Deploy the kube-lego helm chart on Rancher

Question

Pulumi · Accepted Answer

In order to deploy the kube-lego Helm chart on a Rancher-managed Kubernetes cluster using Pulumi, you would follow these steps:

1. Setup and configure a Rancher Kubernetes cluster using the `rancher2.Cluster` resource.
2. Install the kube-lego Helm chart onto the cluster.

Before starting with the Pulumi code, ensure that you have Pulumi installed and configured, as well as access to a Rancher server where you are able to create clusters. Also, the Helm chart for kube-lego should be available in a Helm repository that is accessible from your Kubernetes cluster.

For the sake of this example, we'll assume you have your Rancher API URL, Access Key, Secret Key, and the Kubernetes version ready. `kube-lego` is typically used for automatic Let's Encrypt certificate provisioning. However, please be aware that `kube-lego` is deprecated and is succeeded by `cert-manager`. You should only use `kube-lego` if you have a specific reason for not using `cert-manager`.

Below is a Pulumi program written in TypeScript that creates a new Kubernetes cluster in Rancher and deploys the kube-lego Helm chart:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as rancher2 from "@pulumi/rancher2";
import * as k8s from "@pulumi/kubernetes";

// Create a new Rancher v2 Cluster
const cluster = new rancher2.Cluster("my-cluster", {
    rkeConfig: {
        // Specify the desired Kubernetes version
        kubernetesVersion: "v1.20.x",
        // Define the node groups with roles and instance types
        nodes: [
            {
                // Your node configuration here
                address: "node-address",
                user: "user", // SSH username for the node
                role: ["etcd", "controlplane", "worker"], // Node roles
                // SSH private key for the user account
                sshKey: "<YOUR_SSH_PRIVATE_KEY>",
            },
        ],
    },
});

// Create a Pulumi Kubernetes provider that targets the cluster
const k8sProvider = new k8s.Provider("k8s-provider", {
    kubeconfig: cluster.kubeConfigRaw,
});

// Deploy kube-lego using a Helm Chart
const kubeLegoChart = new k8s.helm.v3.Chart("kube-lego", {
    fetchOpts:{ 
        repo: "https://charts.jetstack.io" // Make sure this is the correct Helm repo for kube-lego
    },
    chart: "kube-lego",
    version: "0.1.5", // Specify the chart version you want to deploy
    values: {
        // kube-lego specific values to configure
        config: {
            LEGO_EMAIL: "email@example.com", // Replace with your email
            LEGO_URL: "https://acme-v01.api.letsencrypt.org/directory",
        },
    },
}, { provider: k8sProvider });

// Export the cluster kubeconfig to be able to interact with the cluster with kubectl
export const kubeconfig = cluster.kubeConfigRaw;
```

This program performs the following actions:
- It creates a new Kubernetes cluster on Rancher using the desired version and nodes configuration specified in `rkeConfig`. You should replace `node-address`, `user`, your SSH private key, and the Kubernetes version with your actual values.
- Then it sets up a new instance of the Pulumi Kubernetes provider (`k8sProvider`), which points to the newly created Rancher cluster. This is done using the cluster's `kubeConfigRaw` output, which contains the kubeconfig file contents needed to access the Kubernetes cluster.
- Following that, it uses the Pulumi Kubernetes provider to deploy the `kube-lego` Helm chart onto the Rancher cluster. Make sure to replace `email@example.com` with the email address you want to register with Let's Encrypt.

Please make sure you review and adjust values to your specific requirements and note that this program is intended for educational purposes and further refinement is expected for production use. Also, given that `kube-lego` is deprecated, consider using `cert-manager` for new projects.