Deploy the create-secret-manager-secret helm chart on Rancher
TypeScriptTo deploy a Helm chart on a Kubernetes cluster managed by Rancher, we will be using Pulumi with the
rancher2provider. Therancher2provider allows you to manage resources in a Rancher v2.x installation. In this case, we'll be focusing on deploying a Helm chart, specifically for creating a secret in the Kubernetes secret management system.Here's a step-by-step guide on how you can achieve this with Pulumi and TypeScript:
-
Set up the Pulumi project and stack: Create a new directory for your project, run
pulumi new typescript, and follow the prompts. This will set up a new Pulumi TypeScript project and stack for you. -
Install the Rancher2 provider: In your Pulumi project, you will need to install the Rancher2 provider. You can do this by running
npm install @pulumi/rancher2. -
Configure Pulumi to use the Rancher2 provider: Before running your Pulumi code, you will need to configure the Rancher2 provider with the appropriate credentials. This typically includes the URL of the Rancher server and an API token.
-
Define the secret and Helm chart: In your
.tsfile, you will define the secret that you want to create and then use therancher2.CatalogV2resource to deploy your Helm chart. TheCatalogV2resource represents a catalog of Helm charts that can be installed within the Rancher managed clusters.
Here's the Pulumi program that demonstrates these steps:
import * as pulumi from "@pulumi/pulumi"; import * as rancher2 from "@pulumi/rancher2"; // Define the Helm chart details const helmChartName = "create-secret-manager-secret"; const helmChartVersion = "1.0.0"; // Replace this with the actual chart version const helmCatalogUrl = "https://my-helm-chart-repository/"; // Replace this with the URL of your Helm chart repository // Define the secret data const secretData = { "api-key": "s3cr3t", // Replace with your actual secret data // Add other secret data here }; // Assume the Rancher2 provider is already configured with the necessary credentials. // Create a new Catalog V2 (Helm repository) in Rancher to manage Helm chart deployments const catalog = new rancher2.CatalogV2("my-catalog", { clusterId: "<cluster-id>", // Replace with your cluster ID url: helmCatalogUrl, // Additional optional configuration can be set here. }); // Use the Helm Chart resource to deploy the secret manager chart from the catalog const secretManagerChart = new rancher2.HelmChart("secret-manager-chart", { chart: helmChartName, version: helmChartVersion, catalogId: catalog.id, values: pulumi.output(secretData).apply(data => ({ secrets: data, })), // Additional chart settings such as namespace can be set here. }); // Export the URL to access the deployed Helm chart export const chartUrl = pulumi.interpolate(`${helmCatalogUrl}/${helmChartName}`);This program will set up a new Rancher catalog and deploy a Helm chart to manage secrets in Kubernetes secret management via Rancher's Helm chart support. You need to replace the placeholders like
<cluster-id>,helmChartVersion, andhelmCatalogUrlwith the actual values that are specific to your environment.To deploy this program:
- Run
pulumi upin your terminal in the directory where this program resides. - Confirm the deployment in the interactive prompt that Pulumi provides.
- Your Helm chart will be deployed or updated in the specified Rancher-managed cluster.
This program does not include error checking or advanced deployment strategies, but it gives you a structure to start from. You'll likely want to expand this example with actual values and additional error checking as needed for your specific workloads.
-