Deploy the harbor-scanner-sysdig-secure helm chart on Rancher

Question

Pulumi · Accepted Answer

Deploying the `harbor-scanner-sysdig-secure` Helm chart on a Rancher-managed Kubernetes cluster involves several steps:

1. **Setting up a Rancher Kubernetes Cluster**: Ensure you have a Kubernetes cluster managed by Rancher where the Helm chart will be deployed. The cluster can be provisioned using Pulumi with the `rancher2.Cluster` [resource](https://www.pulumi.com/registry/packages/rancher2/api-docs/cluster/).

2. **Adding a Catalog Source to Rancher**: Before you can deploy Helm charts on a Rancher cluster, you may need to add a catalog source that contains the Helm chart you want to deploy. This can be accomplished using the `rancher2.CatalogV2` [resource](https://www.pulumi.com/registry/packages/rancher2/api-docs/catalogv2/).

3. **Deploying the Helm Chart using Pulumi**: After the cluster is set up and the catalog containing the `harbor-scanner-sysdig-secure` chart has been added, you can deploy the Helm chart. However, Pulumi's Rancher2 provider doesn't directly support Helm charts deployment. You would typically deploy Helm charts using the `helm` Pulumi provider, but in this case, we'll assume that you want to manage the deployment from within Rancher's ecosystem.

Considering our resources, we will focus on the first two steps, as they can be managed using Pulumi and the Rancher2 provider. Deploying the Helm chart will need to occur through another process, such as using `kubectl` against the Rancher cluster or utilizing Rancher's web UI.

Below is a program written in TypeScript that demonstrates how to set up a cluster and add a catalog source in Rancher using Pulumi:

```typescript
import * as rancher2 from "@pulumi/rancher2";

// Create a new Rancher v2 Cluster.
const cluster = new rancher2.Cluster("my-cluster", {
    // Replace these with the actual configurations for your Rancher environment
    // and the cloud provider you are using. The following are just placeholders.
    name: "my-cluster-name",
    description: "My Rancher2 Kubernetes Cluster",
    rkeConfig: {
        // Configuration for Rancher Kubernetes Engine
        // See the API docs for complete configurations
        // You would include node pools, network provider configs, etc.
    },
    // You would also configure other cluster settings according to your needs.
});

// Add a catalog (Helm repository) to Rancher.
// Ensure to replace `url` with the repository URL that contains the Helm chart.
const catalog = new rancher2.CatalogV2("sysdig-catalog", {
    name: "sysdig",
    clusterId: cluster.id,
    url: "https://charts.sysdig.com",  // Use the official Sysdig Helm repo URL or your own.
    gitBranch: "master",
});

// Export the cluster name and ID
export const clusterName = cluster.name;
export const clusterId = cluster.id;
```

This program does the following:

- It imports the necessary `@pulumi/rancher2` module to interact with Rancher2 resources.
- It then creates a new `rancher2.Cluster` object, which is used to provision a new Kubernetes cluster within Rancher. You would replace the placeholder `rkeConfig` with your desired Kubernetes configuration.
- Next, it defines a `rancher2.CatalogV2` object to add a new catalog source that points to the repository hosting the `harbor-scanner-sysdig-secure` Helm chart.
- Finally, it exports the cluster name and ID for reference.

Please note that to actually deploy the Helm chart, you would typically utilize the `helm` CLI tool or Rancher's web UI. Pulumi currently manages infrastructure provisioning and cannot directly interact with running Kubernetes clusters managed by third-party tools, like Rancher, to deploy Helm charts.