Deploy the kube-cluster helm chart on Rancher

Question

Pulumi · Accepted Answer

To deploy the kube-cluster helm chart on Rancher, you'll need to perform several steps. These include setting up a Rancher server (if not already done), creating a Kubernetes cluster via Rancher, and then deploying the helm chart to that cluster.

For this guide, I'll assume you already have a Rancher server running and have access to it. The focus will be on creating a Kubernetes cluster using the Rancher 2 provider for Pulumi and then deploying the kube-cluster helm chart on that cluster.

Here's a program written in TypeScript which uses Pulumi to orchestrate these actions:

import * as rancher2 from "@pulumi/rancher2";
import * as kubernetes from "@pulumi/kubernetes";

// Step 1: Create or select an existing Rancher2 Kubernetes cluster
// Replace '<YOUR_CLUSTER_NAME>' with the desired cluster name and configure additional settings if needed
const cluster = new rancher2.Cluster("<YOUR_CLUSTER_NAME>", {
    // Cluster configuration goes here, for example:
    rkeConfig: {
        // Specify the Kubernetes version
        kubernetesVersion: "v1.17.6-rancher2-1",
        nodes: [
            {
                address: "node1.yourdomain.com",
                user: "rancher",
                role: ["controlplane", "etcd", "worker"],
                sshKey: "<SSH_PRIVATE_KEY>", // SSH private key for the node
            },
            // Add more nodes as required
        ],
    },
});

// Step 2: Use the created cluster to deploy a helm chart
// Define the kube-cluster helm chart to deploy
const kubeClusterChart = new kubernetes.helm.v3.Chart("kube-cluster-chart", {
    chart: "kube-cluster",
    // Helm chart version to deploy
    version: "1.0.0",
    // Namespace to deploy the chart into, create it if it doesn't exist
    namespace: "default",
    // Parameters to pass to the helm chart
    values: {
        // Customize the values to suit your helm chart requirements
        // Example setting:
        serviceType: "ClusterIP",
    },
    // Set up the kubeconfig
    // The kubeconfig is retrieved from the created cluster in Rancher.
    // `cluster.id` and `cluster.clusterRegistrationToken` are used for authentication
    // and interaction with the cluster.
    // You can modify the kubeconfig as per your cluster's access requirements.
    kubeConfig: cluster.id.apply(id => `${cluster.clusterRegistrationToken[0].insecureCommand}`),
}, { provider: cluster });

// Export the cluster URL so you can access it
export const clusterUrl = cluster.clusterRegistrationToken[0].apply(token => token.insecureCommand);

Explanation of the Program:

Rancher2 Kubernetes Cluster: We create or select an existing Rancher-managed Kubernetes cluster using the rancher2.Cluster resource type. Here, you should replace "<YOUR_CLUSTER_NAME>" with the desired name for your cluster. You also need to specify the configuration for your cluster including the rkeConfig which contains the information about the node(s), such as address, roles, and SSH key.
Helm Chart Deployment: We then create a Helm chart deployment using Pulumi's Helm support (kubernetes.helm.v3.Chart). The helm chart named "kube-cluster" will be deployed with the version "1.0.0" to the "default" namespace of our Kubernetes cluster. The values object is used to pass any customization needed for the helm chart.
Kubeconfig: For the Helm chart to interact with the cluster, it needs the kubeconfig, which is passed to the chart resource. We get the kubeconfig from the created cluster's clusterRegistrationToken. For security, ensure that you handle the kubeconfig and SSH keys securely and manage access appropriately.
Cluster URL Export: Lastly, we export the cluster URL (clusterUrl) using Pulumi's export feature so you can easily access your Rancher Kubernetes cluster.

Make sure to replace placeholder values with actual data specific to your environment and the helm chart you wish to deploy. Ensure that you have set up your Pulumi stack correctly with the necessary provider configuration for Rancher.

Remember, sensitive information like SSH keys and kubeconfig should be handled securely. Pulumi stores state that includes this sensitive information encrypted in the backend by default if you use the Pulumi Service backend.

Before running the Pulumi program, you need to install the Pulumi CLI, set up your Pulumi project, and authenticate with your cloud provider. After that, you can run pulumi up in your terminal from the directory containing your Pulumi program to create the resources.