Deploy the selfsigned-cert-manager helm chart on Linode Kubernetes Engine

Question

Pulumi · Accepted Answer

To deploy the self-signed cert-manager Helm chart on the Linode Kubernetes Engine (LKE) using Pulumi, you'll primarily be working with the `kubernetes` package, which offers abstractions to work with Kubernetes resources directly. More specifically, you'll use the `kubernetes.helm.v3.Chart` resource to deploy Helm charts to your LKE cluster.

Before you begin, ensure you have the following prerequisites in place:

1. Pulumi CLI installed on your system.
2. Access to a Linode Kubernetes Engine cluster.
3. Configured `kubeconfig` on your local environment to interact with your LKE cluster.
4. Helm CLI installed (optional, but useful for validating the setup or troubleshooting).

Below, I will explain the TypeScript code required to set up the self-signed cert-manager using Pulumi.

First, you need to import the necessary Pulumi package for Kubernetes:

```typescript
import * as k8s from "@pulumi/kubernetes";
```

Next, use the `kubernetes.helm.v3.Chart` class to create a new Helm chart resource:

```typescript
const certManager = new k8s.helm.v3.Chart("cert-manager", {
    chart: "cert-manager",
    version: "1.1.0", // Use the appropriate chart version.
    repositoryOpts: {
        repo: "https://charts.jetstack.io", // The repository where the cert-manager chart is hosted.
    },
    values: {
        installCRDs: true,
        // Define any additional customization required for the cert-manager chart.
    },
});
```

Important notes to consider:

- `"cert-manager"`: This is the name of the Helm chart you wish to install. Check the official [cert-manager documentation](https://cert-manager.io/docs/installation/helm/) for the correct chart name or any specific instructions for Helm deployment.

- `version`: Specify the version of the Helm chart you wish to deploy. It's critical to use a version that is compatible with your LKE cluster's Kubernetes version. Check the cert-manager's Helm registry for available versions.

- `repositoryOpts.repo`: This is the URL of the Helm repository where cert-manager is hosted. Cert-manager is typically hosted in the Jetstack Helm repository, as denoted by the provided URL. Replace the URL if you are using a different repository for some reason.

- `values`: This is a key-value map where you can set the values for the Helm chart, similar to how you would provide values via a `values.yaml` file when installing Helm charts manually. Here, you're specifying that CRDs should be installed as part of the Helm chart installation by setting `installCRDs` to `true`. Cert-manager requires CRDs to be installed in the cluster to function correctly.

Now, let's put it all together in a complete Pulumi program that deploys the selfsigned-cert-manager Helm chart on Linode Kubernetes Engine.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Create a new Pulumi stack project.
const projectName = "selfsigned-cert-manager";

const stack = new pulumi.StackReference(`my-org/${projectName}/prod`);

// Deploy the cert-manager Helm chart to the LKE cluster.
const certManager = new k8s.helm.v3.Chart("cert-manager", {
    chart: "cert-manager",
    version: "1.1.0", // Use the appropriate chart version.
    repositoryOpts: {
        repo: "https://charts.jetstack.io", // Use the repository where the cert-manager chart is hosted.
    },
    values: {
        installCRDs: true,
        // Optionally set additional custom values or leave empty to use the default settings.
    },
});

// Export the resources created in the Linode Kubernetes Engine cluster.
export const clusterResources = certManager.resources;
```

When you run this Pulumi program, it will connect to your LKE cluster using your current kubeconfig credentials and deploy the cert-manager chart into the cluster, along with necessary CRDs for it to function. You don't need to handle the Helm commands manually; Pulumi abstracts that for you.