Deploy the kube-lego helm chart on Kubernetes

Question

Pulumi · Accepted Answer

To deploy the `kube-lego` Helm chart on Kubernetes using Pulumi, you will need to do the following:

1. Configure Pulumi to use the appropriate Kubernetes context.
2. Create a new Kubernetes Helm chart resource using Pulumi's `Chart` resource.
3. Specify the name of the Helm chart (`kube-lego`) and its settings.

First, ensure that you have:

- Pulumi CLI installed and setup with the Kubernetes cluster.
- kubectl configured to connect to your Kubernetes cluster.
- Helm configured if you need to customize chart sources or values further than what is shown.

The following program in TypeScript sets up the `kube-lego` Helm chart deployment on a Kubernetes cluster:

```typescript
import * as k8s from "@pulumi/kubernetes";

// Create a Helm Chart resource for the kube-lego Helm chart.
// This assumes that the kube-lego chart is available in the configured Helm repository.
const kubeLegoChart = new k8s.helm.v3.Chart("kube-lego", {
    // Specify the chart repository and name.
    // You must replace `REPO_NAME` with the name of the repository where kube-lego is hosted.
    // If kube-lego is on the default repository, you can simply use `kube-lego` as the chart name.
    // The `version` field can be used to pin to a specific chart version.
    chart: "kube-lego",
    version: "VERSION", // replace with the specific version of kube-lego chart you want to deploy
    fetchOpts: {
        repo: "https://charts.helm.sh/stable", // this example uses the Helm stable repo, replace with the actual repo URL for kube-lego
    },
    // Define any values for the Helm chart's configurable options.
    // The following is an example of configuring kube-lego's email address.
    // You'll need to refer to the chart's documentation for all available configuration options.
    values: {
        // kube-lego specific settings, replace these values as per your requirements
        config: {
            LEGO_EMAIL: "your-email@example.com", // replace with your email address for Let's Encrypt notifications
            LEGO_URL: "https://acme-v01.api.letsencrypt.org/directory", // default Let's Encrypt URL, update if needed
        },
    },
});

// Export the base domain name that kube-lego will secure with TLS.
export const baseDomainName = "example.com"; // replace with your domain
```

Here's a breakdown of the code:

- **Import Pulumi Kubernetes library**: Import the `@pulumi/kubernetes` library, which allows us to interact with Kubernetes resources.

- **Create a Helm Chart Resource**: Instantiate a Helm chart with `new k8s.helm.v3.Chart`. This tells Pulumi to deploy a Helm chart into your cluster.

- **Chart Repository and Name**: The `chart` property specifies the name of the Helm chart, and `fetchOpts.repo` specifies the repository where the chart is located. Replace `VERSION` with the version number you wish to deploy.

- **Values**: The `values` object allows you to configure the Helm chart. The values should match the settings that the kube-lego chart exposes for customization. The example above sets the email and URL for Let's Encrypt, but this will vary based on the actual values the `kube-lego` chart supports.

- **Export**: The `export` at the end of the program allows you to export any output properties of your Pulumi program, which are printed to the console at the end of a successful `pulumi up`.

Note: As of my knowledge cutoff in 2023, `kube-lego` is deprecated and has been replaced by `cert-manager`, so if you follow this for a live cluster, consider using `cert-manager` instead.

Make sure to amend the values to fit your Helm chart and the version you wish to use. The repository URL should also be verified as Helm chart locations may change over time. If you have your own values.yaml file, you could also specify it as part of the `values` field.

Before running the Pulumi program, install Pulumi CLI, set up your Pulumi stack, and authenticate to your Kubernetes cluster. Once you've done that, run `pulumi up` to deploy the kube-lego Helm chart.