Deploy the vault-token-injector helm chart on Rancher

Question

Pulumi · Accepted Answer

To deploy the `vault-token-injector` Helm chart on a Rancher-managed Kubernetes cluster, you'll first need a configured Rancher environment. Pulumi provides a collection of libraries for Rancher, allowing you to interact with it in a programmatic way using infrastructure as code principles.

Below is a TypeScript program using Pulumi's Rancher 2 provider to deploy a Helm chart to a Rancher-managed Kubernetes cluster. The program will perform the following actions:

1. Create a `CatalogV2` resource, which represents a Helm chart repository where Pulumi can find the `vault-token-injector` chart. We'll assume the chart repository exists at a URL that you need to provide.
2. Use the `helm.v3.Chart` class from Pulumi's Kubernetes provider to deploy that chart to your cluster.

Make sure you have already:

- Installed Pulumi CLI and set up Pulumi in your system.
- Configured access to your Rancher instance using `rancher2` provider.

You would replace `YOUR_HELM_REPO_URL` with the actual URL of the Helm chart repository containing the `vault-token-injector` chart, and `YOUR_CLUSTER_ID` with the cluster ID where you want to deploy the chart.

```typescript
import * as rancher2 from "@pulumi/rancher2";
import * as k8s from "@pulumi/kubernetes";

// Replace these values with the appropriate URLs and identifiers
const helmRepoUrl = "YOUR_HELM_REPO_URL";
const rancherClusterId = "YOUR_CLUSTER_ID";

const catalog = new rancher2.CatalogV2("vault-token-injector-catalog", {
    // The Helm chart repository URL
    url: helmRepoUrl,
    // Cluster ID where the catalog should be deployed
    clusterId: rancherClusterId,
});

// Deploy the vault-token-injector Helm chart
const vaultTokenInjectorChart = new k8s.helm.v3.Chart("vault-token-injector", {
    chart: "vault-token-injector",
    // Specify the version of the chart if needed
    // version: "1.2.3",
    fetchOpts: {
        // Reference to the catalog we've just created
        repo: catalog.url.apply(url => url),
    },
    values: {
        // Any values you need to provide for the vault-token-injector chart
        // apiKey: "YOUR_API_KEY",
    },
}, { provider: new k8s.Provider("k8s-provider", { kubeconfig: rancher2.getClusterKubeConfig(rancherClusterId).apply(res => res.kubeConfig) }) });

// Export any necessary resources, such as the chart's status or endpoints
export const vaultTokenInjectorChartStatus = vaultTokenInjectorChart.status;
```

This Pulumi program creates a `CatalogV2` object within Rancher to reference the Helm repository. Then, it deploys the `vault-token-injector` chart from that repository to your Kubernetes cluster. It also defines a Kubernetes provider sourced from Rancher cluster's kubeconfig, which the Helm chart resource uses to communicate with the Kubernetes API server.

Customizations to the deployed chart may be done through the `values` property, which allows you to override default settings with your own values. The `version` property can be used to pin to a specific version of the Helm chart.

After running this Pulumi program with the `pulumi up` command, the `vault-token-injector` Helm chart will be deployed to your specified cluster managed by Rancher. You may also observe its status through the exported variable `vaultTokenInjectorChartStatus`. Remember to ensure the Helm repository URL and cluster ID are correctly specified.