Deploy the vault-helm-chart helm chart on Rancher

Question

Pulumi · Accepted Answer

Deploying a Helm chart on Rancher using Pulumi involves a few key steps:

Configure Pulumi to use the Rancher2 provider.
Create a new Rancher cluster or use an existing one.
Enable the Helm chart repository where the vault-helm-chart is located.
Install the vault-helm-chart Helm chart onto the Rancher cluster.

Below is a Pulumi program that demonstrates how to deploy the vault-helm-chart on a Rancher cluster. This program assumes that you have already set up Rancher and have access to it. The program will:

Create a new namespace for the vault-helm-chart.
Deploy the vault-helm-chart Helm chart into the created namespace.

Let's start by setting up the necessary imports and initializing our Pulumi program:

import * as rancher2 from "@pulumi/rancher2";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";

const projectName = "vault-project"; // Replace with your Rancher Project name
const chartName = "vault"; // The name of the chart in the Helm repository
const chartVersion = "0.13.0"; // The version of the chart you want to deploy
const helmRepoUrl = "https://helm.releases.hashicorp.com"; // Vault Helm repository URL

// Create a Rancher2 provider instance
const rancher2Provider = new rancher2.Provider("rancher2-provider", {
  apiUrl: "https://<RANCHER_API_URL>", // Replace with your Rancher API URL
  accessToken: "<RANCHER_ACCESS_TOKEN>", // Replace with your Rancher Access Token
  clusterId: "<RANCHER_CLUSTER_ID>", // Replace with your Rancher Cluster ID
});

// Create a Kubernetes provider instance that uses the Rancher2 provider created above
const k8sProvider = new k8s.Provider("k8s-provider", {
  kubeconfig: rancher2Provider.kubeconfig,
});

This sets up the Pulumi providers necessary to communicate with Rancher and Kubernetes. Replace the placeholders (<RANCHER_API_URL>, <RANCHER_ACCESS_TOKEN>, and <RANCHER_CLUSTER_ID>) with the appropriate values for your Rancher API URL, access token, and cluster ID.

Next, we will define a Kubernetes namespace where the chart should be deployed:

// Create a Kubernetes Namespace
const vaultNamespace = new k8s.core.v1.Namespace("vault-namespace", {
  metadata: { name: "vault-namespace" }
}, { provider: k8sProvider });

The above code creates a Kubernetes namespace called vault-namespace. We specify the provider to ensure that Pulumi uses the Rancher-based Kubernetes provider.

Now, we need to deploy the Helm chart into the created namespace:

// Deploy the vault-helm-chart Helm chart
const vaultHelmChart = new k8s.helm.v3.Chart("vault-helm-chart", {
  chart: chartName,
  version: chartVersion,
  fetchOpts: {
    repo: helmRepoUrl, // URL of the Helm repo
  },
  namespace: vaultNamespace.metadata.name,
}, { provider: k8sProvider });

In the code above, we create a new Helm chart resource using Pulumi's Kubernetes provider. We specify the chart name (vault), the version to deploy, and the repository URL where the chart can be found. We also provide the namespace in which to deploy the chart.

By running this Pulumi program, the vault-helm-chart will be deployed into the vault-namespace on your Rancher cluster.

Make sure to export any necessary outputs that you might need later:

// Exporting the Vault namespace name
export const vaultNamespaceName = vaultNamespace.metadata.name;

Finally, building and deploying your Pulumi program is done through the Pulumi CLI. Once you have the above TypeScript code in a file (e.g., index.ts), you would run the following commands in your terminal:

pulumi up

This command will compile the TypeScript program into JavaScript, and then it will plan and apply the desired state to your Rancher cluster. If you confirm the plan, Pulumi will proceed to deploy the vault-helm-chart to the specified Rancher cluster.

Remember to have Pulumi CLI installed and be authenticated with your Pulumi account. Furthermore, ensure that you have access to the Rancher cluster from the machine where Pulumi will run.