Deploy the keycloak-resources helm chart on Rancher

Question

Pulumi · Accepted Answer

To deploy a Helm chart on Rancher using Pulumi, you'll need to perform several steps. The process involves creating a Rancher cluster if you don't already have one, setting up the appropriate configuration for Rancher, and then deploying the Helm chart to the cluster.

Pulumi provides the `rancher2` package which contains resources to manage Rancher clusters and Helm deployments. For this use case, you would use the `rancher2.App` resource to deploy a Helm chart. However, as of my latest knowledge cutoff in early 2023, there is no Helm-specific resource directly available from the `rancher2` package in Pulumi. Instead, you would typically configure Helm using the generic `CustomResource` feature in Kubernetes after setting up a Rancher Kubernetes cluster.

Here's an example of a Pulumi program in TypeScript that deploys a Helm chart, assuming you already have a Kubernetes cluster managed by Rancher. In this case, I'm using the `kubernetes` package to deploy the Helm chart as a `CustomResource`. Note that you would need to have `keycloak-resources` available in a Helm repository that your cluster can access.

Before diving into the code, make sure you have Pulumi installed and configured with credentials for your Rancher instance. Since this is a novice-friendly explanation, please ensure you also have Node.js and NPM installed to run the TypeScript program, and that you've logged into the Rancher CLI on the machine where you'll be running Pulumi.

Below is a Pulumi program in TypeScript that you can use as a starting point:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
import * as rancher2 from "@pulumi/rancher2";

const config = new pulumi.Config();
const rancherUrl = config.require("rancherUrl"); // Your Rancher server URL
const rancherTokenKey = config.requireSecret("rancherTokenKey"); // Your Rancher Bearer Token

// Rancher provider configuration
const rancherProvider = new rancher2.Provider("rancher", {
    apiUrl: rancherUrl,
    tokenKey: rancherTokenKey,
});

// Referencing an existing Rancher2 Kubernetes cluster
const cluster = rancher2.getCluster({
    name: "my-existing-cluster",
}, { provider: rancherProvider });

// Kubernetes provider to interact with the Rancher-managed cluster
const k8sProvider = new k8s.Provider("k8s-provider", {
    kubeconfig: cluster.kubeConfig,
});

// Define the Keycloak Helm chart resource using Kubernetes CustomResource
const keycloakHelmChart = new k8s.helm.v3.Release("keycloak", {
    namespace: "default", // Namespace where you want to deploy Keycloak
    chart: "keycloak",
    repositoryOpts: {
        repo: "https://charts.bitnami.com/bitnami", // Helm repository URL where the chart is hosted
    },
    values: {
        // Customize Keycloak Helm chart values here, for example:
        // replicaCount: 1,
    },
}, { provider: k8sProvider });

// Export the Keycloak service endpoint
export const keycloakEndpoint = pulumi.interpolate`http://${keycloakHelmChart.status.namespace}.${keycloakHelmChart.status.name}`;

```

To run this program, you need to create a new Pulumi project, add the above code to an `index.ts` file in the project, and run `pulumi up`. However, note that the actual names, URLs, and configuration values in the code above are examples and need to be replaced with the actual values corresponding to your Rancher installation and the specifics of the `keycloak-resources` Helm chart you wish to deploy.

Here's what this program does:

1. Import required Pulumi libraries for interacting with Kubernetes and Rancher.
2. Set up the Rancher provider to authenticate against your Rancher API.
3. Retrieve the `kubeconfig` from an existing Rancher-managed Kubernetes cluster.
4. Set up a Kubernetes provider using the provided `kubeconfig`.
5. Use the Kubernetes provider to deploy the Keycloak Helm chart as a `CustomResource`, specifying the chart name and repository.
6. Optionally, define custom values for the Helm chart to override its default configuration.
7. Export the Helm release status to find your Keycloak service endpoint after deployment.

Please ensure you adjust the `repositoryOpts` and `values` to match the configuration of the `keycloak-resources` Helm chart you want to deploy.

If you haven't already logged into your Rancher CLI, you can do so using the command line tool `rancher login`. Provide the Rancher server URL and a bearer token when prompted. The bearer token is the same one you'd use in the Pulumi configuration as `rancherTokenKey`.