Deploy the neuvector-core helm chart on AWS EKS

Question

Pulumi · Accepted Answer

To deploy the NeuVector core Helm chart on AWS EKS using Pulumi, you'll go through several steps. First, you’ll need to create an EKS cluster if you don't already have one. Then you will use a Helm chart to deploy NeuVector onto that cluster.

Below, I'm providing you with a Pulumi TypeScript program that sets up an EKS cluster and deploys the NeuVector core Helm chart to it.

### Prerequisites:

- You need an AWS account and your AWS credentials configured for use with Pulumi.
- `@pulumi/eks`, `@pulumi/kubernetes`, and `@pulumi/aws` packages need to be installed in your Pulumi project.
- Helm and kubectl should be installed on your machine.

### Step-by-Step Program:

1. **Setting up an EKS Cluster**: We will use the `eks.Cluster` resource from the `@pulumi/eks` package to create a managed Kubernetes cluster. This abstracts away a lot of the complexity in setting up an EKS cluster.

2. **Deploying Helm Chart**: Once the cluster is up and running, `kubernetes.helm.v3.Chart` from the `@pulumi/kubernetes` package is used to deploy the NeuVector core Helm chart. This resource allows you to treat Helm charts as Pulumi resources.

Here’s the detailed Pulumi TypeScript program:

```typescript
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";

// Create an EKS cluster.
const cluster = new eks.Cluster("my-cluster", {
    desiredCapacity: 2, // define the desired number of cluster nodes
    minSize: 1,
    maxSize: 3,
    instanceType: "t2.medium", // define the instance type for the nodes
});

// Export the cluster's kubeconfig.
export const kubeconfig = cluster.kubeconfig;

// Use the created EKS cluster's kubeconfig to deploy NeuVector core Helm Chart.
const neuvector = new k8s.helm.v3.Chart("neuvector-core", {
    chart: "neuvector-core",
    version: "1.8.1", // specify the chart version, change to the desired one
    fetchOpts: {
        repo: "https://helm.neuvector.com/repository/neuvector", // NeuVector Helm repo
    },
}, { provider: cluster.provider });

// Optionally, you might want to output some of the Helm chart deployment details.
// For example, if the NeuVector service is of type LoadBalancer, you might
// want to export the LoadBalancer hostname.
```

### Explanation:

- **`eks.Cluster`:** This resource creates an EKS cluster configured with the specified number of nodes, node size, and scaling options.
- **`kubeconfig`:** This export statement allows you to retrieve the kubeconfig of your EKS cluster, which you can use with kubectl to interact with your cluster.
- **`k8s.helm.v3.Chart`:** This resource is responsible for deploying the NeuVector core Helm chart to your EKS cluster. You specify the chart name, version, and repository URL.
- **`.provider`:** This property is set to ensure the Helm chart is installed on the right cluster provided by `eks.Cluster`.

After running this program with Pulumi, you will have an AWS EKS cluster with the NeuVector core Helm chart deployed. You can further configure your deployment by specifying different properties within the Helm chart, such as the namespace to deploy into or specific values to override chart defaults.

To apply and run this configuration:

1. Initialize a new Pulumi project and install necessary dependencies with npm or yarn.
2. Copy the provided code into your `index.ts` file in the Pulumi project.
3. Run `pulumi up` to execute the Pulumi program.

Make sure you have logged in to your AWS account using the AWS CLI and have configured access to your Kubernetes cluster so that `kubectl` and Helm commands can interact with it.