().then(v => v.latestMasterVersion);

	// Generate a strong password for the Kubernetes cluster.
	const password = new random.RandomString("password", {
	length: 20,
	special: true
	}, {parent: this, additionalSecretOutputs: ["result"]}).result;

	// Create the GKE cluster.
	const k8sCluster = new gcp.container.Cluster("cluster", {
	initialNodeCount: 2,
	nodeVersion: engineVersion,
	minMasterVersion: engineVersion,
	masterAuth: {username: "example-user", password: password},
	nodeConfig: {
	machineType: "n1-standard-1",
	oauthScopes: [
	"https://www.googleapis.com/auth/compute",
	"https://www.googleapis.com/auth/devstorage.read_only",
	"https://www.googleapis.com/auth/logging.write",
	"https://www.googleapis.com/auth/monitoring"
	],
	},
	}, {parent: this});
	this.cluster = k8sCluster;

	// Manufacture a GKE-style Kubeconfig. Note that this is slightly "different" because of the way GKE requires
	// gcloud to be in the picture for cluster authentication (rather than using the client cert/key directly).
	const k8sConfig = pulumi.all([k8sCluster.name, k8sCluster.endpoint, k8sCluster.masterAuth]).apply(
	([name, endpoint, auth]) => {
	const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
	return `apiVersion: v1
	clusters:
	- cluster:
	certificate-authority-data: ${auth.clusterCaCertificate}
	server: https://${endpoint}
	name: ${context}
	contexts:
	- context:
	cluster: ${context}
	user: ${context}
	name: ${context}
	current-context: ${context}
	kind: Config
	preferences: {}
	users:
	- name: ${context}
	user:
	auth-provider:
	config:
	cmd-args: config config-helper --format=json
	cmd-path: gcloud
	expiry-key: '{.credential.token_expiry}'
	token-key: '{.credential.access_token}'
	name: gcp
	`;
	});

	// Export a Kubernetes provider instance that uses our cluster from above.
	this.provider = new k8s.Provider("gke", {kubeconfig: k8sConfig}, {parent: this});
	}
	}
	apiVersion: v1
	kind: Service
	metadata:
	name: redis-master
	labels:
	app: redis
	tier: backend
	role: master
	spec:
	ports:
	- port: 6379
	targetPort: 6379
	selector:
	app: redis
	tier: backend
	role: master
	---
	apiVersion: apps/v1 # for k8s versions before 1.9.0 use apps/v1beta2 and before 1.8.0 use extensions/v1beta1
	kind: Deployment
	metadata:
	name: redis-master
	spec:
	selector:
	matchLabels:
	app: redis
	role: master
	tier: backend
	replicas: 1
	template:
	metadata:
	labels:
	app: redis
	role: master
	tier: backend
	spec:
	containers:
	- name: master
	image: k8s.gcr.io/redis:e2e # or just image: redis
	resources:
	requests:
	cpu: 100m
	memory: 100Mi
	ports:
	- containerPort: 6379
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: redis-slave
	labels:
	app: redis
	tier: backend
	role: slave
	spec:
	ports:
	- port: 6379
	selector:
	app: redis
	tier: backend
	role: slave
	---
	apiVersion: apps/v1 # for k8s versions before 1.9.0 use apps/v1beta2 and before 1.8.0 use extensions/v1beta1
	kind: Deployment
	metadata:
	name: redis-slave
	spec:
	selector:
	matchLabels:
	app: redis
	role: slave
	tier: backend
	replicas: 2
	template:
	metadata:
	labels:
	app: redis
	role: slave
	tier: backend
	spec:
	containers:
	- name: slave
	image: gcr.io/google_samples/gb-redisslave:v1
	resources:
	requests:
	cpu: 100m
	memory: 100Mi
	env:
	- name: GET_HOSTS_FROM
	value: dns
	# If your cluster config does not include a dns service, then to
	# instead access an environment variable to find the master
	# service's host, comment out the 'value: dns' line above, and
	# uncomment the line below:
	# value: env
	ports:
	- containerPort: 6379
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: frontend
	labels:
	app: guestbook
	tier: frontend
	spec:
	# if your cluster supports it, uncomment the following to automatically create
	# an external load-balanced IP for the frontend service.
	# type: LoadBalancer
	ports:
	- port: 80
	selector:
	app: guestbook
	tier: frontend
	---
	apiVersion: apps/v1 # for k8s versions before 1.9.0 use apps/v1beta2 and before 1.8.0 use extensions/v1beta1
	kind: Deployment
	metadata:
	name: frontend
	spec:
	selector:
	matchLabels:
	app: guestbook
	tier: frontend
	replicas: 2
	template:
	metadata:
	labels:
	app: guestbook
	tier: frontend
	spec:
	containers:
	- name: php-redis
	image: gcr.io/google-samples/gb-frontend:v4
	resources:
	requests:
	cpu: 100m
	memory: 100Mi
	env:
	- name: GET_HOSTS_FROM
	value: dns
	# If your cluster config does not include a dns service, then to
	# instead access environment variables to find service host
	# info, comment out the 'value: dns' line above, and uncomment the
	# line below:
	# value: env
	ports:
	- containerPort: 80
	import * as k8s from "@pulumi/kubernetes";
	import {GkeCluster} from "./gke";

	const gkeCluster = new GkeCluster("gke");

	export class TestComponentResource extends pulumi.ComponentResource {
	constructor(name: string,
	opts: pulumi.ComponentResourceOptions = {}) {
	super("test:kubernetes-ts:TestComponentResource", name, {}, opts);

	new k8s.yaml.ConfigFile("guestbook",
	{file: "guestbook.yaml"}, {parent: this}
	);
	}
	}

	new TestComponentResource("test", {provider: gkeCluster.provider});

	//new k8s.yaml.ConfigFile("guestbook",
	// {
	// file: "guestbook.yaml",
	// }, {provider: gkeCluster.provider}
	//);