seeker815 · January 22, 2023 18:53
diff --git a/cluster.ts b/cluster.ts
 import * as k8s from "@pulumi/kubernetes";
 import * as pulumi from "@pulumi/pulumi";
 import * as gcp from "@pulumi/gcp";
 import * as certmanager from "@pulumi/kubernetes-cert-manager";
 import { gkeClusterName, clusterNodeCount ,primaryNodeCount, secondaryNodeCount, nodeMachineType, secondaryNodeMachineType, clusterPoolIdentity, clusterLocation, clusterNetwork, clusterMasterCIDR, clusterPodIPCIDR, clusterSvcIPCIDR, clusterExtNetwork1, clusterExtNetwork2,clusterExtNetwork3, neo4jHelmChart, neo4jReleaseName, neo4jHelmRepository, neo4jChartVersion, neo4jURI, apiNodeENV, apiMemLimits, apiImage, projectEnv, datadogAPIKey,  issuerName, neo4jStorage } from "./config";
 import { createClusterNeo4J } from './neo4j_cluster';
 import { NetworkPeering } from "@pulumi/gcp/compute";
 import { local } from "@pulumi/command";
 import { project } from "@pulumi/gcp/config";
 import { CertManager } from "@pulumi/kubernetes-cert-manager";


 // lookup existing service account
 const objectViewer = pulumi.output(gcp.serviceaccount.getAccount({
    accountId: "object-viewer",
 }));

 // GKE cluster provisioning
 const primary = new gcp.container.Cluster(gkeClusterName, {
    addonsConfig: {
      gcePersistentDiskCsiDriverConfig:{
          enabled: true,
      },
      dnsCacheConfig: {
          enabled: true,
      },
    },
    // placeholder for turning on autoscaling for node pools
    clusterAutoscaling: {

    },
    masterAuthorizedNetworksConfig: {
        cidrBlocks: [{
            cidrBlock: clusterExtNetwork1,
            }, {
            cidrBlock: clusterExtNetwork2,
            }, {
            cidrBlock: clusterExtNetwork3,
        }],
    },
    location: clusterLocation,
    removeDefaultNodePool: true,
    network: clusterNetwork,
    networkingMode: "VPC_NATIVE",

    
    initialNodeCount: clusterNodeCount,
    privateClusterConfig: {
        enablePrivateEndpoint: false,
        enablePrivateNodes: true,
        masterGlobalAccessConfig: {
              enabled: true,
        },
        masterIpv4CidrBlock: clusterMasterCIDR,
    },
    ipAllocationPolicy: {
      clusterIpv4CidrBlock: clusterPodIPCIDR,
      servicesIpv4CidrBlock: clusterSvcIPCIDR,
    },
    workloadIdentityConfig: {
        workloadPool:  clusterPoolIdentity,
    }, 

 });

 const primaryNodePool = new gcp.container.NodePool("primarynodes", {
    location: clusterLocation,
    cluster: primary.name,
    nodeCount: primaryNodeCount,
    
    nodeConfig: {
        machineType: nodeMachineType,
        serviceAccount: objectViewer.email,
        oauthScopes: [
            "https://www.googleapis.com/auth/cloud-platform",
            "https://www.googleapis.com/auth/compute",
            "https://www.googleapis.com/auth/devstorage.read_only",
            "https://www.googleapis.com/auth/logging.write",
            "https://www.googleapis.com/auth/monitoring"
          ],
        diskSizeGb: 30,
    },
    
 });

 const secondaryNodePool = new gcp.container.NodePool("secondarynodes", {
    location: clusterLocation,
    cluster: primary.name,
    nodeCount: secondaryNodeCount,
    nodeConfig: {
       machineType: secondaryNodeMachineType,
       serviceAccount: objectViewer.email,
       oauthScopes: [
           "https://www.googleapis.com/auth/cloud-platform",
           "https://www.googleapis.com/auth/devstorage.read_write",
           "https://www.googleapis.com/auth/compute",
           "https://www.googleapis.com/auth/logging.write",
           "https://www.googleapis.com/auth/monitoring",
           "https://www.googleapis.com/auth/service.management.readonly",
           "https://www.googleapis.com/auth/servicecontrol",
           "https://www.googleapis.com/auth/trace.append",
         ],
       diskSizeGb: 50,
   }, 
 });

 // Export the Cluster name
 export const clusterName = primary.name;
 export const clusterPrimaryNodePool = primaryNodePool.name;
 //export const clusterSecondaryNodePool = secondaryNodePool.name;

 export const kubeconfig = pulumi.
    all([ primary.name, primary.endpoint, primary.masterAuth ]).
    apply(([ name, endpoint, masterAuth ]) => {
        const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
        return `apiVersion: v1
 clusters:
 - cluster:
    certificate-authority-data: ${masterAuth.clusterCaCertificate}
    server: https://${endpoint}
  name: ${context}
 contexts:
 - context:
    cluster: ${context}
    user: ${context}
  name: ${context}
 current-context: ${context}
 kind: Config
 preferences: {}
 users:
 - name: ${context}
  user:
    auth-provider:
      config:
        cmd-args: config config-helper --format=json
        cmd-path: gcloud
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp
 `;
    });

