Deploy the neuvector-core helm chart on Kubernetes

Question

Pulumi · Accepted Answer

To deploy the NeuVector Core Helm chart on a Kubernetes cluster using Pulumi, we will use the `kubernetes.helm.v3.Chart` resource from Pulumi's Kubernetes provider. The `Chart` resource allows us to deploy Helm charts into a Kubernetes cluster. Helm is a package manager for Kubernetes, which simplifies deployment and management of applications.

Below is a Pulumi program written in TypeScript that shows how you could deploy the `neuvector-core` Helm chart. This assumes you have a working Kubernetes cluster and kubectl configured to connect to it. Moreover, you would also need Helm and Pulumi installed on your system.

Here's what the program will do:
1. It utilizes the `Chart` resource to deploy the `neuvector-core` chart from a specified Helm repository.
2. It sets the required parameters and configuration for the NeuVector deployment as per the Helm chart's values.

Make sure to replace `YOUR_NAMESPACE` with the Kubernetes namespace where you want to deploy NeuVector.

```typescript
import * as k8s from '@pulumi/kubernetes';

// Define the neuvector-core Helm chart deployment.
const neuVectorCoreChart = new k8s.helm.v3.Chart('neuvector-core', {
    // Specify the Helm chart repository and chart name.
    chart: 'neuvector-core',
    version: '1.0.0', // Replace with the desired chart version
    fetchOpts: {
        repo: 'https://neuvector.github.io/neuvector-helm/', // NeuVector Helm repository URL
    },
    // Set the namespace where the chart should be deployed.
    namespace: 'YOUR_NAMESPACE',
    // In case the chart requires custom values, define them here as an object.
    values: {
        // ... Insert customized values (if any) for the NeuVector chart.
    },
}, { provider: k8sProvider }); // Make sure to pass the appropriate provider if needed.

// Export the name of the namespace neuvector is deployed into.
export const neuVectorCoreNamespace = neuVectorCoreChart.namespace;
```

In the above code:
- We create a new `Chart` resource named `neuvector-core`.
- We specify the chart name and version as well as the Helm repository URL where the chart can be found.
- We set the `namespace` property to deploy the chart into a specific namespace in Kubernetes. Be sure to replace `YOUR_NAMESPACE` with the actual namespace you want to use.
- We include a placeholder for `values`, which can be replaced with key-value pairs for any custom configurations needed by the NeuVector Helm chart. The Helm chart documentation can provide these details.
- The `provider` option is commented out and should be provided if you're working with multiple Kubernetes clusters or need a specific provider instance. Otherwise, Pulumi will use the default provider based on your kubeconfig.

To understand the effect of what we're doing:
- The `Chart` resource in Pulumi is an abstraction that allows you to deploy Helm charts similarly to how you might use `helm install` or `helm upgrade` from the command line.
- Helm charts contain templates of Kubernetes resource definitions. When you deploy a Helm chart, Helm combines the chart's templates with the configuration you provide to create Kubernetes resources, such as pods, services, or ingresses. These resources are submitted to your Kubernetes cluster, resulting in the deployment of the application or software defined by the chart.

Before running this Pulumi program, ensure that you replace the placeholder values with actual values relevant to your environment. Also, check the NeuVector Helm chart's documentation for any required configurations and update the `values` section accordingly.

Once the program is ready, you can deploy it using the following Pulumi CLI commands:

```bash
pulumi up
```

This command will start the deployment process. Pulumi will show you a preview of the resources that will be created. If the preview looks correct, proceed with the deployment by confirming it in the CLI.

After deployment is successful, you can see the deployed resources in the specified namespace using `kubectl`:

```bash
kubectl get all -n YOUR_NAMESPACE
```

Remember to replace `YOUR_NAMESPACE` with the namespace you used in your Pulumi program. This will show you the pods, services, and other Kubernetes resources that were part of the NeuVector deployment.