Deploy the kube-lego helm chart on Rancher
TypeScriptIn order to deploy the kube-lego Helm chart on a Rancher-managed Kubernetes cluster using Pulumi, you would follow these steps:
- Setup and configure a Rancher Kubernetes cluster using the
rancher2.Cluster
resource. - Install the kube-lego Helm chart onto the cluster.
Before starting with the Pulumi code, ensure that you have Pulumi installed and configured, as well as access to a Rancher server where you are able to create clusters. Also, the Helm chart for kube-lego should be available in a Helm repository that is accessible from your Kubernetes cluster.
For the sake of this example, we'll assume you have your Rancher API URL, Access Key, Secret Key, and the Kubernetes version ready.
kube-lego
is typically used for automatic Let's Encrypt certificate provisioning. However, please be aware thatkube-lego
is deprecated and is succeeded bycert-manager
. You should only usekube-lego
if you have a specific reason for not usingcert-manager
.Below is a Pulumi program written in TypeScript that creates a new Kubernetes cluster in Rancher and deploys the kube-lego Helm chart:
import * as pulumi from "@pulumi/pulumi"; import * as rancher2 from "@pulumi/rancher2"; import * as k8s from "@pulumi/kubernetes"; // Create a new Rancher v2 Cluster const cluster = new rancher2.Cluster("my-cluster", { rkeConfig: { // Specify the desired Kubernetes version kubernetesVersion: "v1.20.x", // Define the node groups with roles and instance types nodes: [ { // Your node configuration here address: "node-address", user: "user", // SSH username for the node role: ["etcd", "controlplane", "worker"], // Node roles // SSH private key for the user account sshKey: "<YOUR_SSH_PRIVATE_KEY>", }, ], }, }); // Create a Pulumi Kubernetes provider that targets the cluster const k8sProvider = new k8s.Provider("k8s-provider", { kubeconfig: cluster.kubeConfigRaw, }); // Deploy kube-lego using a Helm Chart const kubeLegoChart = new k8s.helm.v3.Chart("kube-lego", { fetchOpts:{ repo: "https://charts.jetstack.io" // Make sure this is the correct Helm repo for kube-lego }, chart: "kube-lego", version: "0.1.5", // Specify the chart version you want to deploy values: { // kube-lego specific values to configure config: { LEGO_EMAIL: "email@example.com", // Replace with your email LEGO_URL: "https://acme-v01.api.letsencrypt.org/directory", }, }, }, { provider: k8sProvider }); // Export the cluster kubeconfig to be able to interact with the cluster with kubectl export const kubeconfig = cluster.kubeConfigRaw;
This program performs the following actions:
- It creates a new Kubernetes cluster on Rancher using the desired version and nodes configuration specified in
rkeConfig
. You should replacenode-address
,user
, your SSH private key, and the Kubernetes version with your actual values. - Then it sets up a new instance of the Pulumi Kubernetes provider (
k8sProvider
), which points to the newly created Rancher cluster. This is done using the cluster'skubeConfigRaw
output, which contains the kubeconfig file contents needed to access the Kubernetes cluster. - Following that, it uses the Pulumi Kubernetes provider to deploy the
kube-lego
Helm chart onto the Rancher cluster. Make sure to replaceemail@example.com
with the email address you want to register with Let's Encrypt.
Please make sure you review and adjust values to your specific requirements and note that this program is intended for educational purposes and further refinement is expected for production use. Also, given that
kube-lego
is deprecated, consider usingcert-manager
for new projects.- Setup and configure a Rancher Kubernetes cluster using the