seeker815/cluster.ts

## cluster.ts
 import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as certmanager from "@pulumi/kubernetes-cert-manager";
import { gkeClusterName, clusterNodeCount ,primaryNodeCount, secondaryNodeCount, nodeMachineType, secondaryNodeMachineType, clusterPoolIdentity, clusterLocation, clusterNetwork, clusterMasterCIDR, clusterPodIPCIDR, clusterSvcIPCIDR, clusterExtNetwork1, clusterExtNetwork2,clusterExtNetwork3, neo4jHelmChart, neo4jReleaseName, neo4jHelmRepository, neo4jChartVersion, neo4jURI, apiNodeENV, apiMemLimits, apiImage, projectEnv, datadogAPIKey,  issuerName, neo4jStorage } from "./config";
import { createClusterNeo4J } from './neo4j_cluster';
import { NetworkPeering } from "@pulumi/gcp/compute";
import { local } from "@pulumi/command";
import { project } from "@pulumi/gcp/config";
import { CertManager } from "@pulumi/kubernetes-cert-manager";


// lookup existing service account
const objectViewer = pulumi.output(gcp.serviceaccount.getAccount({
    accountId: "object-viewer",
}));

// GKE cluster provisioning
const primary = new gcp.container.Cluster(gkeClusterName, {
    addonsConfig: {
      gcePersistentDiskCsiDriverConfig:{
          enabled: true,
      },
      dnsCacheConfig: {
          enabled: true,
      },
    },
    // placeholder for turning on autoscaling for node pools
    clusterAutoscaling: {

    },
    masterAuthorizedNetworksConfig: {
        cidrBlocks: [{
            cidrBlock: clusterExtNetwork1,
            }, {
            cidrBlock: clusterExtNetwork2,
            }, {
            cidrBlock: clusterExtNetwork3,
        }],
    },
    location: clusterLocation,
    removeDefaultNodePool: true,
    network: clusterNetwork,
    networkingMode: "VPC_NATIVE",


    initialNodeCount: clusterNodeCount,
    privateClusterConfig: {
        enablePrivateEndpoint: false,
        enablePrivateNodes: true,
        masterGlobalAccessConfig: {
              enabled: true,
        },
        masterIpv4CidrBlock: clusterMasterCIDR,
    },
    ipAllocationPolicy: {
      clusterIpv4CidrBlock: clusterPodIPCIDR,
      servicesIpv4CidrBlock: clusterSvcIPCIDR,
    },
    workloadIdentityConfig: {
        workloadPool:  clusterPoolIdentity,
    },

});

const primaryNodePool = new gcp.container.NodePool("primarynodes", {
    location: clusterLocation,
    cluster: primary.name,
    nodeCount: primaryNodeCount,

    nodeConfig: {
        machineType: nodeMachineType,
        serviceAccount: objectViewer.email,
        oauthScopes: [
            "https://www.googleapis.com/auth/cloud-platform",
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring"
          ],
        diskSizeGb: 30,
    },

});

const secondaryNodePool = new gcp.container.NodePool("secondarynodes", {
    location: clusterLocation,
    cluster: primary.name,
    nodeCount: secondaryNodeCount,
    nodeConfig: {
       machineType: secondaryNodeMachineType,
       serviceAccount: objectViewer.email,
       oauthScopes: [
           "https://www.googleapis.com/auth/cloud-platform",
           "https://www.googleapis.com/auth/devstorage.read_write",
           "https://www.googleapis.com/auth/compute",
           "https://www.googleapis.com/auth/logging.write",
           "https://www.googleapis.com/auth/monitoring",
           "https://www.googleapis.com/auth/service.management.readonly",
           "https://www.googleapis.com/auth/servicecontrol",
           "https://www.googleapis.com/auth/trace.append",
         ],
       diskSizeGb: 50,
   },
});

// Export the Cluster name
export const clusterName = primary.name;
export const clusterPrimaryNodePool = primaryNodePool.name;
//export const clusterSecondaryNodePool = secondaryNodePool.name;

export const kubeconfig = pulumi.
    all([ primary.name, primary.endpoint, primary.masterAuth ]).
    apply(([ name, endpoint, masterAuth ]) => {
        const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
        return `apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
contexts:
- context:
    cluster: ${context}
    user: ${context}
  name: ${context}
current-context: ${context}
kind: Config
preferences: {}
users:
- name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
`;
    });

