Add a Python version of our GKE example (#272)

Author: joeduffy

gcp-py-gke/.gitignore

@@ -0,0 +1 @@
+/bin/

gcp-py-gke/Pulumi.yaml

@@ -0,0 +1,3 @@
+name: gcp-py-gke
+description: A Google Kubernetes Engine (GKE) cluster, with canary deployment
+runtime: python

gcp-py-gke/README.md

@@ -0,0 +1,99 @@
+[![Deploy](https://get.pulumi.com/new/button.svg)](https://app.pulumi.com/new)
+
+# Google Kubernetes Engine (GKE) with a Canary Deployment
+
+This example provisions a [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine/) cluster, using
+infrastructure-as-code, and then deploys a Kubernetes Deployment into it, to test that the cluster is working. This
+demonstrates that you can manage both the Kubernetes objects themselves, in addition to underlying cloud infrastructure,
+using a single configuration language (in this case, Python), tool, and workflow.
+
+# Prerequisites
+
+Ensure you have [Python 3](https://www.python.org/downloads/) and [the Pulumi CLI](https://pulumi.io/install).
+
+We will be deploying to Google Cloud Platform (GCP), so you will need an account. If you don't have an account,
+[sign up for free here](https://cloud.google.com/free/). In either case,
+[follow the instructions here](https://pulumi.io/quickstart/gcp/setup.html) to connect Pulumi to your GCP account.
+
+This example assumes that you have GCP's `gcloud` CLI on your path. This is installed as part of the
+[GCP SDK](https://cloud.google.com/sdk/).
+
+# Running the Example
+
+After cloning this repo, `cd` into it and run these commands. A GKE Kubernetes cluster will appear!
+
+1. Create a new stack, which is an isolated deployment target for this example:
+
+    ```bash
+    $ pulumi stack init dev
+    ```
+
+2. Set the required configuration variables for this program:
+
+    ```bash
+    $ pulumi config set gcp:project [your-gcp-project-here]
+    $ pulumi config set gcp:zone us-west1-a # any valid GCP zone here
+    $ pulumi config set password --secret [your-cluster-password-here]
+    ```
+
+   By default, your cluster will have 3 nodes of type `n1-standard-1`. This is configurable, however; for instance
+   if we'd like to choose 5 nodes of type `n1-standard-2` instead, we can run these commands:
+
+   ```bash
+   $ pulumi config set node_count 5
+   $ pulumi config set node_machine_type n1-standard-2
+   ```
+
+   This shows how stacks can be configurable in useful ways. You can even change these after provisioning.
+
+3. Deploy everything with the `pulumi up` command. This provisions all the GCP resources necessary, including
+   your GKE cluster itself, and then deploys a Kubernetes Deployment running nginx, all in a single gesture:
+
+    ```bash
+    $ pulumi up
+    ```
+
+   This will show you a preview, ask for confirmation, and then chug away at provisioning your cluster:
+
+    ```
+    Updating stack 'gcp-ts-gke-dev'
+    Performing changes:
+
+         Type                            Name          Plan
+     +   pulumi:pulumi:Stack             gcp-py-dev    create
+     +   ├─ gcp:container:Cluster        gke-cluster   create
+     +   ├─ pulumi:providers:kubernetes  gkeK8s        create
+     +   └─ kubernetes:apps:Deployment   canary        create
+
+        ---outputs:---
+        kubeConfig: "apiVersion: v1\n..."
+
+    info: 4 changes updated:
+        + 4 resources created
+    Update duration: 2m07.424737735s
+    ```
+
+   After about two minutes, your cluster will be ready, and its config will be printed.
+
+4. From here, you may take this config and use it either in your `~/.kube/config` file, or just by saving it
+   locally and plugging it into the `KUBECONFIG` envvar. All of your usual `gcloud` commands will work too, of course.
+
+   For instance:
+
+   ```bash
+   $ pulumi stack output kubeconfig > kubeconfig.yaml
+   $ KUBECONFIG=./kubeconfig.yaml kubectl get po
+   NAME                              READY     STATUS    RESTARTS   AGE
+   canary-n7wfhtrp-fdbfd897b-lrm58   1/1       Running   0          58s
+   ```
+
+5. At this point, you have a running cluster. Feel free to modify your program, and run `pulumi up` to redeploy changes.
+   The Pulumi CLI automatically detects what has changed and makes the minimal edits necessary to accomplish these
+   changes. This could be altering the existing chart, adding new GCP or Kubernetes resources, or anything, really.
+
+6. Once you are done, you can destroy all of the resources, and the stack:
+
+    ```bash
+    $ pulumi destroy
+    $ pulumi stack rm
+    ```

