Deploy the do-k8s-token-rotate helm chart on Rancher

Question

Pulumi · Accepted Answer

Deploying a Helm chart in Rancher through Pulumi involves several steps. You'll first need to set up your Rancher environment, and ensure that you have a Kubernetes cluster managed by Rancher where the Helm chart will be deployed. The following program will guide you through the use of Pulumi to deploy a Helm chart to a Kubernetes cluster managed by Rancher.

Before you begin, make sure you've performed these prerequisites:

1. Install `pulumi` CLI and set up your Pulumi account.
2. Configure access to your Rancher instance, including API keys or other authentication mechanisms.
3. Determine the cluster ID where you want to deploy the Helm chart.
4. Ensure the Helm chart you want to deploy (`do-k8s-token-rotate` in your case) is available in a repository that Rancher can access.

The program below uses the `rancher2` Pulumi provider, which allows you to interact with Rancher resources. It will define a `CatalogV2` resource pointing to the repository containing the `do-k8s-token-rotate` Helm chart and then deploy it to the specified cluster using the `helm.v3.Release` resource.

Here is the Pulumi program written in TypeScript:

```typescript
import * as rancher2 from '@pulumi/rancher2';
import * as k8s from '@pulumi/kubernetes';
import * as pulumi from '@pulumi/pulumi';

// Pulumi program entry point
async function main() {
    // Create a Rancher v2 Cluster reference, this assumes you already have a cluster managed by Rancher
    const rancherCluster = new rancher2.Cluster("my-cluster", {
        // Specify your cluster details here
        name: "my-cluster-name",
        // ... other necessary cluster configuration
    });

// Create a new Rancher v2 Catalog (Helm Repo) targeting the specified cluster
    const helmRepo = new rancher2.CatalogV2("helm-repo", {
        // You will need to replace `url` and other properties with
        // the relevant details of the Helm repository hosting your chart
        url: "https://charts.example.com/",
        clusterId: rancherCluster.id, // Link to the cluster where the chart will be deployed
    });

// Deploy the Helm chart using the k8s provider
    const helmChart = new k8s.helm.v3.Release("do-k8s-token-rotate", {
        chart: "do-k8s-token-rotate",
        version: "1.0.0", // Replace with the version of the chart you wish to deploy
        repositoryOpts: {
            repo: helmRepo.url.apply(url => url), // Use the Helm repo URL from the created Catalog resource
        },
        // Namespace to deploy the Helm chart into; replace with the desired namespace
        namespace: "default",
        // Values to provide to the Helm chart; replace with the values required by the do-k8s-token-rotate chart
        values: {
            // ... your chart values
        },
    }, { provider: new k8s.Provider("k8s-provider", { kubeconfig: getPulumiKubeconfig(rancherCluster) }) });

// Export the Helm release name
    pulumi.export("helmReleaseName", helmChart.name);
}

// Helper function to retrieve Kubeconfig from Rancher
function getPulumiKubeconfig(cluster: rancher2.Cluster): pulumi.Output<string> {
    // Implementation to retrieve Kubeconfig can use the cluster's `id` or other properties
    // as necessary to construct or fetch the appropriate Kubeconfig
    return pulumi.interpolate`apiVersion: v1
clusters:
- name: ${cluster.name}
  cluster:
    server: "https://your-rancher-api-server" // Replace with your actual API server URL
    certificate-authority-data: "..." // Certificate authority data for your cluster
contexts:
- name: ${cluster.name}
  context:
    cluster: ${cluster.name}
    user: "user-${cluster.name}"
current-context: ${cluster.name}
kind: Config
preferences: {}
users:
- name: "user-${cluster.name}"
  user:
    token: "your-rancher-access-token" // Replace with a token allowing access to the cluster
`;
}

// Execute the main Pulumi program
main();
```

This example assumes you have control over a Rancher-managed Kubernetes cluster already and that you have permissions to deploy Helm charts to it. The `getPulumiKubeconfig` helper function is a placeholder to retrieve the Kubeconfig information for your cluster. You would need to provide the actual logic to retrieve this configuration, typically through the Rancher API or from your infrastructure.

To use the above program:

1. Save the program to a file named `index.ts`.
2. Install the required Pulumi packages by running `npm install @pulumi/pulumi @pulumi/rancher2 @pulumi/kubernetes`.
3. Build the TypeScript program using `tsc` or run it directly with Pulumi if you have automatic TypeScript compilation enabled.

Please replace placeholders like `https://your-rancher-api-server` with the actual values for your environment and ensure that the Helm chart version and values match the requirements of the `do-k8s-token-rotate` chart.