Deploy the neuvector-core helm chart on Rancher
TypeScriptTo deploy the
neuvector-coreHelm chart on a Rancher-managed Kubernetes cluster, we'll need to work with several resources:- A Rancher Kubernetes cluster where we want to deploy our Helm chart. I'll show you how to define a Kubernetes cluster resource using Rancher in Pulumi.
- A Helm chart installation into the cluster. We'll define a Helm chart resource that references the
neuvector-corechart.
Before diving into the code, ensure that you have the following prerequisites taken care of:
- You have access to a Rancher server with enough permissions to manage clusters and deploy applications.
- You have Pulumi CLI installed and configured with access to your cloud provider where Rancher is running. Visit Pulumi Installation Guide for the installation instructions.
- You have Helm CLI installed on your machine if you need to customize the chart values locally before deploying through Pulumi.
Below is a TypeScript program that illustrates how you would use Pulumi to deploy the
neuvector-coreHelm chart on a Rancher Kubernetes cluster. For demonstration purposes, I am assuming that the Kubernetes cluster is already provisioned and managed by Rancher, and we will focus on deploying the Helm chart to this existing cluster.import * as rancher2 from "@pulumi/rancher2"; import * as kubernetes from "@pulumi/kubernetes"; // Step 1: Instantiate a Rancher provider. const rancherProvider = new rancher2.Provider("rancher-provider", { apiURL: "https://rancher.your-domain.com/v3", accessToken: "yourRancherAccessToken", secretKey: "yourRancherSecretKey", }); // Step 2: Reference your existing Rancher-managed Kubernetes cluster by ID. // You can get this ID from Rancher's Cluster Management UI. const clusterId = "c-xxxxx"; // Step 3: Query Rancher for the kubeConfig of the cluster. const kubeConfig = new rancher2.Cluster("my-cluster", { id: clusterId, }, { provider: rancherProvider }).kubeConfig; // Step 4: Create a Kubernetes provider instance using the kubeConfig obtained from Rancher. const k8sProvider = new kubernetes.Provider("k8s-provider", { kubeconfig: kubeConfig.apply(cfg => cfg), }); // Step 5: Deploy the `neuvector-core` Helm chart using the Kubernetes provider. const neuvectorCoreChart = new kubernetes.helm.v3.Chart("neuvector-core", { chart: "neuvector-core", version: "latest", // Specify the version of the chart you want to deploy fetchOpts:{ repo: "https://your-helm-chart-repository/", // Specify the Helm chart repository URL }, }, { provider: k8sProvider }); // Export the endpoint of NeuVector console if its service is of type LoadBalancer export const neuvectorConsoleEndpoint = neuvectorCoreChart.getResourceProperty("v1/Service", "neuvector-core-service", "status") .apply(status => status.loadBalancer.ingress[0].ip || status.loadBalancer.ingress[0].hostname);To explain the code above:
- We start by setting up a Rancher provider instance. This requires API access to your Rancher server, for which you'll need an API URL and access keys.
- Next, we set up a Kubernetes provider instance. This provider uses the kubeconfig from the Rancher-managed cluster to interact with your Kubernetes API.
- We then define a Helm chart resource, pointing to the
neuvector-coreHelm chart within the specified repo. - Finally, for Helm charts exposing an external endpoint (like a web UI), we export the service's load balancer IP or hostname so you can access it after deployment.
Please replace "https://rancher.your-domain.com/v3", "yourRancherAccessToken", "yourRancherSecretKey", the
clusterId, and the Helm chart repo URL with your actual service's values.After you have ensured all the prerequisites are met and updated the placeholders with your specific details, run the Pulumi CLI commands
pulumi upto deploy your stack. This will apply the changes defined in the code to your cloud environment.Note: The exact structure of the
neuvector-core-serviceand the existence of a LoadBalancer IP or hostname will depend on the helm chart's service specification and your cloud environment. Adjust the resource names and properties accordingly to your deployment.