gcp-py-gke/__main__.py

@@ -0,0 +1,84 @@
+from pulumi import Config, export, get_project, get_stack, Output, ResourceOptions
+from pulumi_gcp.config import project, zone
+from pulumi_gcp.container import Cluster
+from pulumi_kubernetes import Provider
+from pulumi_kubernetes.apps.v1 import Deployment
+
+# Read in some configurable settings for our cluster:
+config = Config(None)
+
+# nodeCount is the number of cluster nodes to provision. Defaults to 3 if unspecified.
+NODE_COUNT = config.get('node_count') or 3
+# nodeMachineType is the machine type to use for cluster nodes. Defaults to n1-standard-1 if unspecified.
+# See https://cloud.google.com/compute/docs/machine-types for more details on available machine types.
+NODE_MACHINE_TYPE = config.get('node_machine_type') or 'n1-standard-1'
+# username is the admin username for the cluster.
+USERNAME = config.get('username') or 'admin'
+# password is the password for the admin user in the cluster.
+PASSWORD = config.require('password')
+
+# Now, actually create the GKE cluster.
+k8s_cluster = Cluster('gke-cluster',
+    initial_node_count=NODE_COUNT,
+    node_version='latest',
+    min_master_version='latest',
+    master_auth={ 'username': USERNAME, 'password': PASSWORD },
+    node_config={
+        'machine_type': NODE_MACHINE_TYPE,
+        'oauth_scopes': [
+            'https://www.googleapis.com/auth/compute',
+            'https://www.googleapis.com/auth/devstorage.read_only',
+            'https://www.googleapis.com/auth/logging.write',
+            'https://www.googleapis.com/auth/monitoring'
+        ],
+    },
+)
+
+# Manufacture a GKE-style Kubeconfig. Note that this is slightly "different" because of the way GKE requires
+# gcloud to be in the picture for cluster authentication (rather than using the client cert/key directly).
+k8s_info = Output.all(k8s_cluster.name, k8s_cluster.endpoint, k8s_cluster.master_auth)
+k8s_config = k8s_info.apply(
+    lambda info: """apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: {0}
+    server: https://{1}
+  name: {2}
+contexts:
+- context:
+    cluster: {2}
+    user: {2}
+  name: {2}
+current-context: {2}
+kind: Config
+preferences: {{}}
+users:
+- name: {2}
+  user:
+    auth-provider:
+      config:
+        cmd-args: config config-helper --format=json
+        cmd-path: gcloud
+        expiry-key: '{{.credential.token_expiry}}'
+        token-key: '{{.credential.access_token}}'
+      name: gcp
+""".format(info[2]['clusterCaCertificate'], info[1], '{0}_{1}_{2}'.format(project, zone, info[0])))
+
+# Make a Kubernetes provider instance that uses our cluster from above.
+k8s_provider = Provider('gke_k8s', kubeconfig=k8s_config)
+
+# Create a canary deployment to test that this cluster works.
+labels = { 'app': 'canary-{0}-{1}'.format(get_project(), get_stack()) }
+canary = Deployment('canary',
+    spec={
+        'selector': { 'matchLabels': labels },
+        'replicas': 1,
+        'template': {
+            'metadata': { 'labels': labels },
+            'spec': { 'containers': [{ 'name': 'nginx', 'image': 'nginx' }] },
+        },
+    }, __opts__=ResourceOptions(provider=k8s_provider)
+)
+
+# Finally, export the kubeconfig so that the client can easily access the cluster.
+export('kubeconfig', k8s_config)

gcp-py-gke/requirements.txt

@@ -0,0 +1,3 @@
+pulumi>=0.17.4
+pulumi_gcp>=0.18.2
+pulumi_kubernetes>=0.22.0