Deploy the rh-sso helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the Red Hat Single Sign-On (RH-SSO), which is based on Keycloak, on an Amazon Elastic Kubernetes Service (EKS) cluster using Pulumi and Helm, you would first need to set up an EKS cluster unless you already have one. Once your cluster is established, you would use the Pulumi Kubernetes provider to deploy a Helm chart.

Here, I'm going to walk you through the process, explaining each step involved:

1. **Setting up the EKS Cluster**: We will create a new EKS cluster using Pulumi's `eks` module, which is a high-level AWS module that simplifies EKS cluster provisioning.
2. **Deploying the RH-SSO Helm Chart**: Once our EKS cluster is ready, we will deploy the Helm chart for RH-SSO using Pulumi's Kubernetes provider (`kubernetes.helm.v3.Chart`).

Below is a Pulumi program written in TypeScript that creates an EKS cluster and deploys the RH-SSO Helm chart:

```typescript
import * as pulumi from "@pulumi/pulumi";
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

// Step 1: Creating an EKS cluster
const cluster = new eks.Cluster("my-cluster", {
    desiredCapacity: 2,
    minSize: 1,
    maxSize: 2,
    // Specify additional cluster settings here as needed
});

// Export the kubeconfig for the EKS cluster
export const kubeconfig = cluster.kubeconfig;

// Step 2: Deploying RH-SSO Helm chart
// Initialize a Kubernetes provider instance with the kubeconfig from the newly created EKS cluster
const k8sProvider = new k8s.Provider("k8s-provider", {
    kubeconfig: cluster.kubeconfig.apply(JSON.stringify),
});

// Define the Helm chart for RH-SSO. Note that the chart may reside in a different Helm repository,
// so you would need to reference the correct repository URL and chart name
const rhSsoChart = new k8s.helm.v3.Chart("rh-sso", {
    chart: "rh-sso",
    version: "x.y.z", // replace with the desired chart version
    fetchOpts: { 
        repo: "https://helm-repo-url/", // replace with the Helm repository URL hosting the RH-SSO chart
    },
    // Specify the necessary values for the Helm chart, such as custom configurations
    values: {
        // For example, to replicate the common Helm install command options,
        // you would include them here as key-value pairs
    },
}, { provider: k8sProvider });

// Optional: Export the Helm release status
export const rhSsoStatus = rhSsoChart.status;
```

### Explanation

1. We import the required Pulumi packages, including AWS EKS and Kubernetes.
2. We create a new EKS cluster named "my-cluster" with a specified minimum, desired, and maximum number of nodes. You can modify these values as needed.
3. We export the kubeconfig from the cluster, which will allow us to interact with the cluster using `kubectl` or any other Kubernetes tooling that requires a kubeconfig file.
4. A new Kubernetes provider is instantiated, which uses the kubeconfig of the EKS cluster we created. This provider will be used to interact with Kubernetes resources.
5. We deploy the RH-SSO Helm chart. Replace `"rh-sso"` with the actual name of the chart, and set the `version` to the chart version you wish to deploy. The `fetchOpts.repo` must be the URL of the Helm chart repository where the RH-SSO Helm chart is located.
6. In the `values` field, you can specify the configuration for your RH-SSO deployment. This would include any customizations you want to apply to the default chart configuration.

Finally, the `rhSsoStatus` export can be used to get output about the Helm chart deployment status, which could be useful for CI/CD systems or just for manual monitoring of the deployment status.

Remember to replace placeholder values with actual information relevant to your use case. For the Helm chart part, you will need to make sure that the specified Helm chart and version exist in the repo you are pointing to. If the chart requires it, you may also need to add authentication details for the provider to fetch the chart.