// Create a Kubernetes provider instance that uses our cluster from above.
const clusterProvider = new k8s.Provider(gkeClusterName, {
    kubeconfig: kubeconfig,
});
	import * as k8s from "@pulumi/kubernetes";
	import * as pulumi from "@pulumi/pulumi";
	import * as gcp from "@pulumi/gcp";
	import * as certmanager from "@pulumi/kubernetes-cert-manager";
	import { gkeClusterName, clusterNodeCount ,primaryNodeCount, secondaryNodeCount, nodeMachineType, secondaryNodeMachineType, clusterPoolIdentity, clusterLocation, clusterNetwork, clusterMasterCIDR, clusterPodIPCIDR, clusterSvcIPCIDR, clusterExtNetwork1, clusterExtNetwork2,clusterExtNetwork3, neo4jHelmChart, neo4jReleaseName, neo4jHelmRepository, neo4jChartVersion, neo4jURI, apiNodeENV, apiMemLimits, apiImage, projectEnv, datadogAPIKey, issuerName, neo4jStorage } from "./config";
	import { createClusterNeo4J } from './neo4j_cluster';
	import { NetworkPeering } from "@pulumi/gcp/compute";
	import { local } from "@pulumi/command";
	import { project } from "@pulumi/gcp/config";
	import { CertManager } from "@pulumi/kubernetes-cert-manager";


	// lookup existing service account
	const objectViewer = pulumi.output(gcp.serviceaccount.getAccount({
	accountId: "object-viewer",
	}));

	// GKE cluster provisioning
	const primary = new gcp.container.Cluster(gkeClusterName, {
	addonsConfig: {
	gcePersistentDiskCsiDriverConfig:{
	enabled: true,
	},
	dnsCacheConfig: {
	enabled: true,
	},
	},
	// placeholder for turning on autoscaling for node pools
	clusterAutoscaling: {

	},
	masterAuthorizedNetworksConfig: {
	cidrBlocks: [{
	cidrBlock: clusterExtNetwork1,
	}, {
	cidrBlock: clusterExtNetwork2,
	}, {
	cidrBlock: clusterExtNetwork3,
	}],
	},
	location: clusterLocation,
	removeDefaultNodePool: true,
	network: clusterNetwork,
	networkingMode: "VPC_NATIVE",


	initialNodeCount: clusterNodeCount,
	privateClusterConfig: {
	enablePrivateEndpoint: false,
	enablePrivateNodes: true,
	masterGlobalAccessConfig: {
	enabled: true,
	},
	masterIpv4CidrBlock: clusterMasterCIDR,
	},
	ipAllocationPolicy: {
	clusterIpv4CidrBlock: clusterPodIPCIDR,
	servicesIpv4CidrBlock: clusterSvcIPCIDR,
	},
	workloadIdentityConfig: {
	workloadPool: clusterPoolIdentity,
	},

	});

	const primaryNodePool = new gcp.container.NodePool("primarynodes", {
	location: clusterLocation,
	cluster: primary.name,
	nodeCount: primaryNodeCount,

	nodeConfig: {
	machineType: nodeMachineType,
	serviceAccount: objectViewer.email,
	oauthScopes: [
	"https://www.googleapis.com/auth/cloud-platform",
	"https://www.googleapis.com/auth/compute",
	"https://www.googleapis.com/auth/devstorage.read_only",
	"https://www.googleapis.com/auth/logging.write",
	"https://www.googleapis.com/auth/monitoring"
	],
	diskSizeGb: 30,
	},

	});

	const secondaryNodePool = new gcp.container.NodePool("secondarynodes", {
	location: clusterLocation,
	cluster: primary.name,
	nodeCount: secondaryNodeCount,
	nodeConfig: {
	machineType: secondaryNodeMachineType,
	serviceAccount: objectViewer.email,
	oauthScopes: [
	"https://www.googleapis.com/auth/cloud-platform",
	"https://www.googleapis.com/auth/devstorage.read_write",
	"https://www.googleapis.com/auth/compute",
	"https://www.googleapis.com/auth/logging.write",
	"https://www.googleapis.com/auth/monitoring",
	"https://www.googleapis.com/auth/service.management.readonly",
	"https://www.googleapis.com/auth/servicecontrol",
	"https://www.googleapis.com/auth/trace.append",
	],
	diskSizeGb: 50,
	},
	});

	// Export the Cluster name
	export const clusterName = primary.name;
	export const clusterPrimaryNodePool = primaryNodePool.name;
	//export const clusterSecondaryNodePool = secondaryNodePool.name;

	export const kubeconfig = pulumi.
	all([ primary.name, primary.endpoint, primary.masterAuth ]).
	apply(([ name, endpoint, masterAuth ]) => {
	const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
	return `apiVersion: v1
	clusters:
	- cluster:
	certificate-authority-data: ${masterAuth.clusterCaCertificate}
	server: https://${endpoint}
	name: ${context}
	contexts:
	- context:
	cluster: ${context}
	user: ${context}
	name: ${context}
	current-context: ${context}
	kind: Config
	preferences: {}
	users:
	- name: ${context}
	user:
	auth-provider:
	config:
	cmd-args: config config-helper --format=json
	cmd-path: gcloud
	expiry-key: '{.credential.token_expiry}'
	token-key: '{.credential.access_token}'
	name: gcp
	`;
	});

	// Create a Kubernetes provider instance that uses our cluster from above.
	const clusterProvider = new k8s.Provider(gkeClusterName, {
	kubeconfig: kubeconfig,
	});