Deploy the harbor-scanner-trivy helm chart on Oracle Kubernetes Engine (OKE)
TypeScriptTo deploy the
harbor-scanner-trivyHelm chart on Oracle Kubernetes Engine (OKE) using Pulumi, you'll need to perform the following steps:-
Set up Oracle Kubernetes Engine (OKE): First, you need to have an OKE cluster up and running. You can create one using the Pulumi
ocipackage, which provides resources to interact with Oracle Cloud Infrastructure. -
Install the Helm Chart: Once your Kubernetes cluster is ready, you can use the
kubernetes.helm.v3.Chartresource from Pulumi's Kubernetes provider to deploy Helm charts, including theharbor-scanner-trivychart.
Below is the Pulumi TypeScript program that demonstrates how to accomplish this. This program assumes you have already configured the necessary OCI and Kubernetes Pulumi providers and that you have set up your Oracle Kubernetes Engine.
import * as pulumi from "@pulumi/pulumi"; import * as oci from "@pulumi/oci"; import * as k8s from "@pulumi/kubernetes"; // Replace these with the appropriate values for your environment const compartmentId = "ocid1.compartment.oc1..your-compartment-id"; const vcnId = "ocid1.vcn.oc1..your-vcn-id"; const k8sVersion = "v1.18.10"; // Use a version supported by OKE // Step 1: Setup the OKE Cluster const cluster = new oci.containerengine.Cluster("okeCluster", { // Required properties for OKE cluster compartmentId: compartmentId, vcnId: vcnId, kubernetesVersion: k8sVersion, options: { // Additional options if needed }, }); // Step 2: Deploy the harbor-scanner-trivy helm chart // Kubernetes configuration to connect to your OKE cluster would typically be obtained via the oci cli // For example, using `oci ce cluster create-kubeconfig --cluster-id <cluster-id>` // Ensure the KUBECONFIG environment variable is set to the downloaded kubeconfig file path const kubeconfigFile: string = process.env.KUBECONFIG!; const provider = new k8s.Provider("okeK8s", { kubeconfig: kubeconfigFile, }); // Deploying the harbor-scanner-trivy Helm chart const trivyChart = new k8s.helm.v3.Chart("harbor-scanner-trivy", { chart: "harbor-scanner-trivy", version: "1.0.0", // Specify the chart version you want to deploy fetchOpts: { repo: "https://the-harbor-helm-repo/", // Replace with the actual Helm repo URL }, }, { provider: provider }); // Export relevant data // Here we might want to export some URLs or other data depending on what the Helm chart provisions export const trivyServiceUrl = trivyChart.getResourceProperty("v1/Service", "harbor-scanner-trivy", "status").apply(status => status.loadBalancer.ingress[0].ip);This program structures the deployment into two steps:
-
OKE Cluster Setup: The
oci.containerengine.Clusterresource creates a new OKE cluster in the specified compartment and virtual cloud network with the given Kubernetes version. You'll need to replace the placeholders with your compartment ID, VCN ID, and the Kubernetes version you wish to use. -
Helm Chart Deployment: Using the
kubernetes.helm.v3.Chartresource, this section deploys theharbor-scanner-trivyHelm chart from its repository. Make sure to replace theversionandrepovalues with the specific chart version and Helm repository you want to use. Aprovideris configured using the Kubernetes configuration file obtained from setting up the OKE cluster.
After running the program, the
trivyServiceUrlis exported, which you can use to access the Trivy service once it's available. This value may need to be adjusted depending on the specific details of what the helm chart provides, such as if it uses a LoadBalancer, NodePort, or other service types.Please note, the actual deployment of resources may incur costs as per Oracle Cloud's pricing. Make sure to review the associated costs before provisioning resources. Additionally, ensure that your Pulumi CLI and OCI provider configurations are correctly set up to allow resource provisioning in your Oracle Cloud Infrastructure environment.
-