1. Deploy the harbor-operator helm chart on AWS EKS


    To deploy the Harbor Operator Helm chart on AWS EKS using Pulumi, we will follow these steps:

    1. Set up an EKS Cluster: We'll begin by creating an EKS cluster that serves as the Kubernetes environment for Harbor. AWS EKS is a managed Kubernetes service that simplifies the process of running Kubernetes on AWS without needing to install and operate your own Kubernetes control plane or worker nodes.

    2. Deploy the Harbor Operator: Once the EKS cluster is up and running, we'll deploy the Harbor Operator using the Helm chart. Helm is a package manager for Kubernetes, and the Harbor Operator Helm chart contains all the Kubernetes resources needed to run a Harbor instance.

    3. Expose Harbor services (optional): If Harbor services need to be exposed externally, AWS load balancers or ingress controllers are used.

    Below you'll find a Pulumi TypeScript program that sets up an Amazon EKS cluster and deploys the Harbor Operator Helm chart. We're using the @pulumi/eks and @pulumi/kubernetes packages, which simplify the process:

    • @pulumi/eks package helps us to create and manage an EKS cluster with eks.Cluster class.
    • @pulumi/kubernetes package helps us to deploy Helm charts to a Kubernetes cluster with kubernetes.helm.v3.Chart class.

    Here's the program:

    import * as eks from "@pulumi/eks"; import * as k8s from "@pulumi/kubernetes"; import * as aws from "@pulumi/aws"; // Create an EKS cluster. const cluster = new eks.Cluster("my-cluster", { desiredCapacity: 2, // Number of worker nodes minSize: 1, // Minimum number of worker nodes maxSize: 3, // Maximum number of worker nodes storageClasses: "gp2", // The storage class to use, can change based on need deployDashboard: false, // Disable the Kubernetes dashboard (it's a potential security risk) }); // Export the cluster's kubeconfig. export const kubeconfig = cluster.kubeconfig; // Create a k8s provider to deploy Helm charts to the EKS cluster with the generated kubeconfig. const provider = new k8s.Provider("k8s-provider", { kubeconfig: kubeconfig, }); // Deploy the Harbor Operator Helm chart on the EKS cluster. const harborOperatorChart = new k8s.helm.v3.Chart("harbor-operator-chart", { chart: "harbor-operator", version: "1.4.0", // Use the correct chart version namespace: "harbor-system", // Specify the namespace where Harbor will be installed fetchOpts: { repo: "https://helm.goharbor.io", }, }, { provider }); // Important: If you're running this code, make sure to replace `version` with the latest version of the Harbor Operator. // Exports // Export the cluster name and kubeconfig to interact with the EKS cluster with kubectl. // Export Harbor services (usually includes an URL) so that you can access Harbor UI. export const clusterName = cluster.eksCluster.name; export const harborUrl = harborOperatorChart.getResourceProperty("v1/Service", "harbor-system/harbor", "status").apply(status => status.loadBalancer.ingress[0].hostname);


    • We begin by importing the necessary Pulumi packages to manage AWS resources and Kubernetes resources.

    • We instantiate an EKS cluster via eks.Cluster, setting desired, minimum, and maximum sizes for the cluster's worker nodes.

    • We export the generated kubeconfig which contains the necessary configuration for kubectl to connect to the Kubernetes cluster.

    • We then create a Kubernetes provider using the previous kubeconfig. The provider is necessary to interact with the Kubernetes API of the created EKS cluster.

    • We deploy the Harbor Operator to our EKS cluster by using the kubernetes.helm.v3.Chart class, which is a representation of a Helm chart in Pulumi. Here we specify the name of the chart, the version, the namespace that it should be deployed to, and the Helm repository where the chart is hosted.

    • fetchOpts specifies where to fetch the Harbor chart from, and in this case, we use the official Harbor Helm repository.

    • Finally, we export the cluster name and Harbor URL. The Harbor URL can be used to access the Harbor UI, assuming the Harbor services have been exposed externally. If they haven't been exposed, or are exposed using a method that doesn't create an internet-facing endpoint (like Internal Load Balancers or Ingress Controllers using private IPs), the URL might not be accessible directly. Adjustments may be necessary based on your specific requirements for service exposure.

    This program is designed to be run in an environment where Pulumi is already set up and the AWS credentials are configured. Once you apply this program with Pulumi (pulumi up), it provisions the resources and outputs the cluster name and Harbor URL.

    Remember to check the official documentation for Pulumi's EKS package and the Kubernetes package for Helm charts for a detailed understanding of the resources used and their properties.