 // Create a Kubernetes provider instance that uses our cluster from above.
 const clusterProvider = new k8s.Provider(gkeClusterName, {
    kubeconfig: kubeconfig,
 });
	import * as k8s from "@pulumi/kubernetes";
	import * as pulumi from "@pulumi/pulumi";
	import * as gcp from "@pulumi/gcp";
	import * as certmanager from "@pulumi/kubernetes-cert-manager";
	import { gkeClusterName, clusterNodeCount ,primaryNodeCount, secondaryNodeCount, nodeMachineType, secondaryNodeMachineType, clusterPoolIdentity, clusterLocation, clusterNetwork, clusterMasterCIDR, clusterPodIPCIDR, clusterSvcIPCIDR, clusterExtNetwork1, clusterExtNetwork2,clusterExtNetwork3, neo4jHelmChart, neo4jReleaseName, neo4jHelmRepository, neo4jChartVersion, neo4jURI, apiNodeENV, apiMemLimits, apiImage, projectEnv, datadogAPIKey, issuerName, neo4jStorage } from "./config";
	import { createClusterNeo4J } from './neo4j_cluster';
	import { NetworkPeering } from "@pulumi/gcp/compute";
	import { local } from "@pulumi/command";
	import { project } from "@pulumi/gcp/config";
	import { CertManager } from "@pulumi/kubernetes-cert-manager";


	// lookup existing service account
	const objectViewer = pulumi.output(gcp.serviceaccount.getAccount({
	accountId: "object-viewer",
	}));

	// GKE cluster provisioning
	const primary = new gcp.container.Cluster(gkeClusterName, {
	addonsConfig: {
	gcePersistentDiskCsiDriverConfig:{
	enabled: true,
	},
	dnsCacheConfig: {
	enabled: true,
	},
	},
	// placeholder for turning on autoscaling for node pools
	clusterAutoscaling: {

	},
	masterAuthorizedNetworksConfig: {
	cidrBlocks: [{
	cidrBlock: clusterExtNetwork1,
	}, {
	cidrBlock: clusterExtNetwork2,
	}, {
	cidrBlock: clusterExtNetwork3,
	}],
	},
	location: clusterLocation,
	removeDefaultNodePool: true,
	network: clusterNetwork,
	networkingMode: "VPC_NATIVE",


	initialNodeCount: clusterNodeCount,
	privateClusterConfig: {
	enablePrivateEndpoint: false,
	enablePrivateNodes: true,
	masterGlobalAccessConfig: {
	enabled: true,
	},
	masterIpv4CidrBlock: clusterMasterCIDR,
	},
	ipAllocationPolicy: {
	clusterIpv4CidrBlock: clusterPodIPCIDR,
	servicesIpv4CidrBlock: clusterSvcIPCIDR,
	},
	workloadIdentityConfig: {
	workloadPool: clusterPoolIdentity,
	},

	});

	const primaryNodePool = new gcp.container.NodePool("primarynodes", {
	location: clusterLocation,
	cluster: primary.name,
	nodeCount: primaryNodeCount,

	nodeConfig: {
	machineType: nodeMachineType,
	serviceAccount: objectViewer.email,
	oauthScopes: [
	"https://www.googleapis.com/auth/cloud-platform",
	"https://www.googleapis.com/auth/compute",
	"https://www.googleapis.com/auth/devstorage.read_only",
	"https://www.googleapis.com/auth/logging.write",
	"https://www.googleapis.com/auth/monitoring"
	],
	diskSizeGb: 30,
	},

	});

	const secondaryNodePool = new gcp.container.NodePool("secondarynodes", {
	location: clusterLocation,
	cluster: primary.name,
	nodeCount: secondaryNodeCount,
	nodeConfig: {
	machineType: secondaryNodeMachineType,
	serviceAccount: objectViewer.email,
	oauthScopes: [
	"https://www.googleapis.com/auth/cloud-platform",
	"https://www.googleapis.com/auth/devstorage.read_write",
	"https://www.googleapis.com/auth/compute",
	"https://www.googleapis.com/auth/logging.write",
	"https://www.googleapis.com/auth/monitoring",
	"https://www.googleapis.com/auth/service.management.readonly",
	"https://www.googleapis.com/auth/servicecontrol",
	"https://www.googleapis.com/auth/trace.append",
	],
	diskSizeGb: 50,
	},
	});

	// Export the Cluster name
	export const clusterName = primary.name;
	export const clusterPrimaryNodePool = primaryNodePool.name;
	//export const clusterSecondaryNodePool = secondaryNodePool.name;

	export const kubeconfig = pulumi.
	all([ primary.name, primary.endpoint, primary.masterAuth ]).
	apply(([ name, endpoint, masterAuth ]) => {
	const context = `${gcp.config.project}_${gcp.config.zone}_${name}`;
	return `apiVersion: v1
	clusters:
	- cluster:
	certificate-authority-data: ${masterAuth.clusterCaCertificate}
	server: https://${endpoint}
	name: ${context}
	contexts:
	- context:
	cluster: ${context}
	user: ${context}
	name: ${context}
	current-context: ${context}
	kind: Config
	preferences: {}
	users:
	- name: ${context}
	user:
	auth-provider:
	config:
	cmd-args: config config-helper --format=json
	cmd-path: gcloud
	expiry-key: '{.credential.token_expiry}'
	token-key: '{.credential.access_token}'
	name: gcp
	`;
	});

	// Create a Kubernetes provider instance that uses our cluster from above.
	const clusterProvider = new k8s.Provider(gkeClusterName, {
	kubeconfig: kubeconfig,
	});