Deploy the kubernetes-vault helm chart on Kubernetes

Question

Pulumi · Accepted Answer

To deploy the `kubernetes-vault` Helm chart on a Kubernetes cluster using Pulumi, we'll utilize the `kubernetes.helm.v3.Chart` resource from the Pulumi Kubernetes Provider. The Helm chart resource in Pulumi allows us to declaratively install, update, and manage Kubernetes applications just as you would with the `helm` CLI.

Here's a detailed guide on how a Pulumi program for this deployment might look:

### Step 1: Import Necessary Modules
We begin by importing the modules we need from the Pulumi SDK, specifically `@pulumi/pulumi` for general Pulumi functionalities and `@pulumi/kubernetes` for interacting with Kubernetes.

### Step 2: Create a Helm Chart Resource
Using `new kubernetes.helm.v3.Chart`, we create a new instance of the Helm chart. We provide it with parameters such as the chart name, repository, and optionally, any specific values you would like to override in the chart's default `values.yaml`.

### Step 3: Export Any Outputs of Interest
The deployment might produce outputs we're interested in, such as the external IP if the chart creates a LoadBalancer service. We can export these using `pulumi.export`.

### Step 4: Execution
This script is executed using the Pulumi CLI. Once you have Pulumi installed and the Kubernetes cluster configured with `kubeconfig`, run `pulumi up` to perform the deployment.

Now let's put this into a Pulumi program written in TypeScript:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as kubernetes from "@pulumi/kubernetes";

// Name of the chart for easier reference
const chartName = "vault";

// Helm chart version
const chartVersion = "0.13.0"; // Replace with the desired chart version

// Deploy the kubernetes-vault helm chart
const vault = new kubernetes.helm.v3.Chart(chartName, {
    // Replace this with the actual chart repository URL or remove if it's a stable chart
    repo: "https://helm.releases.hashicorp.com", 
    chart: "vault",
    version: chartVersion,
    // Specify namespace if needed, otherwise default is used
    namespace: "default",
    // If required, provide custom values by specifying `values` property
    values: {
        // Custom values to override the default settings here
        // Example: enable UI service
        "ui": {
            "serviceType": "LoadBalancer"
        }
    },
});

// Export the Vault address
export const vaultAddress = vault.getResourceProperty("v1/Service", `${chartName}-vault-ui`, "status").apply(status => status.loadBalancer.ingress[0].ip);

```

### Explanation of Exported Output
After deploying the chart, the program exports the LoadBalancer IP address of the Vault UI service. This is assuming that the chart defines a LoadBalancer service for Vault's UI and that the service is named according to the format `<chartName>-vault-ui`. If the chart's actual service has a different name or if there is no LoadBalancer, you will need to adjust this accordingly.

### Important Notes:
1. This script assumes that you have already authenticated your Pulumi CLI with the desired Kubernetes cluster.
2. The version specified (`0.13.0`) should be replaced with the correct version number of the chart you want to deploy.
3. The `repo` url should point to the repository where the `kubernetes-vault` chart is hosted. If it's a Helm stable chart, you can omit the `repo` property.
4. The `values` should be adjusted to reflect the settings you want for your `kubernetes-vault` deployment. The above example assumes you want to enable the Vault UI service and expose it through a LoadBalancer service.

Remember, Pulumi allows you to manage the full lifecycle of the application. You can update this chart by changing the properties provided, and safely tear down all resources associated with the chart by running `pulumi destroy`.