Deploy the neuvector-core helm chart on Linode Kubernetes Engine

Question

Pulumi · Accepted Answer

To deploy the neuvector-core Helm chart on Linode Kubernetes Engine (LKE) using Pulumi, we will follow these steps:

1. **Set up Linode Kubernetes Engine**: We will provision an LKE cluster using Pulumi's Linode provider. We will configure the size, region, and the number of nodes for the cluster.

2. **Install the Helm Chart**: Once the cluster is available, we will use Pulumi's Kubernetes provider to deploy the neuvector-core Helm chart to the cluster. The Helm chart will be installed into a namespace that we designate for NeuVector.

First, install the required Pulumi packages for Linode and Kubernetes:

```bash
pulumi plugin install resource linode v2.0.1
pulumi plugin install resource kubernetes v3.7.2
```

Configure the Pulumi Linode provider with the necessary Linode token, which can be obtained from the Linode Cloud Manager:

```bash
pulumi config set linode:token YOUR_LINODE_API_TOKEN --secret
```

Now, let's write the Pulumi TypeScript code for deploying the neuvector-core Helm chart on an LKE cluster:

```typescript
import * as linode from "@pulumi/linode";
import * as k8s from "@pulumi/kubernetes";
import * as pulumi from "@pulumi/pulumi";

// Create a new Linode Kubernetes Engine cluster.
const cluster = new linode.LkeCluster("my-lke-cluster", {
    k8sVersion: "1.20", // specify the desired Kubernetes version
    region: "us-central", // choose the region where the cluster will be deployed
    tags: ["neuvector-deploy"],
    nodePools: [{
        type: "g6-standard-2", // specify the node type
        count: 2, // specify the number of nodes in the pool
    }],
});

// Export the kubeconfig from the Linode cluster
export const kubeconfig = cluster.kubeconfig;

// Create a Pulumi Kubernetes provider using the kubeconfig from the LKE cluster.
const provider = new k8s.Provider("lke-k8s", {
    kubeconfig: cluster.kubeconfig,
});

// Install the neuvector-core Helm chart into the LKE cluster using the Linode Kubernetes provider.
const neuvectorChart = new k8s.helm.v3.Chart("neuvector-core", {
    // Use the appropriate Helm Chart repository and name.
    chart: "neuvector-core",
    version: "1.0.0", // specify the chart version, use the desired version.
    fetchOpts: {
        repo: "https://helm.neuvector.com", // NeuVector Helm chart repository
    },
    namespace: "neuvector", // the namespace where the helm chart will be installed
}, { provider });

// Export the NeuVector core service endpoint
export const neuvectorCoreEndpoint = pulumi.all([neuvectorChart.getResourceProperty("v1/Service", "neuvector", "neuvector-core-service", "status"), provider.clusterName])
    .apply(([status, clusterName]) => {
        if (status.loadBalancer.ingress[0]) {
            return `http://${status.loadBalancer.ingress[0].hostname}`;
        } else {
            return `Waiting for LoadBalancer IP...`;
        }
    });
```

This program performs the following actions:

- It declares an LKE cluster with nodes configured according to the type and count specified.
- It defines a Kubernetes provider for Pulumi to interact with the newly created LKE.
- It installs the neuvector-core Helm chart from the NeuVector Helm repository into the LKE cluster. Helm charts are Kubernetes packages that contain all necessary resources to run an application, service, or some other kind of Kubernetes entity.

Please ensure that you replace `YOUR_LINODE_API_TOKEN` with your actual Linode API token and adjust `chart` and `version` values according to the NeuVector core Helm chart you wish to deploy.

You can now run the Pulumi program with the following commands:

```bash
pulumi up # To preview and deploy changes
```

After executing, Pulumi will show you a preview of the resources to be created. Confirm the deployment to proceed. Once deployed, Pulumi will output the kubeconfig needed to interact with your LKE cluster and the NeuVector core service endpoint once available.