Deploy the vault-dev helm chart on AWS EKS
TypeScriptTo deploy the
vault-dev
Helm chart on an AWS EKS cluster using Pulumi, you need to perform the following high-level steps:- Create an EKS cluster.
- Deploy the
vault-dev
Helm chart to the cluster.
For this task, we'll utilize the following Pulumi resources:
eks.Cluster
: This is a high-level component that wraps the AWS EKS resources and provides defaults for ease of use. It stands up the entire infrastructure necessary to run an EKS Kubernetes cluster.kubernetes.helm.v3.Chart
: This resource deploys a Helm chart to a Kubernetes cluster.
Below is a detailed explanation and a TypeScript program using Pulumi to accomplish the deployment:
Creating the EKS Cluster
We start by importing the necessary packages and creating an EKS cluster. The
eks.Cluster
component encapsulates the complexity of setting up an EKS cluster. It creates the cluster, the node group, and the associated resources like IAM roles and security groups. You could customize the cluster with additional properties if needed (not shown here for brevity).Deploying the Helm Chart
After the cluster is provisioned, we deploy the
vault-dev
Helm chart using theChart
resource from the@pulumi/kubernetes
package. We need to specify the chart name, and optionally, you can provide the repository URL if it's not a chart from the stable repository. Thevalues
field is used to add overrides to the default chart values.Please ensure that you have the Pulumi CLI installed and configured with the appropriate AWS credentials before running the Pulumi program.
Here is the Pulumi TypeScript program that performs the deployment:
import * as pulumi from "@pulumi/pulumi"; import * as awsx from "@pulumi/awsx"; import * as eks from "@pulumi/eks"; import * as k8s from "@pulumi/kubernetes"; // Create an EKS cluster with the default configuration. const cluster = new eks.Cluster("vault-cluster"); // Deploy the vault-dev Helm chart to the EKS cluster. const vaultChart = new k8s.helm.v3.Chart("vault-dev", { chart: "vault", // Replace with the correct Helm repo URL if the chart is not in the default Helm repository // repo: "https://helm.releases.hashicorp.com", version: "0.13.0", // Specify the chart version you want to deploy values: { // Chart values to override // For example, to run Vault in dev mode (not recommended for production): server: { dev: { enabled: true } } }, // This defines the target Kubernetes cluster for the Helm chart. // You should inform the provider with the kubeconfig from the newly created EKS cluster. // This uses the kubeconfig provided by the 'cluster' resource directly. fetchOpts: { repo: "https://helm.releases.hashicorp.com", }, }, { provider: cluster.provider }); // Export the cluster's kubeconfig. export const kubeconfig = cluster.kubeconfig;
This program will set up an EKS cluster and deploy the
vault-dev
Helm chart onto it. The outputkubeconfig
is the configuration needed to connect to your Kubernetes cluster with tools likekubectl
and to manage your cluster resources.Remember, deploying Vault in "dev" mode as shown in this example is not recommended for production. Dev mode is a non-persistent instance of Vault with a pre-configured storage backend and an insecure configuration. It's great for learning and experimenting but should not be used for storing real secrets.
After running this program with Pulumi (
pulumi up
), you will have a running instance of HashiCorp Vault in "dev" mode on your EKS cluster.Please modify the chart values according to your actual requirements, and ensure you use the correct chart name and version for the
vault-dev
Helm chart. If the chart is hosted in a specific Helm repository, ensure to provide therepo
option with the repository URL. Theversion
field specifies the version of the chart you wish to deploy.