Deploy the rke2-ingress-nginx helm chart on Rancher

Question

Pulumi · Accepted Answer

To deploy the `rke2-ingress-nginx` Helm chart on Rancher using Pulumi, you would need to follow these steps:

1. **Set up a Rancher Cluster**: Before you can deploy a Helm chart, you need to ensure you have an active Kubernetes cluster managed by Rancher.

2. **Install the Rancher2 provider**: The `rancher2` provider allows you to interact with Rancher resources. You must install this provider to work with Rancher through Pulumi.

3. **Use the Rancher2 provider to deploy the Helm chart**: You will use resources from the `rancher2` package to deploy the Helm chart on a project within a Rancher-managed cluster.

4. **Define the Helm chart**: This involves specifying the name of the Helm chart, the repository where it's located, the version of the chart you want to deploy, and any value overrides that you need.

Given that you are a novice, you might not have any running Rancher infrastructure yet. However, I'll show you how the code to deploy the `rke2-ingress-nginx` Helm chart would look like once you have a cluster running. You would typically execute these steps in your TypeScript project after running `npm init` and `npm install @pulumi/pulumi @pulumi/rancher2`.

Below is a Pulumi program written in TypeScript that demonstrates how you could deploy the `rke2-ingress-nginx` helm chart on a Rancher-managed Kubernetes cluster.

```typescript
import * as rancher2 from "@pulumi/rancher2";
import * as k8s from "@pulumi/kubernetes";

// Use the Rancher 2 provider to interact with your Rancher instance.
// You need to have your Rancher cluster up and running and have access credentials configured.

const provider = new rancher2.Provider("rancher-provider", {
    apiUrl: "https://your-rancher-instance.com/v3",
    accessKey: "your-rancher-access-key", // Consider using Pulumi secrets for sensitive data
    secretKey: "your-rancher-secret-key", // Consider using Pulumi secrets for sensitive data
});

// Reference to your Rancher Project where you want to deploy the helm chart.
// The project ID can be fetched from the Rancher UI or by querying the Rancher API.

const rancherProject = rancher2.getProject({
    clusterId: "rancher-cluster-id",
    name: "project-name",
});

// Create a namespace for the ingress-nginx within your Rancher project namespace.

const namespace = new k8s.core.v1.Namespace("ingress-nginx-ns", {
    metadata: { name: "ingress-nginx" }
}, { provider: provider });

// Deploy the rke2-ingress-nginx Helm chart into the namespace within your Rancher project.
// You need the chart name, version, and repository URL.

const ingressNginxChart = new k8s.helm.v3.Chart("rke2-ingress-nginx", {
    chart: "ingress-nginx",
    version: "3.30.0", // Use the version that matches your requirements.
    namespace: namespace.metadata.name,
    fetchOpts: {
        repo: "https://helm.rancher.io", // Assuming the chart is located in this repository
    },
    // Include any required values that you need to override here, for example:
    values: {
        controller: {
            publishService: {
                enabled: true,
            },
        },
    },
}, { provider: provider });

// Export the public IP of the ingress to access your services from outside the cluster.

export const ingressIp = ingressNginxChart.getResourceProperty("v1/Service", "ingress-nginx/controller", "status")
    .apply(status => status.loadBalancer.ingress[0].ip);
```

This program sets up the necessary resources to deploy the `rke2-ingress-nginx` Helm chart to a Rancher-managed Kubernetes cluster. Here are the key parts:

- **Rancher2 Provider**: Initializes the provider for Rancher with the necessary credentials. It's important to replace placeholder values with actual access credentials.
  
- **Project Reference**: Looks up the Rancher project by its name and cluster ID. This is where the Helm chart will be deployed.

- **Namespace Creation**: A Kubernetes namespace named `ingress-nginx` is created to isolate the resources for our ingress controller.

- **Helm Chart Deployment**: Deploys the `ingress-nginx` Helm chart from a specified repository and version to the targeted namespace. Values can be overridden as needed.

- **Ingress IP Export**: At the end of the program, we export the IP address of the ingress service so that we can access it externally. The exact field to reference may differ depending on the cloud provider and Kubernetes service type.

Please make sure the chart name, version, and repository URL are correct as per the `rke2-ingress-nginx` Helm chart you're referring to, as this might vary.

Assuming you have `kubectl` and Pulumi configured correctly, when you run this program with Pulumi, it will reach out to your Rancher instance, create the namespace if needed, and deploy the Helm chart into your project. The public IP for the ingress can then be used to access services within your cluster from outside.