Deploy the vault-secrets helm chart on Rancher

Question

Pulumi · Accepted Answer

To deploy the `vault-secrets` Helm chart on a Rancher-managed Kubernetes cluster using Pulumi, we will first need to set up some resources in Rancher. Unfortunately, the Pulumi Registry Results doesn't list a direct Helm chart deployment resource for Rancher; however, there is a [`CatalogV2`](https://www.pulumi.com/registry/packages/rancher2/api-docs/catalogv2/) resource that can be used to manage catalogs, which are collections of Helm chart repositories in Rancher.

By using the `CatalogV2` resource, we can add a Helm repository that contains the `vault-secrets` chart to Rancher. Then we can deploy the chart by creating a Kubernetes application through Rancher's GUI or CLI, as the Pulumi Rancher2 provider does not provide a direct way to deploy Helm charts through code at this time.

Below is a TypeScript program using Pulumi to set up a Helm chart repository in Rancher that includes the `vault-secrets` Helm chart. For this example, you will need to have installed Pulumi, configured it with your Rancher credentials, and have the necessary permissions to manage resources in Rancher.

Please note that you must replace `your-cluster-id` and `your-catalog-name` with your actual Rancher Cluster ID and desired catalog name respectively. Additionally, provide the actual URL to the Helm repository you wish to add in `url`.

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as rancher2 from "@pulumi/rancher2";

// Create a new catalog in Rancher that represents a Helm repository.
const helmRepoCatalog = new rancher2.CatalogV2("vault-secrets-catalog", {
    // Replace `your-cluster-id` with your actual Rancher Cluster ID
    clusterId: "your-cluster-id",
    // The catalog's name within Rancher
    name: "your-catalog-name",
    // URL to Helm repository that contains vault-secrets chart
    url: "https://helm.releases.hashicorp.com/",
    // You may need to set `insecure` to true if your Helm repository
    // does not have a trusted SSL certificate. Keep it false if possible
    // for better security.
    insecure: false,
});

// To review: After creating the catalog, you will need to go to the Rancher dashboard
// and deploy the `vault-secrets` Helm chart through the UI by creating a new application
// and selecting the chart from the catalog you added.

export const catalogName = helmRepoCatalog.name;
```

After running the above Pulumi program, you will have a new catalog in Rancher named `your-catalog-name` that points to the Helm repository URL you specified.

Here's what to do next:

1. Navigate to the Rancher dashboard in your web browser.
2. Go to the cluster where you want to deploy the `vault-secrets` Helm chart.
3. Under the "Apps & Marketplace" section, you should now see the catalog you created via Pulumi.
4. Find the `vault-secrets` chart in the list of charts within the catalog.
5. Click "Deploy", and follow the on-screen instructions to configure and launch the Helm chart on your cluster.

Keep in mind that, with Pulumi, we're preparing Rancher with the catalog first, since there isn't a direct way to deploy Helm charts with the Pulumi Rancher provider as of my knowledge cutoff in 2023. You complete the deployment via Rancher's dashboard or CLI.