Deploy the harbor-operator helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the Harbor Operator Helm chart on AWS EKS using Pulumi, we will follow these steps:

1. **Set up an EKS Cluster**: We'll begin by creating an EKS cluster that serves as the Kubernetes environment for Harbor. AWS EKS is a managed Kubernetes service that simplifies the process of running Kubernetes on AWS without needing to install and operate your own Kubernetes control plane or worker nodes.

2. **Deploy the Harbor Operator**: Once the EKS cluster is up and running, we'll deploy the Harbor Operator using the Helm chart. Helm is a package manager for Kubernetes, and the Harbor Operator Helm chart contains all the Kubernetes resources needed to run a Harbor instance.

3. **Expose Harbor services (optional)**: If Harbor services need to be exposed externally, AWS load balancers or ingress controllers are used.

Below you'll find a Pulumi TypeScript program that sets up an Amazon EKS cluster and deploys the Harbor Operator Helm chart. We're using the `@pulumi/eks` and `@pulumi/kubernetes` packages, which simplify the process:

- `@pulumi/eks` package helps us to create and manage an EKS cluster with `eks.Cluster` class.
- `@pulumi/kubernetes` package helps us to deploy Helm charts to a Kubernetes cluster with `kubernetes.helm.v3.Chart` class.

Here's the program:

```typescript
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";
import * as aws from "@pulumi/aws";

// Create an EKS cluster.
const cluster = new eks.Cluster("my-cluster", {
    desiredCapacity: 2,      // Number of worker nodes
    minSize: 1,              // Minimum number of worker nodes
    maxSize: 3,              // Maximum number of worker nodes
    storageClasses: "gp2",   // The storage class to use, can change based on need
    deployDashboard: false,  // Disable the Kubernetes dashboard (it's a potential security risk)
});

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;

// Create a k8s provider to deploy Helm charts to the EKS cluster with the generated kubeconfig.
const provider = new k8s.Provider("k8s-provider", {
    kubeconfig: kubeconfig,
});

// Deploy the Harbor Operator Helm chart on the EKS cluster.
const harborOperatorChart = new k8s.helm.v3.Chart("harbor-operator-chart", {
    chart: "harbor-operator",
    version: "1.4.0", // Use the correct chart version
    namespace: "harbor-system", // Specify the namespace where Harbor will be installed
    fetchOpts: {
        repo: "https://helm.goharbor.io",
    },
}, { provider });

// Important: If you're running this code, make sure to replace `version` with the latest version of the Harbor Operator.

// Exports
// Export the cluster name and kubeconfig to interact with the EKS cluster with kubectl.
// Export Harbor services (usually includes an URL) so that you can access Harbor UI.
export const clusterName = cluster.eksCluster.name;
export const harborUrl = harborOperatorChart.getResourceProperty("v1/Service", "harbor-system/harbor", "status").apply(status => status.loadBalancer.ingress[0].hostname);

```

### Explanation:
- We begin by importing the necessary Pulumi packages to manage AWS resources and Kubernetes resources.

- We instantiate an EKS cluster via `eks.Cluster`, setting desired, minimum, and maximum sizes for the cluster's worker nodes.

- We export the generated `kubeconfig` which contains the necessary configuration for kubectl to connect to the Kubernetes cluster.

- We then create a Kubernetes provider using the previous `kubeconfig`. The provider is necessary to interact with the Kubernetes API of the created EKS cluster.

- We deploy the Harbor Operator to our EKS cluster by using the `kubernetes.helm.v3.Chart` class, which is a representation of a Helm chart in Pulumi. Here we specify the name of the chart, the version, the namespace that it should be deployed to, and the Helm repository where the chart is hosted.

- `fetchOpts` specifies where to fetch the Harbor chart from, and in this case, we use the official Harbor Helm repository.

- Finally, we export the cluster name and Harbor URL. The Harbor URL can be used to access the Harbor UI, assuming the Harbor services have been exposed externally. If they haven't been exposed, or are exposed using a method that doesn't create an internet-facing endpoint (like Internal Load Balancers or Ingress Controllers using private IPs), the URL might not be accessible directly. Adjustments may be necessary based on your specific requirements for service exposure.

This program is designed to be run in an environment where Pulumi is already set up and the AWS credentials are configured. Once you apply this program with Pulumi (`pulumi up`), it provisions the resources and outputs the cluster name and Harbor URL.

Remember to check the [official documentation for Pulumi's EKS package](https://www.pulumi.com/docs/reference/pkg/eks/cluster/) and the [Kubernetes package for Helm charts](https://www.pulumi.com/docs/reference/pkg/kubernetes/helm/v3/chart/) for a detailed understanding of the resources used and their properties.