Deploy the istio-ingress helm chart on Rancher

Question

Pulumi · Accepted Answer

To deploy the Istio ingress Helm chart on a Rancher-managed Kubernetes cluster, you would typically need to do the following:

Set up access to your Rancher-managed Kubernetes cluster.
Use Pulumi to interact with Rancher, making sure you have the necessary permissions to deploy Helm charts.
Define your Helm chart resource using Pulumi's Rancher 2 provider, including Istio's ingress chart details (repository, chart name, version, values, etc.).
Execute the deployment with pulumi up.

Below is a Pulumi TypeScript program that demonstrates these steps. The program assumes that you have already configured your Pulumi environment and have access to the Rancher Kubernetes cluster that you are managing.

The Pulumi Rancher 2 provider allows us to interact with the Rancher platform. In the following program, we are not directly deploying the Helm chart because the Pulumi Registry Results did not yield a direct match for deploying Helm charts via the Rancher provider. Instead, we will get access to the cluster and use the native Kubernetes provider to deploy the chart.

Please ensure that you have the necessary access permissions to deploy to your cluster, and you have Pulumi CLI installed and configured.

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
import * as rancher2 from "@pulumi/rancher2";

// Step 1: Fetch the Rancher-managed k8s cluster
// Replace `clusterName` with the name of your Rancher Kubernetes cluster
const cluster = new rancher2.Cluster("clusterName", {
  name: "my-cluster",
});

// Step 2: Get the kubeconfig for the managed Kubernetes cluster
const kubeConfig = pulumi
  .all([cluster.name, cluster.id])
  .apply(([name, id]) =>
    rancher2.getKubeConfig({
      clusterId: id,
    })
  );

// Step 3: Create a Kubernetes provider instance using the kubeconfig
const k8sProvider = new k8s.Provider("k8sProvider", {
  kubeconfig: kubeConfig.kubeConfig,
});

// Step 4: Deploy the Istio ingress Helm chart using the Kubernetes provider
// Replace the `chartRepoUrl` with the URL for the repository containing your chart, if you're not using the default one.
const istioIngress = new k8s.helm.v3.Chart(
  "istio-ingress",
  {
    chart: "istio-ingress",
    version: "x.y.z", // specify the chart version
    fetchOpts: {
      repo: "https://<chart-repo-url>", // replace with the full chart repo URL
    },
    // Define any custom values for the Istio ingress Helm chart here.
    // These values will configure the behaviour of Istio's ingress functionality.
    values: {
      // Place your customized values here
    },
  },
  {
    provider: k8sProvider,
  }
);

// Optional: Export the endpoint of the Istio Ingress to access it from outside
export const istioIngressEndpoint = istioIngress.getResourceProperty(
  "v1/Service",
  "istio-ingressgateway",
  "status"
).apply((status) => status.loadBalancer.ingress[0].ip);

This Pulumi program performs the following operations:

It declares a Rancher cluster, which should already exist and be managed by Rancher.
It retrieves the kubeconfig for the specified Rancher cluster, allowing us to communicate with the Kubernetes cluster.
Using this kubeconfig, it then creates a provider for Kubernetes to specify we are targeting a cluster managed by Rancher.
With the Kubernetes provider set up, it proceeds to create a Helm chart resource for Istio's ingress. The chartRepoUrl within the fetchOpts should direct to the repository where the Istio Helm chart is located. Also, the version should be set to the desired version of the chart you'd like to deploy.
Finally, the program sets up an optional export for the Istio ingress endpoint. This is useful when you need to access Istio Ingress services from outside the Kubernetes cluster.

Please replace placeholders like x.y.z, <chart-repo-url>, and // Place your customized values here with actual values based on your requirements and the Helm chart you are deploying.