1. Deploy the kube-lego helm chart on Rancher


    In order to deploy the kube-lego Helm chart on a Rancher-managed Kubernetes cluster using Pulumi, you would follow these steps:

    1. Setup and configure a Rancher Kubernetes cluster using the rancher2.Cluster resource.
    2. Install the kube-lego Helm chart onto the cluster.

    Before starting with the Pulumi code, ensure that you have Pulumi installed and configured, as well as access to a Rancher server where you are able to create clusters. Also, the Helm chart for kube-lego should be available in a Helm repository that is accessible from your Kubernetes cluster.

    For the sake of this example, we'll assume you have your Rancher API URL, Access Key, Secret Key, and the Kubernetes version ready. kube-lego is typically used for automatic Let's Encrypt certificate provisioning. However, please be aware that kube-lego is deprecated and is succeeded by cert-manager. You should only use kube-lego if you have a specific reason for not using cert-manager.

    Below is a Pulumi program written in TypeScript that creates a new Kubernetes cluster in Rancher and deploys the kube-lego Helm chart:

    import * as pulumi from "@pulumi/pulumi"; import * as rancher2 from "@pulumi/rancher2"; import * as k8s from "@pulumi/kubernetes"; // Create a new Rancher v2 Cluster const cluster = new rancher2.Cluster("my-cluster", { rkeConfig: { // Specify the desired Kubernetes version kubernetesVersion: "v1.20.x", // Define the node groups with roles and instance types nodes: [ { // Your node configuration here address: "node-address", user: "user", // SSH username for the node role: ["etcd", "controlplane", "worker"], // Node roles // SSH private key for the user account sshKey: "<YOUR_SSH_PRIVATE_KEY>", }, ], }, }); // Create a Pulumi Kubernetes provider that targets the cluster const k8sProvider = new k8s.Provider("k8s-provider", { kubeconfig: cluster.kubeConfigRaw, }); // Deploy kube-lego using a Helm Chart const kubeLegoChart = new k8s.helm.v3.Chart("kube-lego", { fetchOpts:{ repo: "https://charts.jetstack.io" // Make sure this is the correct Helm repo for kube-lego }, chart: "kube-lego", version: "0.1.5", // Specify the chart version you want to deploy values: { // kube-lego specific values to configure config: { LEGO_EMAIL: "email@example.com", // Replace with your email LEGO_URL: "https://acme-v01.api.letsencrypt.org/directory", }, }, }, { provider: k8sProvider }); // Export the cluster kubeconfig to be able to interact with the cluster with kubectl export const kubeconfig = cluster.kubeConfigRaw;

    This program performs the following actions:

    • It creates a new Kubernetes cluster on Rancher using the desired version and nodes configuration specified in rkeConfig. You should replace node-address, user, your SSH private key, and the Kubernetes version with your actual values.
    • Then it sets up a new instance of the Pulumi Kubernetes provider (k8sProvider), which points to the newly created Rancher cluster. This is done using the cluster's kubeConfigRaw output, which contains the kubeconfig file contents needed to access the Kubernetes cluster.
    • Following that, it uses the Pulumi Kubernetes provider to deploy the kube-lego Helm chart onto the Rancher cluster. Make sure to replace email@example.com with the email address you want to register with Let's Encrypt.

    Please make sure you review and adjust values to your specific requirements and note that this program is intended for educational purposes and further refinement is expected for production use. Also, given that kube-lego is deprecated, consider using cert-manager for new projects.